{"id": "RHSA-2015:0325", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2015:0325) Low: httpd security, bug fix, and enhancement update", "description": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and\nextensible web server.\n\nA flaw was found in the way httpd handled HTTP Trailer headers when processing\nrequests using chunked encoding. A malicious client could use Trailer headers to\nset additional HTTP headers after header processing was performed by other\nmodules. This could, for example, lead to a bypass of header restrictions\ndefined with mod_headers. (CVE-2013-5704)\n\nA NULL pointer dereference flaw was found in the way the mod_cache httpd module\nhandled Content-Type headers. A malicious HTTP server could cause the httpd\nchild process to crash when the Apache HTTP server was configured to proxy to a\nserver with caching enabled. (CVE-2014-3581)\n\nThis update also fixes the following bugs:\n\n* Previously, the mod_proxy_fcgi Apache module always kept the back-end\nconnections open even when they should have been closed. As a consequence, the\nnumber of open file descriptors was increasing over the time. With this update,\nmod_proxy_fcgi has been fixed to check the state of the back-end connections,\nand it closes the idle back-end connections as expected. (BZ#1168050)\n\n* An integer overflow occurred in the ab utility when a large request count was\nused. Consequently, ab terminated unexpectedly with a segmentation fault while\nprinting statistics after the benchmark. This bug has been fixed, and ab no\nlonger crashes in this scenario. (BZ#1092420)\n\n* Previously, when httpd was running in the foreground and the user pressed\nCtrl+C to interrupt the httpd processes, a race condition in signal handling\noccurred. The SIGINT signal was sent to all children followed by SIGTERM from\nthe main process, which interrupted the SIGINT handler. Consequently, the\naffected processes became unresponsive or terminated unexpectedly. With this\nupdate, the SIGINT signals in the child processes are ignored, and httpd no\nlonger hangs or crashes in this scenario. (BZ#1131006)\n\nIn addition, this update adds the following enhancements:\n\n* With this update, the mod_proxy module of the Apache HTTP Server supports the\nUnix Domain Sockets (UDS). This allows mod_proxy back ends to listen on UDS\nsockets instead of TCP sockets, and as a result, mod_proxy can be used to\nconnect UDS back ends. (BZ#1168081)\n\n* This update adds support for using the SetHandler directive together with the\nmod_proxy module. As a result, it is possible to configure SetHandler to use\nproxy for incoming requests, for example, in the following format: SetHandler\n\"proxy:fcgi://127.0.0.1:9000\". (BZ#1136290)\n\n* The htaccess API changes introduced in httpd 2.4.7 have been backported to\nhttpd shipped with Red Hat Enterprise Linux 7.1. These changes allow for the\nMPM-ITK module to be compiled as an httpd module. (BZ#1059143)\n\nAll httpd users are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues and add these enhancements. After\ninstalling the updated packages, the httpd daemon will be restarted\nautomatically.\n", "published": "2015-03-05T05:00:00", "modified": "2018-04-12T03:32:46", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "href": "https://access.redhat.com/errata/RHSA-2015:0325", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2013-5704", "CVE-2014-3581"], "lastseen": "2019-08-13T18:46:44", "viewCount": 30, "enchantments": {"score": {"value": 5.6, "vector": "NONE", "modified": "2019-08-13T18:46:44", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-3581", "CVE-2013-5704"]}, {"type": "f5", "idList": ["F5:K16863", "SOL16847", "SOL16863", "F5:K16847"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310120083", "OPENVAS:1361412562310123063", "OPENVAS:1361412562310869406", "OPENVAS:1361412562310871326", "OPENVAS:1361412562310842123", "OPENVAS:1361412562310869049", "OPENVAS:1361412562310122868", "OPENVAS:1361412562310123169", "OPENVAS:1361412562310120323", "OPENVAS:1361412562310869097"]}, {"type": "centos", "idList": ["CESA-2015:1249", "CESA-2015:0325"]}, {"type": "redhat", "idList": ["RHSA-2015:2659", "RHSA-2016:0061", "RHSA-2015:2660", "RHSA-2014:1972", "RHSA-2015:1249", "RHSA-2016:0062"]}, {"type": "debian", "idList": ["DEBIAN:DLA-71-1:FFC5F"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-1249", "ELSA-2014-1972", "ELSA-2015-0325"]}, {"type": "nessus", "idList": ["ALA_ALAS-2015-483.NASL", "SL_20150305_HTTPD_ON_SL7_X.NASL", "CENTOS_RHSA-2015-0325.NASL", "REDHAT-RHSA-2015-0325.NASL", "FEDORA_2014-17153.NASL", "APACHE_2_4_12.NASL", "SUSE_11_APACHE2-150325.NASL", "ORACLELINUX_ELSA-2015-0325.NASL", "FEDORA_2014-17195.NASL", "DEBIAN_DLA-71.NASL"]}, {"type": "amazon", "idList": ["ALAS-2014-414", "ALAS-2015-483"]}, {"type": "slackware", "idList": ["SSA-2015-111-03"]}, {"type": "fedora", "idList": ["FEDORA:30CE76087A4B", "FEDORA:A5B39608798D"]}, {"type": "freebsd", "idList": ["F927E06C-1109-11E4-B090-20CF30E32F6D", "5804B9D4-A959-11E4-9363-20CF30E32F6D"]}, {"type": "ubuntu", "idList": ["USN-2523-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14601", "SECURITYVULNS:DOC:32390", "SECURITYVULNS:VULN:14233", "SECURITYVULNS:VULN:14630", "SECURITYVULNS:DOC:31890", "SECURITYVULNS:DOC:31783", "SECURITYVULNS:VULN:14366", "SECURITYVULNS:VULN:14306"]}, {"type": "httpd", "idList": ["HTTPD:F2A87ED4391D8B489A9CEE6E7FF7265B", "HTTPD:62C816876F31B66A0ABB9350EAB1B165", "HTTPD:A524D631D92D34A98F278942749ECB13", "HTTPD:E1CF90532AA2021DA820BEF49250B460", "HTTPD:6573AA423444D48814198437D67A124C"]}, {"type": "seebug", "idList": ["SSV:62058"]}, {"type": "gentoo", "idList": ["GLSA-201504-03", "GLSA-201610-02"]}, {"type": "hackerone", "idList": ["H1:166871"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2016", "ORACLE:CPUJAN2016-2367955"]}], "modified": "2019-08-13T18:46:44", "rev": 2}, "vulnersScore": 5.6}, "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "httpd-manual", "packageVersion": "2.4.6-31.el7", "packageFilename": "httpd-manual-2.4.6-31.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "httpd", "packageVersion": "2.4.6-31.el7", "packageFilename": "httpd-2.4.6-31.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "httpd-debuginfo", "packageVersion": "2.4.6-31.el7", "packageFilename": "httpd-debuginfo-2.4.6-31.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageName": "mod_proxy_html", "packageVersion": "2.4.6-31.el7", "packageFilename": "mod_proxy_html-2.4.6-31.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "mod_ssl", "packageVersion": "2.4.6-31.el7", "packageFilename": "mod_ssl-2.4.6-31.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageName": "mod_ldap", "packageVersion": "2.4.6-31.el7", "packageFilename": "mod_ldap-2.4.6-31.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageName": "httpd-devel", "packageVersion": "2.4.6-31.el7", "packageFilename": "httpd-devel-2.4.6-31.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageName": "httpd-tools", "packageVersion": "2.4.6-31.el7", "packageFilename": "httpd-tools-2.4.6-31.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageName": "mod_ssl", "packageVersion": "2.4.6-31.el7", "packageFilename": "mod_ssl-2.4.6-31.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageName": "httpd-debuginfo", "packageVersion": "2.4.6-31.el7", "packageFilename": "httpd-debuginfo-2.4.6-31.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageName": "httpd-debuginfo", "packageVersion": "2.4.6-31.el7", "packageFilename": "httpd-debuginfo-2.4.6-31.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageName": "mod_session", "packageVersion": "2.4.6-31.el7", "packageFilename": "mod_session-2.4.6-31.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "mod_proxy_html", "packageVersion": "2.4.6-31.el7", "packageFilename": "mod_proxy_html-2.4.6-31.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageName": "httpd", "packageVersion": "2.4.6-31.el7", "packageFilename": "httpd-2.4.6-31.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageName": "mod_session", "packageVersion": "2.4.6-31.el7", "packageFilename": "mod_session-2.4.6-31.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageName": "httpd-tools", "packageVersion": "2.4.6-31.el7", "packageFilename": "httpd-tools-2.4.6-31.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageName": "httpd", "packageVersion": "2.4.6-31.el7", "packageFilename": "httpd-2.4.6-31.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "mod_ldap", "packageVersion": "2.4.6-31.el7", "packageFilename": "mod_ldap-2.4.6-31.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "mod_session", "packageVersion": "2.4.6-31.el7", "packageFilename": "mod_session-2.4.6-31.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageName": "mod_ssl", "packageVersion": "2.4.6-31.el7", "packageFilename": "mod_ssl-2.4.6-31.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageName": "mod_ldap", "packageVersion": "2.4.6-31.el7", "packageFilename": "mod_ldap-2.4.6-31.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageName": "httpd-devel", "packageVersion": "2.4.6-31.el7", "packageFilename": "httpd-devel-2.4.6-31.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "httpd", "packageVersion": "2.4.6-31.el7", "packageFilename": "httpd-2.4.6-31.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "httpd-tools", "packageVersion": "2.4.6-31.el7", "packageFilename": "httpd-tools-2.4.6-31.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageName": "mod_proxy_html", "packageVersion": "2.4.6-31.el7", "packageFilename": "mod_proxy_html-2.4.6-31.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "httpd-devel", "packageVersion": "2.4.6-31.el7", "packageFilename": "httpd-devel-2.4.6-31.el7.x86_64.rpm", "operator": "lt"}]}

{"cve": [{"lastseen": "2021-02-02T06:06:58", "description": "The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass \"RequestHeader unset\" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states \"this is not a security issue in httpd as such.\"", "edition": 6, "cvss3": {}, "published": "2014-04-15T10:55:00", "title": "CVE-2013-5704", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5704"], "modified": "2017-01-07T02:59:00", "cpe": ["cpe:/a:apache:http_server:2.2.22"], "id": "CVE-2013-5704", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5704", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:apache:http_server:2.2.22:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:29", "description": "The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.", "edition": 8, "cvss3": {}, "published": "2014-10-10T10:55:00", "title": "CVE-2014-3581", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3581"], "modified": "2017-08-29T01:34:00", "cpe": ["cpe:/a:apache:apache_http_server:2.4.0", "cpe:/a:apache:apache_http_server:2.4.2", "cpe:/a:apache:apache_http_server:2.4.10", "cpe:/a:apache:apache_http_server:2.4.8", "cpe:/a:apache:apache_http_server:2.4.5", "cpe:/a:apache:apache_http_server:2.4.9", "cpe:/a:apache:apache_http_server:2.4.6", "cpe:/a:apache:apache_http_server:2.4.4", "cpe:/a:apache:apache_http_server:2.4.7", "cpe:/a:apache:apache_http_server:2.4.1", "cpe:/a:apache:apache_http_server:2.4.3"], "id": "CVE-2014-3581", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3581", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:apache:apache_http_server:2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apache_http_server:2.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apache_http_server:2.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apache_http_server:2.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apache_http_server:2.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apache_http_server:2.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apache_http_server:2.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apache_http_server:2.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apache_http_server:2.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apache_http_server:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apache_http_server:2.4.10:*:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2019-03-12T18:18:16", "bulletinFamily": "software", "cvelist": ["CVE-2013-5704"], "description": "\nF5 Product Development has assigned ID 519943 (BIG-IP), ID 521050 (BIG-IQ), and ID 521051 (Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low| Configuration utility \nBIG-IP AAM| 12.0.0 \n11.4.0 - 11.6.1| 12.1.0| Low| Configuration utility \nBIG-IP AFM| 12.0.0 \n11.3.0 - 11.6.1| 12.1.0| Low| Configuration utility \nBIG-IP Analytics| 12.0.0 \n11.0.0 - 11.6.1| 12.1.0| Low| Configuration utility \nBIG-IP APM| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low| Configuration utility \nBIG-IP ASM| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low| Configuration utility \nBIG-IP DNS| 12.0.0| 12.1.0| Low| Configuration utility \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| Configuration utility \nBIG-IP GTM| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| None| Low| Configuration utility \nBIG-IP Link Controller| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low| Configuration utility \nBIG-IP PEM| 12.0.0 \n11.3.0 - 11.6.1| 12.1.0| Low| Configuration utility \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| Low| Configuration utility \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| Configuration utility \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| Configuration utility \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.0.0 - 3.1.1| None| Low| Configuration utility \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Low| Configuration utility \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Low| Configuration utility \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Low| Configuration utility \nBIG-IQ ADC| 4.5.0| None| Low| Configuration utility \nLineRate| None| 2.5.0 - 2.6.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the** Severity **value. Security Advisory articles published before this date do not list a **Severity** value.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nTo mitigate this vulnerability for BIG-IP and Enterprise Manager, you should only permit management access to F5 products over a secure network and limit shell access to trusted users. For more information, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "edition": 1, "modified": "2017-04-06T16:51:00", "published": "2015-07-07T21:58:00", "id": "F5:K16863", "href": "https://support.f5.com/csp/article/K16863", "title": "Apache vulnerability CVE-2013-5704", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-26T17:23:00", "bulletinFamily": "software", "cvelist": ["CVE-2013-5704"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability for BIG-IP and Enterprise Manager, you should only permit management access to F5 products over a secure network and limit shell access to trusted users. For more information, refer to SOL13309: Restricting access to the Configuration utility by source IP address (11.x) and SOL13092: Overview of securing access to the BIG-IP system.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2016-05-28T00:00:00", "published": "2015-07-07T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/800/sol16863.html", "id": "SOL16863", "type": "f5", "title": "SOL16863 - Apache vulnerability CVE-2013-5704", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-10-12T02:11:18", "bulletinFamily": "software", "cvelist": ["CVE-2014-3583", "CVE-2014-3581", "CVE-2014-8109"], "edition": 1, "description": "Description \n\n\n * [CVE-2014-8109](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8109>) \n \nmod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory. \n \n\n * [CVE-2014-3581](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3581>) \n \nThe cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header. \n \n\n * [CVE-2014-3583](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3583>) \n \nThe handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers. \n\n\nImpact \n\n\nThere is no impact; F5 products are not affected by these vulnerabilities.\n\nStatus\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | None \n| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP AAM | None | 11.4.0 - 11.6.0 | Not vulnerable | None \nBIG-IP AFM | None | 11.3.0 - 11.6.0 | Not vulnerable | None \nBIG-IP Analytics | None | 11.0.0 - 11.6.0 | Not vulnerable | None \nBIG-IP APM | None | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP ASM | None | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP Edge Gateway \n| None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP GTM | None | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP Link Controller | None | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP PEM | None | 11.3.0 - 11.6.0 | Not vulnerable | None \nBIG-IP PSM | None | 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP WebAccelerator | None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP WOM | None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | Not vulnerable | None \nARX | None \n| 6.0.0 - 6.4.0 \n| Not vulnerable | None \n \nEnterprise Manager | None \n| 3.0.0 - 3.1.1 | Not vulnerable | None \nFirePass | None \n| 7.0.0 \n6.0.0 - 6.1.0 \n| Not vulnerable | None \n \nBIG-IQ Cloud | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.2.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nLineRate | None \n| 2.5.0 - 2.6.0 \n| Not vulnerable | None \n \nF5 WebSafe | None \n| 1.0.0 \n| Not vulnerable | None \n \nTraffix SDC | None \n| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 \n| Not vulnerable | None \n \n \nRecommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nSupplemental Information\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x)](<https://support.f5.com/csp/article/K13123>)\n", "modified": "2016-01-09T02:23:00", "published": "2015-07-03T00:14:00", "id": "F5:K16847", "href": "https://support.f5.com/csp/article/K16847", "title": "Apache vulnerabilities CVE-2014-8109, CVE-2014-3581, CVE-2014-3583", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:30", "bulletinFamily": "software", "cvelist": ["CVE-2014-3583", "CVE-2014-3581", "CVE-2014-8109"], "edition": 1, "description": "Recommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x)\n", "modified": "2015-07-02T00:00:00", "published": "2015-07-02T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/800/sol16847.html", "id": "SOL16847", "title": "SOL16847 - Apache vulnerabilities CVE-2014-8109, CVE-2014-3581, CVE-2014-3583", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2019-05-29T18:35:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5704", "CVE-2014-3581"], "description": "Oracle Linux Local Security Checks ELSA-2014-1972", "modified": "2019-03-14T00:00:00", "published": "2016-02-05T00:00:00", "id": "OPENVAS:1361412562310122868", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122868", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-1972", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-1972.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122868\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-02-05 14:01:37 +0200 (Fri, 05 Feb 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-1972\");\n script_tag(name:\"insight\", value:\"ELSA-2014-1972 - httpd24-httpd security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-1972\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-1972.html\");\n script_cve_id(\"CVE-2013-5704\", \"CVE-2014-3581\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"httpd24-httpd\", rpm:\"httpd24-httpd~2.4.6~22.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd24-httpd-devel\", rpm:\"httpd24-httpd-devel~2.4.6~22.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd24-httpd-manual\", rpm:\"httpd24-httpd-manual~2.4.6~22.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd24-httpd-tools\", rpm:\"httpd24-httpd-tools~2.4.6~22.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd24-mod_ldap\", rpm:\"httpd24-mod_ldap~2.4.6~22.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd24-mod_proxy_html\", rpm:\"httpd24-mod_proxy_html~2.4.6~22.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd24-mod_session\", rpm:\"httpd24-mod_session~2.4.6~22.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd24-mod_ssl\", rpm:\"httpd24-mod_ssl~2.4.6~22.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:36:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5704", "CVE-2014-3581"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-03-06T00:00:00", "id": "OPENVAS:1361412562310871326", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871326", "type": "openvas", "title": "RedHat Update for httpd RHSA-2015:0325-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for httpd RHSA-2015:0325-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871326\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-06 06:50:03 +0100 (Fri, 06 Mar 2015)\");\n script_cve_id(\"CVE-2013-5704\", \"CVE-2014-3581\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for httpd RHSA-2015:0325-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The httpd packages provide the Apache HTTP Server, a powerful, efficient,\nand extensible web server.\n\nA flaw was found in the way httpd handled HTTP Trailer headers when\nprocessing requests using chunked encoding. A malicious client could use\nTrailer headers to set additional HTTP headers after header processing was\nperformed by other modules. This could, for example, lead to a bypass of\nheader restrictions defined with mod_headers. (CVE-2013-5704)\n\nA NULL pointer dereference flaw was found in the way the mod_cache httpd\nmodule handled Content-Type headers. A malicious HTTP server could cause\nthe httpd child process to crash when the Apache HTTP server was configured\nto proxy to a server with caching enabled. (CVE-2014-3581)\n\nThis update also fixes the following bugs:\n\n * Previously, the mod_proxy_fcgi Apache module always kept the back-end\nconnections open even when they should have been closed. As a consequence,\nthe number of open file descriptors was increasing over the time. With this\nupdate, mod_proxy_fcgi has been fixed to check the state of the back-end\nconnections, and it closes the idle back-end connections as expected.\n(BZ#1168050)\n\n * An integer overflow occurred in the ab utility when a large request count\nwas used. Consequently, ab terminated unexpectedly with a segmentation\nfault while printing statistics after the benchmark. This bug has been\nfixed, and ab no longer crashes in this scenario. (BZ#1092420)\n\n * Previously, when httpd was running in the foreground and the user pressed\nCtrl+C to interrupt the httpd processes, a race condition in signal\nhandling occurred. The SIGINT signal was sent to all children followed by\nSIGTERM from the main process, which interrupted the SIGINT handler.\nConsequently, the affected processes became unresponsive or terminated\nunexpectedly. With this update, the SIGINT signals in the child processes\nare ignored, and httpd no longer hangs or crashes in this scenario.\n(BZ#1131006)\n\nIn addition, this update adds the following enhancements:\n\n * With this update, the mod_proxy module of the Apache HTTP Server supports\nthe Unix Domain Sockets (UDS). This allows mod_proxy back ends to listen on\nUDS sockets instead of TCP sockets, and as a result, mod_proxy can be used\nto connect UDS back ends. (BZ#1168081)\n\n * This update adds support for using the SetHandler directive together with\nthe mod_proxy module. As a result, it is possible to configure SetHandler\nto use proxy for incoming requests, for example, in the following format:\nSetHandler 'proxy:fcgi://127.0.0.1:9000'. (BZ#1136290)\n\n * The htaccess API changes introduced in httpd 2.4.7 ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"httpd on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:0325-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-March/msg00022.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.4.6~31.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.4.6~31.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-debuginfo\", rpm:\"httpd-debuginfo~2.4.6~31.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.4.6~31.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.4.6~31.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.4.6~31.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:36:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5704", "CVE-2014-3581"], "description": "Oracle Linux Local Security Checks ELSA-2015-0325", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123169", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123169", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-0325", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-0325.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123169\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:00:15 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-0325\");\n script_tag(name:\"insight\", value:\"ELSA-2015-0325 - httpd security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-0325\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-0325.html\");\n script_cve_id(\"CVE-2013-5704\", \"CVE-2014-3581\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.4.6~31.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.4.6~31.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.4.6~31.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.4.6~31.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mod_ldap\", rpm:\"mod_ldap~2.4.6~31.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mod_proxy_html\", rpm:\"mod_proxy_html~2.4.6~31.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mod_session\", rpm:\"mod_session~2.4.6~31.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.4.6~31.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:36:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3583", "CVE-2013-5704", "CVE-2014-3581", "CVE-2014-8109"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-03-16T00:00:00", "id": "OPENVAS:1361412562310869097", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869097", "type": "openvas", "title": "Fedora Update for httpd FEDORA-2014-17195", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for httpd FEDORA-2014-17195\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869097\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-16 06:42:19 +0100 (Mon, 16 Mar 2015)\");\n script_cve_id(\"CVE-2013-5704\", \"CVE-2014-3581\", \"CVE-2014-3583\", \"CVE-2014-8109\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for httpd FEDORA-2014-17195\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"httpd on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2014-17195\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-March/151990.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.4.10~15.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-03-17T22:59:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3583", "CVE-2013-5704", "CVE-2014-3581", "CVE-2014-8109"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120323", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120323", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-483)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120323\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:23:32 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-483)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in the Apache HTTP server. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update httpd24 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-483.html\");\n script_cve_id(\"CVE-2014-8109\", \"CVE-2013-5704\", \"CVE-2014-3581\", \"CVE-2014-3583\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"mod24_proxy_html\", rpm:\"mod24_proxy_html~2.4.10~15.58.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd24-tools\", rpm:\"httpd24-tools~2.4.10~15.58.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd24-devel\", rpm:\"httpd24-devel~2.4.10~15.58.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mod24_ssl\", rpm:\"mod24_ssl~2.4.10~15.58.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mod24_ldap\", rpm:\"mod24_ldap~2.4.10~15.58.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mod24_session\", rpm:\"mod24_session~2.4.10~15.58.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd24\", rpm:\"httpd24~2.4.10~15.58.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd24-manual\", rpm:\"httpd24-manual~2.4.10~15.58.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:36:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3583", "CVE-2013-5704", "CVE-2014-3581", "CVE-2014-8109"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-06-09T00:00:00", "id": "OPENVAS:1361412562310869406", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869406", "type": "openvas", "title": "Fedora Update for httpd FEDORA-2015-9216", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for httpd FEDORA-2015-9216\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869406\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-09 10:53:32 +0200 (Tue, 09 Jun 2015)\");\n script_cve_id(\"CVE-2013-5704\", \"CVE-2014-3581\", \"CVE-2014-3583\", \"CVE-2014-8109\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for httpd FEDORA-2015-9216\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"httpd on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-9216\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-June/159352.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.4.12~1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:36:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3583", "CVE-2013-5704", "CVE-2014-3581", "CVE-2014-8109"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-03-01T00:00:00", "id": "OPENVAS:1361412562310869049", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869049", "type": "openvas", "title": "Fedora Update for httpd FEDORA-2014-17153", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for httpd FEDORA-2014-17153\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869049\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-01 05:42:24 +0100 (Sun, 01 Mar 2015)\");\n script_cve_id(\"CVE-2013-5704\", \"CVE-2014-3581\", \"CVE-2014-3583\", \"CVE-2014-8109\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for httpd FEDORA-2014-17153\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"httpd on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2014-17153\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150530.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.4.10~2.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:37:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3583", "CVE-2013-5704", "CVE-2015-0228", "CVE-2014-3581", "CVE-2014-8109"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-03-11T00:00:00", "id": "OPENVAS:1361412562310842123", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842123", "type": "openvas", "title": "Ubuntu Update for apache2 USN-2523-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for apache2 USN-2523-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842123\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-11 06:40:48 +0100 (Wed, 11 Mar 2015)\");\n script_cve_id(\"CVE-2013-5704\", \"CVE-2014-3581\", \"CVE-2014-3583\", \"CVE-2014-8109\",\n \"CVE-2015-0228\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for apache2 USN-2523-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'apache2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Martin Holst Swende discovered that the\nmod_headers module allowed HTTP trailers to replace HTTP headers during request\nprocessing. A remote attacker could possibly use this issue to bypass\nRequestHeaders directives. (CVE-2013-5704)\n\nMark Montague discovered that the mod_cache module incorrectly handled\nempty HTTP Content-Type headers. A remote attacker could use this issue to\ncause the server to stop responding, leading to a denial of service. This\nissue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2014-3581)\n\nTeguh P. Alko discovered that the mod_proxy_fcgi module incorrectly\nhandled long response headers. A remote attacker could use this issue to\ncause the server to stop responding, leading to a denial of service. This\nissue only affected Ubuntu 14.10. (CVE-2014-3583)\n\nIt was discovered that the mod_lua module incorrectly handled different\narguments within different contexts. A remote attacker could possibly use\nthis issue to bypass intended access restrictions. This issue only affected\nUbuntu 14.10. (CVE-2014-8109)\n\nGuido Vranken discovered that the mod_lua module incorrectly handled a\nspecially crafted websocket PING in certain circumstances. A remote\nattacker could possibly use this issue to cause the server to stop\nresponding, leading to a denial of service. This issue only affected\nUbuntu 14.10. (CVE-2015-0228)\");\n script_tag(name:\"affected\", value:\"apache2 on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2523-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2523-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS|10\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"apache2.2-bin\", ver:\"2.4.10-1ubuntu1.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"apache2.2-bin\", ver:\"2.4.7-1ubuntu4.4\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"apache2.2-bin\", ver:\"2.2.22-1ubuntu1.8\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"apache2.2-bin\", ver:\"2.2.14-5ubuntu8.15\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:36:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5704"], "description": "Oracle Linux Local Security Checks ELSA-2015-1249", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123063", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123063", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-1249", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1249.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123063\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 13:58:53 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1249\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1249 - httpd security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1249\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1249.html\");\n script_cve_id(\"CVE-2013-5704\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.15~45.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.15~45.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.15~45.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.2.15~45.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.15~45.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-03-17T23:01:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5704"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120083", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120083", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2014-414)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120083\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:17:02 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2014-414)\");\n script_tag(name:\"insight\", value:\"The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass RequestHeader unset directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states this is not a security issue in httpd as such.\");\n script_tag(name:\"solution\", value:\"Run yum update httpd to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-414.html\");\n script_cve_id(\"CVE-2013-5704\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.29~1.4.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.29~1.4.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-debuginfo\", rpm:\"httpd-debuginfo~2.2.29~1.4.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.29~1.4.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.29~1.4.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "centos": [{"lastseen": "2019-12-20T18:28:43", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5704", "CVE-2014-3581"], "description": "**CentOS Errata and Security Advisory** CESA-2015:0325\n\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and\nextensible web server.\n\nA flaw was found in the way httpd handled HTTP Trailer headers when processing\nrequests using chunked encoding. A malicious client could use Trailer headers to\nset additional HTTP headers after header processing was performed by other\nmodules. This could, for example, lead to a bypass of header restrictions\ndefined with mod_headers. (CVE-2013-5704)\n\nA NULL pointer dereference flaw was found in the way the mod_cache httpd module\nhandled Content-Type headers. A malicious HTTP server could cause the httpd\nchild process to crash when the Apache HTTP server was configured to proxy to a\nserver with caching enabled. (CVE-2014-3581)\n\nThis update also fixes the following bugs:\n\n* Previously, the mod_proxy_fcgi Apache module always kept the back-end\nconnections open even when they should have been closed. As a consequence, the\nnumber of open file descriptors was increasing over the time. With this update,\nmod_proxy_fcgi has been fixed to check the state of the back-end connections,\nand it closes the idle back-end connections as expected. (BZ#1168050)\n\n* An integer overflow occurred in the ab utility when a large request count was\nused. Consequently, ab terminated unexpectedly with a segmentation fault while\nprinting statistics after the benchmark. This bug has been fixed, and ab no\nlonger crashes in this scenario. (BZ#1092420)\n\n* Previously, when httpd was running in the foreground and the user pressed\nCtrl+C to interrupt the httpd processes, a race condition in signal handling\noccurred. The SIGINT signal was sent to all children followed by SIGTERM from\nthe main process, which interrupted the SIGINT handler. Consequently, the\naffected processes became unresponsive or terminated unexpectedly. With this\nupdate, the SIGINT signals in the child processes are ignored, and httpd no\nlonger hangs or crashes in this scenario. (BZ#1131006)\n\nIn addition, this update adds the following enhancements:\n\n* With this update, the mod_proxy module of the Apache HTTP Server supports the\nUnix Domain Sockets (UDS). This allows mod_proxy back ends to listen on UDS\nsockets instead of TCP sockets, and as a result, mod_proxy can be used to\nconnect UDS back ends. (BZ#1168081)\n\n* This update adds support for using the SetHandler directive together with the\nmod_proxy module. As a result, it is possible to configure SetHandler to use\nproxy for incoming requests, for example, in the following format: SetHandler\n\"proxy:fcgi://127.0.0.1:9000\". (BZ#1136290)\n\n* The htaccess API changes introduced in httpd 2.4.7 have been backported to\nhttpd shipped with Red Hat Enterprise Linux 7.1. These changes allow for the\nMPM-ITK module to be compiled as an httpd module. (BZ#1059143)\n\nAll httpd users are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues and add these enhancements. After\ninstalling the updated packages, the httpd daemon will be restarted\nautomatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-March/007784.html\n\n**Affected packages:**\nhttpd\nhttpd-devel\nhttpd-manual\nhttpd-tools\nmod_ldap\nmod_proxy_html\nmod_session\nmod_ssl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0325.html", "edition": 3, "modified": "2015-03-17T13:28:17", "published": "2015-03-17T13:28:17", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2015-March/007784.html", "id": "CESA-2015:0325", "title": "httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-12-20T18:26:32", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5704"], "description": "**CentOS Errata and Security Advisory** CESA-2015:1249\n\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient,\nand extensible web server.\n\nA flaw was found in the way httpd handled HTTP Trailer headers when\nprocessing requests using chunked encoding. A malicious client could use\nTrailer headers to set additional HTTP headers after header processing was\nperformed by other modules. This could, for example, lead to a bypass of\nheader restrictions defined with mod_headers. (CVE-2013-5704)\n\nThis update also fixes the following bugs:\n\n* The order of mod_proxy workers was not checked when httpd configuration\nwas reloaded. When mod_proxy workers were removed, added, or their order\nwas changed, their parameters and scores could become mixed. The order of\nmod_proxy workers has been made internally consistent during configuration\nreload. (BZ#1149906)\n\n* The local host certificate created during firstboot contained CA\nextensions, which caused the httpd service to return warning messages.\nThis has been addressed by local host certificates being generated with the\n\"-extensions v3_req\" option. (BZ#906476)\n\n* The default mod_ssl configuration no longer enables support for SSL\ncipher suites using the single DES, IDEA, or SEED encryption algorithms.\n(BZ#1086771)\n\n* The apachectl script did not take into account the HTTPD_LANG variable\nset in the /etc/sysconfig/httpd file during graceful restarts.\nConsequently, httpd did not use a changed value of HTTPD_LANG when the\ndaemon was restarted gracefully. The script has been fixed to handle the\nHTTPD_LANG variable correctly. (BZ#963146)\n\n* The mod_deflate module failed to check the original file size while\nextracting files larger than 4 GB, making it impossible to extract large\nfiles. Now, mod_deflate checks the original file size properly according to\nRFC1952, and it is able to decompress files larger than 4 GB. (BZ#1057695)\n\n* The httpd service did not check configuration before restart. When a\nconfiguration contained an error, an attempt to restart httpd gracefully\nfailed. Now, httpd checks configuration before restart and if the\nconfiguration is in an inconsistent state, an error message is printed,\nhttpd is not stopped and a restart is not performed. (BZ#1146194)\n\n* The SSL_CLIENT_VERIFY environment variable was incorrectly handled when\nthe \"SSLVerifyClient optional_no_ca\" and \"SSLSessionCache\" options were\nused. When an SSL session was resumed, the SSL_CLIENT_VERIFY value was set\nto \"SUCCESS\" instead of the previously set \"GENEROUS\". SSL_CLIENT_VERIFY is\nnow correctly set to GENEROUS in this scenario. (BZ#1149703)\n\n* The ab utility did not correctly handle situations when an SSL connection\nwas closed after some data had already been read. As a consequence, ab did\nnot work correctly with SSL servers and printed \"SSL read failed\" error\nmessages. With this update, ab works as expected with HTTPS servers.\n(BZ#1045477)\n\n* When a client presented a revoked certificate, log entries were created\nonly at the debug level. The log level of messages regarding a revoked\ncertificate has been increased to INFO, and administrators are now properly\ninformed of this situation. (BZ#1161328)\n\nIn addition, this update adds the following enhancement:\n\n* A mod_proxy worker can now be set into drain mode (N) using the\nbalancer-manager web interface or using the httpd configuration file.\nA worker in drain mode accepts only existing sticky sessions destined for\nitself and ignores all other requests. The worker waits until all clients\ncurrently connected to this worker complete their work before the worker is\nstopped. As a result, drain mode enables to perform maintenance on a worker\nwithout affecting clients. (BZ#767130)\n\nUsers of httpd are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add this\nenhancement. After installing the updated packages, the httpd service will\nbe restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-July/008281.html\n\n**Affected packages:**\nhttpd\nhttpd-devel\nhttpd-manual\nhttpd-tools\nmod_ssl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1249.html", "edition": 3, "modified": "2015-07-26T14:13:10", "published": "2015-07-26T14:13:10", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2015-July/008281.html", "id": "CESA-2015:1249", "title": "httpd, mod_ssl security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "redhat": [{"lastseen": "2019-08-13T18:46:03", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5704", "CVE-2014-3581"], "description": "The httpd packages provide the Apache HTTP Server, a powerful, efficient,\nand extensible web server.\n\nA NULL pointer dereference flaw was found in the way the mod_cache httpd\nmodule handled Content-Type headers. A malicious HTTP server could cause\nthe httpd child process to crash when the Apache HTTP server was configured\nto proxy to a server with caching enabled. (CVE-2014-3581)\n\nA flaw was found in the way httpd handled HTTP Trailer headers when\nprocessing requests using chunked encoding. A malicious client could use\nTrailer headers to set additional HTTP headers after header processing was\nperformed by other modules. This could, for example, lead to a bypass of\nheader restrictions defined with mod_headers. (CVE-2013-5704)\n\nNote: With this update, httpd has been modified to not merge HTTP Trailer\nheaders with other HTTP request headers. A newly introduced configuration\ndirective MergeTrailers can be used to re-enable the old method of\nprocessing Trailer headers, which also re-introduces the aforementioned\nflaw.\n\nThis update also fixes the following bug:\n\n* Prior to this update, the mod_proxy_wstunnel module failed to set up an\nSSL connection when configured to use a back end server using the \"wss:\"\nURL scheme, causing proxied connections to fail. In these updated packages,\nSSL is used when proxying to \"wss:\" back end servers. (BZ#1141950)\n\nAll httpd24-httpd users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After installing\nthe updated packages, the httpd24-httpd service will be restarted\nautomatically.\n", "modified": "2018-06-13T01:28:16", "published": "2014-12-09T05:00:00", "id": "RHSA-2014:1972", "href": "https://access.redhat.com/errata/RHSA-2014:1972", "type": "redhat", "title": "(RHSA-2014:1972) Low: httpd24-httpd security and bug fix update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-12-11T13:32:00", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5704", "CVE-2014-0230", "CVE-2014-3581", "CVE-2015-3183", "CVE-2015-5174"], "description": "Red Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the\nApache HTTP Server, the Apache Tomcat Servlet container, Apache\nTomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster),\nHibernate, and the Tomcat Native library.\n\nIt was found that Tomcat would keep connections open after processing\nrequests with a large enough request body. A remote attacker could\npotentially use this flaw to exhaust the pool of available connections\nand prevent further, legitimate connections to the Tomcat server.\n(CVE-2014-0230)\n\nA flaw was found in the way httpd handled HTTP Trailer headers when\nprocessing requests using chunked encoding. A malicious client could\nuse Trailer headers to set additional HTTP headers after header\nprocessing was performed by other modules. This could, for example,\nlead to a bypass of header restrictions defined with mod_headers.\n(CVE-2013-5704)\n\nMultiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could\nuse these flaws to create a specially crafted request, which httpd\nwould decode differently from an HTTP proxy software in front of it,\npossibly leading to HTTP request smuggling attacks. (CVE-2015-3183)\n\n* This enhancement update adds the Red Hat JBoss Web Server 3.0.2\npackages to Red Hat Enterprise Linux 7. These packages provide a\nnumber of enhancements over the previous version of Red Hat JBoss Web\nServer. (JIRA#JWS-229)\n\nUsers of Red Hat JBoss Web Server are advised to upgrade to these\nupdated packages, which add this enhancement.", "modified": "2018-03-19T16:14:02", "published": "2015-12-16T23:09:36", "id": "RHSA-2015:2660", "href": "https://access.redhat.com/errata/RHSA-2015:2660", "type": "redhat", "title": "(RHSA-2015:2660) Moderate: Red Hat JBoss Web Server 3.0.2 security update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-12-11T13:32:13", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5704", "CVE-2014-0230", "CVE-2014-3581", "CVE-2015-3183", "CVE-2015-5174"], "description": "Red Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the\nApache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat\nConnector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and\nthe Tomcat Native library.\n\nIt was found that Tomcat would keep connections open after processing\nrequests with a large enough request body. A remote attacker could\npotentially use this flaw to exhaust the pool of available connections\nand prevent further, legitimate connections to the Tomcat server.\n(CVE-2014-0230)\n\nA flaw was found in the way httpd handled HTTP Trailer headers when\nprocessing requests using chunked encoding. A malicious client could\nuse Trailer headers to set additional HTTP headers after header\nprocessing was performed by other modules. This could, for example,\nlead to a bypass of header restrictions defined with mod_headers.\n(CVE-2013-5704)\n\nMultiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could\nuse these flaws to create a specially crafted request, which httpd\nwould decode differently from an HTTP proxy software in front of it,\npossibly leading to HTTP request smuggling attacks. (CVE-2015-3183)\n\n* This enhancement update adds the Red Hat JBoss Web Server 3.0.2\npackages to Red Hat Enterprise Linux 6. These packages provide a\nnumber of enhancements over the previous version of Red Hat JBoss Web\nServer. (JIRA#JWS-228)\n\nUsers of Red Hat JBoss Web Server are advised to upgrade to these\nupdated packages, which add this enhancement.", "modified": "2018-06-07T02:42:54", "published": "2015-12-16T23:09:20", "id": "RHSA-2015:2659", "href": "https://access.redhat.com/errata/RHSA-2015:2659", "type": "redhat", "title": "(RHSA-2015:2659) Moderate: Red Hat JBoss Web Server 3.0.2 security update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:45:25", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5704"], "description": "The httpd packages provide the Apache HTTP Server, a powerful, efficient,\nand extensible web server.\n\nA flaw was found in the way httpd handled HTTP Trailer headers when\nprocessing requests using chunked encoding. A malicious client could use\nTrailer headers to set additional HTTP headers after header processing was\nperformed by other modules. This could, for example, lead to a bypass of\nheader restrictions defined with mod_headers. (CVE-2013-5704)\n\nThis update also fixes the following bugs:\n\n* The order of mod_proxy workers was not checked when httpd configuration\nwas reloaded. When mod_proxy workers were removed, added, or their order\nwas changed, their parameters and scores could become mixed. The order of\nmod_proxy workers has been made internally consistent during configuration\nreload. (BZ#1149906)\n\n* The local host certificate created during firstboot contained CA\nextensions, which caused the httpd service to return warning messages.\nThis has been addressed by local host certificates being generated with the\n\"-extensions v3_req\" option. (BZ#906476)\n\n* The default mod_ssl configuration no longer enables support for SSL\ncipher suites using the single DES, IDEA, or SEED encryption algorithms.\n(BZ#1086771)\n\n* The apachectl script did not take into account the HTTPD_LANG variable\nset in the /etc/sysconfig/httpd file during graceful restarts.\nConsequently, httpd did not use a changed value of HTTPD_LANG when the\ndaemon was restarted gracefully. The script has been fixed to handle the\nHTTPD_LANG variable correctly. (BZ#963146)\n\n* The mod_deflate module failed to check the original file size while\nextracting files larger than 4 GB, making it impossible to extract large\nfiles. Now, mod_deflate checks the original file size properly according to\nRFC1952, and it is able to decompress files larger than 4 GB. (BZ#1057695)\n\n* The httpd service did not check configuration before restart. When a\nconfiguration contained an error, an attempt to restart httpd gracefully\nfailed. Now, httpd checks configuration before restart and if the\nconfiguration is in an inconsistent state, an error message is printed,\nhttpd is not stopped and a restart is not performed. (BZ#1146194)\n\n* The SSL_CLIENT_VERIFY environment variable was incorrectly handled when\nthe \"SSLVerifyClient optional_no_ca\" and \"SSLSessionCache\" options were\nused. When an SSL session was resumed, the SSL_CLIENT_VERIFY value was set\nto \"SUCCESS\" instead of the previously set \"GENEROUS\". SSL_CLIENT_VERIFY is\nnow correctly set to GENEROUS in this scenario. (BZ#1149703)\n\n* The ab utility did not correctly handle situations when an SSL connection\nwas closed after some data had already been read. As a consequence, ab did\nnot work correctly with SSL servers and printed \"SSL read failed\" error\nmessages. With this update, ab works as expected with HTTPS servers.\n(BZ#1045477)\n\n* When a client presented a revoked certificate, log entries were created\nonly at the debug level. The log level of messages regarding a revoked\ncertificate has been increased to INFO, and administrators are now properly\ninformed of this situation. (BZ#1161328)\n\nIn addition, this update adds the following enhancement:\n\n* A mod_proxy worker can now be set into drain mode (N) using the\nbalancer-manager web interface or using the httpd configuration file.\nA worker in drain mode accepts only existing sticky sessions destined for\nitself and ignores all other requests. The worker waits until all clients\ncurrently connected to this worker complete their work before the worker is\nstopped. As a result, drain mode enables to perform maintenance on a worker\nwithout affecting clients. (BZ#767130)\n\nUsers of httpd are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add this\nenhancement. After installing the updated packages, the httpd service will\nbe restarted automatically.\n", "modified": "2018-06-06T20:24:34", "published": "2015-07-22T09:29:38", "id": "RHSA-2015:1249", "href": "https://access.redhat.com/errata/RHSA-2015:1249", "type": "redhat", "title": "(RHSA-2015:1249) Low: httpd security, bug fix, and enhancement update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-08-13T18:44:43", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5704", "CVE-2015-3183"], "description": "Red Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library.\n\nMultiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would decode\ndifferently from an HTTP proxy software in front of it, possibly leading to\nHTTP request smuggling attacks. (CVE-2015-3183)\n\nA flaw was found in the way httpd handled HTTP Trailer headers when\nprocessing requests using chunked encoding. A malicious client could use\nTrailer headers to set additional HTTP headers after header processing was\nperformed by other modules. This could, for example, lead to a bypass of\nheader restrictions defined with mod_headers. (CVE-2013-5704)\n\nUsers of httpd or httpd22 are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After installing\nthe updated packages, the httpd or httpd22 service must be restarted\nmanually for this update to take effect.", "modified": "2018-08-09T19:46:59", "published": "2016-01-21T20:44:55", "id": "RHSA-2016:0061", "href": "https://access.redhat.com/errata/RHSA-2016:0061", "type": "redhat", "title": "(RHSA-2016:0061) Moderate: httpd and httpd22 security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T14:35:31", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0876", "CVE-2013-5704", "CVE-2015-3183"], "description": "Red Hat JBoss Web Server is a fully integrated and certified set of \ncomponents for hosting Java web applications. It is comprised of the Apache \nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector \n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat \nNative library.\n\nMultiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would decode \ndifferently from an HTTP proxy software in front of it, possibly leading to \nHTTP request smuggling attacks. (CVE-2015-3183)\n\nA denial of service flaw was found in the implementation of hash arrays in \nExpat. An attacker could use this flaw to make an application using Expat \nconsume an excessive amount of CPU time by providing a specially-crafted\nXML file that triggers multiple hash function collisions. To mitigate this\nissue, randomization has been added to the hash function to reduce the\nchance of an attacker successfully causing intentional collisions.\n(CVE-2012-0876)\n\nA flaw was found in the way httpd handled HTTP Trailer headers when \nprocessing requests using chunked encoding. A malicious client could use \nTrailer headers to set additional HTTP headers after header processing was \nperformed by other modules. This could, for example, lead to a bypass of \nheader restrictions defined with mod_headers. (CVE-2013-5704)\n\nAll users of Red Hat JBoss Web Server 2.1.0 as provided from the Red Hat \nCustomer Portal are advised to apply this update. The Red Hat JBoss Web \nServer process must be restarted for the update to take effect.", "modified": "2018-02-15T23:12:14", "published": "2016-01-21T20:45:11", "id": "RHSA-2016:0062", "href": "https://access.redhat.com/errata/RHSA-2016:0062", "type": "redhat", "title": "(RHSA-2016:0062) Moderate: Red Hat JBoss Web Server 2.1.0 security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "debian": [{"lastseen": "2020-11-11T13:11:20", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5704", "CVE-2014-3581"], "description": "Package : apache2\nVersion : 2.2.16-6+squeeze14\nCVE ID : CVE-2013-5704 CVE-2014-3581\n\nThis update fixes two security issues with apache2.\n\nCVE-2013-5704\n\n Disable the possibility to replace HTTP headers with HTTP trailers\n as this could be used to circumvent earlier header operations made by\n other modules. This can be restored with a new MergeTrailers\n directive.\n\nCVE-2014-3581\n\n Fix denial of service where Apache can segfault when mod_cache is used\n and when the cached request contains an empty Content-Type header.\n\n-- \nRapha\u00ebl Hertzog \u25c8 Debian Developer\n\nSupport Debian LTS: http://www.freexian.com/services/debian-lts.html\nLearn to master Debian: http://debian-handbook.info/get/\n", "edition": 11, "modified": "2014-10-16T10:10:48", "published": "2014-10-16T10:10:48", "id": "DEBIAN:DLA-71-1:FFC5F", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201410/msg00003.html", "title": "[SECURITY] [DLA 71-1] apache2 security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:05", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5704", "CVE-2014-3581"], "description": "[2.4.6-31.0.1]\n- replace index.html with Oracle's index page oracle_index.html\n[2.4.6-31]\n- mod_proxy_fcgi: determine if FCGI_CONN_CLOSE should be enabled\n instead of hardcoding it (#1168050)\n- mod_proxy: support Unix Domain Sockets (#1168081)\n[2.4.6-30]\n- core: fix bypassing of mod_headers rules via chunked requests (CVE-2013-5704)\n- mod_cache: fix NULL pointer dereference on empty Content-Type (CVE-2014-3581)\n[2.4.6-29]\n- rebuild against proper version of OpenSSL (#1080125)\n[2.4.6-28]\n- set vstring based on /etc/os-release (#1114123)\n[2.4.6-27]\n- fix the dependency on openssl-libs to match the fix for #1080125\n[2.4.6-26]\n- allow \n'es to be seen under virtual hosts (#1131847)\n[2.4.6-25]\n- do not use hardcoded curve for ECDHE suites (#1080125)\n[2.4.6-24]\n- allow reverse-proxy to be set via SetHandler (#1136290)\n[2.4.6-23]\n- fix possible crash in SIGINT handling (#1131006)\n[2.4.6-22]\n- ab: fix integer overflow when printing stats with lot of requests (#1092420)\n[2.4.6-21]\n- add pre_htaccess so mpm-itk can be build as separate module (#1059143)\n[2.4.6-20]\n- mod_ssl: prefer larger keys and support up to 8192-bit keys (#1073078)", "edition": 4, "modified": "2015-03-11T00:00:00", "published": "2015-03-11T00:00:00", "id": "ELSA-2015-0325", "href": "http://linux.oracle.com/errata/ELSA-2015-0325.html", "title": "httpd security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:36:33", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5704"], "description": "[2.2.15-45.0.1]\n- replace index.html with Oracle's index page oracle_index.html\n- update vstring in specfile\n[2.2.15-45]\n- mod_proxy_balancer: add support for 'drain mode' (N) (#767130)\n[2.2.15-44]\n- set SSLCipherSuite to DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES (#1086771)\n[2.2.15-43]\n- revert DirectoryMatch patch from 2.2.15-40 (#1016963)\n[2.2.15-42]\n- core: fix bypassing of mod_headers rules via chunked requests (CVE-2013-5704)\n[2.2.15-41]\n- fix compilation with older OpenSSL caused by misspelling in patch (#1162268)\n[2.2.15-40]\n- mod_proxy: do not mix workers shared memory during graceful restart (#1149906)\n- mod_ssl: Fix SSL_CLIENT_VERIFY value when optional_no_ca and SSLSessionCache\n are used and SSL session is resumed (#1149703)\n- mod_ssl: log revoked certificates at the INFO level (#1161328)\n- mod_ssl: use -extensions v3_req for certificate generation (#906476)\n- core: check the config file before restarting the server (#1146194)\n- core: do not match files when using DirectoryMatch (#1016963)\n- core: improve error message for inaccessible DocumentRoot (#987590)\n- rotatelogs: improve support for localtime (#922844)\n- mod_deflate: fix decompression of files larger than 4GB (#1057695)\n- ab: fix integer overflow when printing stats with lot of requests (#1092419)\n- ab: try all addresses instead of failing on first one when not available (#1125269)\n- ab: fix read failure when targeting SSL server (#1045477)\n- apachectl: support HTTPD_LANG variable from /etc/sysconfig/httpd (#963146)\n- do not display 'bomb' icon for files ending with 'core' (#1069625)", "edition": 4, "modified": "2015-07-28T00:00:00", "published": "2015-07-28T00:00:00", "id": "ELSA-2015-1249", "href": "http://linux.oracle.com/errata/ELSA-2015-1249.html", "title": "httpd security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:36:11", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0231", "CVE-2013-4352", "CVE-2014-3583", "CVE-2013-5704", "CVE-2014-0118", "CVE-2014-3581", "CVE-2014-0117", "CVE-2014-0226"], "description": "[2.4.6-22.0.1.el6]\n- remove enable-tlsv1x-thunks to fit openssl 1.x api\n- replace index.html with Oracle's index page oracle_index.html\n- update vstring in specfile\n[2.4.6-22]\n- Remove mod_proxy_fcgi fix for heap-based buffer overflow,\n httpd-2.4.6 is not affected (CVE-2014-3583)\n[2.4.6-21]\n- mod_proxy_wstunnel: Fix the use of SSL with the 'wss:' scheme (#1141950)\n[2.4.6-20]\n- core: fix bypassing of mod_headers rules via chunked requests (CVE-2013-5704)\n- mod_cache: fix NULL pointer dereference on empty Content-Type (CVE-2014-3581)\n- mod_proxy_fcgi: fix heap-based buffer overflow (CVE-2014-3583)\n[2.4.6-19]\n- mod_cgid: add security fix for CVE-2014-0231\n- mod_proxy: add security fix for CVE-2014-0117\n- mod_deflate: add security fix for CVE-2014-0118\n- mod_status: add security fix for CVE-2014-0226\n- mod_cache: add secutiry fix for CVE-2013-4352", "edition": 4, "modified": "2016-02-04T00:00:00", "published": "2016-02-04T00:00:00", "id": "ELSA-2014-1972", "href": "http://linux.oracle.com/errata/ELSA-2014-1972.html", "title": "httpd24-httpd security and bug fix update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-17T13:48:41", "description": "A flaw was found in the way httpd handled HTTP Trailer headers when\nprocessing requests using chunked encoding. A malicious client could\nuse Trailer headers to set additional HTTP headers after header\nprocessing was performed by other modules. This could, for example,\nlead to a bypass of header restrictions defined with mod_headers.\n(CVE-2013-5704)\n\nA NULL pointer dereference flaw was found in the way the mod_cache\nhttpd module handled Content-Type headers. A malicious HTTP server\ncould cause the httpd child process to crash when the Apache HTTP\nserver was configured to proxy to a server with caching enabled.\n(CVE-2014-3581)\n\nThis update also fixes the following bugs :\n\n - Previously, the mod_proxy_fcgi Apache module always kept\n the back-end connections open even when they should have\n been closed. As a consequence, the number of open file\n descriptors was increasing over the time. With this\n update, mod_proxy_fcgi has been fixed to check the state\n of the back- end connections, and it closes the idle\n back-end connections as expected.\n\n - An integer overflow occurred in the ab utility when a\n large request count was used. Consequently, ab\n terminated unexpectedly with a segmentation fault while\n printing statistics after the benchmark. This bug has\n been fixed, and ab no longer crashes in this scenario.\n\n - Previously, when httpd was running in the foreground and\n the user pressed Ctrl+C to interrupt the httpd\n processes, a race condition in signal handling occurred.\n The SIGINT signal was sent to all children followed by\n SIGTERM from the main process, which interrupted the\n SIGINT handler. Consequently, the affected processes\n became unresponsive or terminated unexpectedly. With\n this update, the SIGINT signals in the child processes\n are ignored, and httpd no longer hangs or crashes in\n this scenario.\n\nIn addition, this update adds the following enhancements :\n\n - With this update, the mod_proxy module of the Apache\n HTTP Server supports the Unix Domain Sockets (UDS). This\n allows mod_proxy back ends to listen on UDS sockets\n instead of TCP sockets, and as a result, mod_proxy can\n be used to connect UDS back ends.\n\n - This update adds support for using the SetHandler\n directive together with the mod_proxy module. As a\n result, it is possible to configure SetHandler to use\n proxy for incoming requests, for example, in the\n following format: SetHandler\n 'proxy:fcgi://127.0.0.1:9000'.\n\n - The htaccess API changes introduced in httpd 2.4.7 have\n been backported to httpd shipped with Scientific Linux\n 7.1. These changes allow for the MPM-ITK module to be\n compiled as an httpd module.\n\nAfter installing the updated packages, the httpd daemon will be\nrestarted automatically.", "edition": 15, "published": "2015-03-26T00:00:00", "title": "Scientific Linux Security Update : httpd on SL7.x x86_64 (20150305)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5704", "CVE-2014-3581"], "modified": "2015-03-26T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:httpd-debuginfo", "p-cpe:/a:fermilab:scientific_linux:httpd-tools", "p-cpe:/a:fermilab:scientific_linux:httpd-manual", "p-cpe:/a:fermilab:scientific_linux:mod_ssl", "p-cpe:/a:fermilab:scientific_linux:mod_proxy_html", "p-cpe:/a:fermilab:scientific_linux:mod_session", "p-cpe:/a:fermilab:scientific_linux:httpd", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:mod_ldap", "p-cpe:/a:fermilab:scientific_linux:httpd-devel"], "id": "SL_20150305_HTTPD_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/82252", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82252);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-5704\", \"CVE-2014-3581\");\n\n script_name(english:\"Scientific Linux Security Update : httpd on SL7.x x86_64 (20150305)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way httpd handled HTTP Trailer headers when\nprocessing requests using chunked encoding. A malicious client could\nuse Trailer headers to set additional HTTP headers after header\nprocessing was performed by other modules. This could, for example,\nlead to a bypass of header restrictions defined with mod_headers.\n(CVE-2013-5704)\n\nA NULL pointer dereference flaw was found in the way the mod_cache\nhttpd module handled Content-Type headers. A malicious HTTP server\ncould cause the httpd child process to crash when the Apache HTTP\nserver was configured to proxy to a server with caching enabled.\n(CVE-2014-3581)\n\nThis update also fixes the following bugs :\n\n - Previously, the mod_proxy_fcgi Apache module always kept\n the back-end connections open even when they should have\n been closed. As a consequence, the number of open file\n descriptors was increasing over the time. With this\n update, mod_proxy_fcgi has been fixed to check the state\n of the back- end connections, and it closes the idle\n back-end connections as expected.\n\n - An integer overflow occurred in the ab utility when a\n large request count was used. Consequently, ab\n terminated unexpectedly with a segmentation fault while\n printing statistics after the benchmark. This bug has\n been fixed, and ab no longer crashes in this scenario.\n\n - Previously, when httpd was running in the foreground and\n the user pressed Ctrl+C to interrupt the httpd\n processes, a race condition in signal handling occurred.\n The SIGINT signal was sent to all children followed by\n SIGTERM from the main process, which interrupted the\n SIGINT handler. Consequently, the affected processes\n became unresponsive or terminated unexpectedly. With\n this update, the SIGINT signals in the child processes\n are ignored, and httpd no longer hangs or crashes in\n this scenario.\n\nIn addition, this update adds the following enhancements :\n\n - With this update, the mod_proxy module of the Apache\n HTTP Server supports the Unix Domain Sockets (UDS). This\n allows mod_proxy back ends to listen on UDS sockets\n instead of TCP sockets, and as a result, mod_proxy can\n be used to connect UDS back ends.\n\n - This update adds support for using the SetHandler\n directive together with the mod_proxy module. As a\n result, it is possible to configure SetHandler to use\n proxy for incoming requests, for example, in the\n following format: SetHandler\n 'proxy:fcgi://127.0.0.1:9000'.\n\n - The htaccess API changes introduced in httpd 2.4.7 have\n been backported to httpd shipped with Scientific Linux\n 7.1. These changes allow for the MPM-ITK module to be\n compiled as an httpd module.\n\nAfter installing the updated packages, the httpd daemon will be\nrestarted automatically.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1503&L=scientific-linux-errata&T=0&P=2522\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6347ee52\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"httpd-2.4.6-31.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"httpd-debuginfo-2.4.6-31.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"httpd-devel-2.4.6-31.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"httpd-manual-2.4.6-31.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"httpd-tools-2.4.6-31.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mod_ldap-2.4.6-31.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mod_proxy_html-2.4.6-31.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mod_session-2.4.6-31.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mod_ssl-2.4.6-31.sl7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T12:49:48", "description": "From Red Hat Security Advisory 2015:0325 :\n\nUpdated httpd packages that fix two security issues, several bugs, and\nadd various enhancements are for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Low security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which\ngive detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nA flaw was found in the way httpd handled HTTP Trailer headers when\nprocessing requests using chunked encoding. A malicious client could\nuse Trailer headers to set additional HTTP headers after header\nprocessing was performed by other modules. This could, for example,\nlead to a bypass of header restrictions defined with mod_headers.\n(CVE-2013-5704)\n\nA NULL pointer dereference flaw was found in the way the mod_cache\nhttpd module handled Content-Type headers. A malicious HTTP server\ncould cause the httpd child process to crash when the Apache HTTP\nserver was configured to proxy to a server with caching enabled.\n(CVE-2014-3581)\n\nThis update also fixes the following bugs :\n\n* Previously, the mod_proxy_fcgi Apache module always kept the\nback-end connections open even when they should have been closed. As a\nconsequence, the number of open file descriptors was increasing over\nthe time. With this update, mod_proxy_fcgi has been fixed to check the\nstate of the back-end connections, and it closes the idle back-end\nconnections as expected. (BZ#1168050)\n\n* An integer overflow occurred in the ab utility when a large request\ncount was used. Consequently, ab terminated unexpectedly with a\nsegmentation fault while printing statistics after the benchmark. This\nbug has been fixed, and ab no longer crashes in this scenario.\n(BZ#1092420)\n\n* Previously, when httpd was running in the foreground and the user\npressed Ctrl+C to interrupt the httpd processes, a race condition in\nsignal handling occurred. The SIGINT signal was sent to all children\nfollowed by SIGTERM from the main process, which interrupted the\nSIGINT handler. Consequently, the affected processes became\nunresponsive or terminated unexpectedly. With this update, the SIGINT\nsignals in the child processes are ignored, and httpd no longer hangs\nor crashes in this scenario. (BZ#1131006)\n\nIn addition, this update adds the following enhancements :\n\n* With this update, the mod_proxy module of the Apache HTTP Server\nsupports the Unix Domain Sockets (UDS). This allows mod_proxy back\nends to listen on UDS sockets instead of TCP sockets, and as a result,\nmod_proxy can be used to connect UDS back ends. (BZ#1168081)\n\n* This update adds support for using the SetHandler directive together\nwith the mod_proxy module. As a result, it is possible to configure\nSetHandler to use proxy for incoming requests, for example, in the\nfollowing format: SetHandler 'proxy:fcgi://127.0.0.1:9000'.\n(BZ#1136290)\n\n* The htaccess API changes introduced in httpd 2.4.7 have been\nbackported to httpd shipped with Red Hat Enterprise Linux 7.1. These\nchanges allow for the MPM-ITK module to be compiled as an httpd\nmodule. (BZ#1059143)\n\nAll httpd users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements. After installing the updated packages, the httpd daemon\nwill be restarted automatically.", "edition": 25, "published": "2015-03-13T00:00:00", "title": "Oracle Linux 7 : httpd (ELSA-2015-0325)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5704", "CVE-2014-3581"], "modified": "2015-03-13T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:httpd-devel", "p-cpe:/a:oracle:linux:httpd", "p-cpe:/a:oracle:linux:mod_session", "p-cpe:/a:oracle:linux:mod_ssl", "p-cpe:/a:oracle:linux:httpd-manual", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:mod_ldap", "p-cpe:/a:oracle:linux:httpd-tools", "p-cpe:/a:oracle:linux:mod_proxy_html"], "id": "ORACLELINUX_ELSA-2015-0325.NASL", "href": "https://www.tenable.com/plugins/nessus/81802", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:0325 and \n# Oracle Linux Security Advisory ELSA-2015-0325 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81802);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-5704\", \"CVE-2014-3581\");\n script_bugtraq_id(66550, 71656);\n script_xref(name:\"RHSA\", value:\"2015:0325\");\n\n script_name(english:\"Oracle Linux 7 : httpd (ELSA-2015-0325)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:0325 :\n\nUpdated httpd packages that fix two security issues, several bugs, and\nadd various enhancements are for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Low security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which\ngive detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nA flaw was found in the way httpd handled HTTP Trailer headers when\nprocessing requests using chunked encoding. A malicious client could\nuse Trailer headers to set additional HTTP headers after header\nprocessing was performed by other modules. This could, for example,\nlead to a bypass of header restrictions defined with mod_headers.\n(CVE-2013-5704)\n\nA NULL pointer dereference flaw was found in the way the mod_cache\nhttpd module handled Content-Type headers. A malicious HTTP server\ncould cause the httpd child process to crash when the Apache HTTP\nserver was configured to proxy to a server with caching enabled.\n(CVE-2014-3581)\n\nThis update also fixes the following bugs :\n\n* Previously, the mod_proxy_fcgi Apache module always kept the\nback-end connections open even when they should have been closed. As a\nconsequence, the number of open file descriptors was increasing over\nthe time. With this update, mod_proxy_fcgi has been fixed to check the\nstate of the back-end connections, and it closes the idle back-end\nconnections as expected. (BZ#1168050)\n\n* An integer overflow occurred in the ab utility when a large request\ncount was used. Consequently, ab terminated unexpectedly with a\nsegmentation fault while printing statistics after the benchmark. This\nbug has been fixed, and ab no longer crashes in this scenario.\n(BZ#1092420)\n\n* Previously, when httpd was running in the foreground and the user\npressed Ctrl+C to interrupt the httpd processes, a race condition in\nsignal handling occurred. The SIGINT signal was sent to all children\nfollowed by SIGTERM from the main process, which interrupted the\nSIGINT handler. Consequently, the affected processes became\nunresponsive or terminated unexpectedly. With this update, the SIGINT\nsignals in the child processes are ignored, and httpd no longer hangs\nor crashes in this scenario. (BZ#1131006)\n\nIn addition, this update adds the following enhancements :\n\n* With this update, the mod_proxy module of the Apache HTTP Server\nsupports the Unix Domain Sockets (UDS). This allows mod_proxy back\nends to listen on UDS sockets instead of TCP sockets, and as a result,\nmod_proxy can be used to connect UDS back ends. (BZ#1168081)\n\n* This update adds support for using the SetHandler directive together\nwith the mod_proxy module. As a result, it is possible to configure\nSetHandler to use proxy for incoming requests, for example, in the\nfollowing format: SetHandler 'proxy:fcgi://127.0.0.1:9000'.\n(BZ#1136290)\n\n* The htaccess API changes introduced in httpd 2.4.7 have been\nbackported to httpd shipped with Red Hat Enterprise Linux 7.1. These\nchanges allow for the MPM-ITK module to be compiled as an httpd\nmodule. (BZ#1059143)\n\nAll httpd users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements. After installing the updated packages, the httpd daemon\nwill be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-March/004882.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"httpd-2.4.6-31.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"httpd-devel-2.4.6-31.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"httpd-manual-2.4.6-31.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"httpd-tools-2.4.6-31.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mod_ldap-2.4.6-31.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mod_proxy_html-2.4.6-31.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mod_session-2.4.6-31.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mod_ssl-2.4.6-31.0.1.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-tools / mod_ldap / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T09:44:03", "description": "This update fixes two security issues with apache2.\n\nCVE-2013-5704\n\nDisable the possibility to replace HTTP headers with HTTP trailers as\nthis could be used to circumvent earlier header operations made by\nother modules. This can be restored with a new MergeTrailers\ndirective.\n\nCVE-2014-3581\n\nFix denial of service where Apache can segfault when mod_cache is used\nand when the cached request contains an empty Content-Type header.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 14, "published": "2015-03-26T00:00:00", "title": "Debian DLA-71-1 : apache2 security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5704", "CVE-2014-3581"], "modified": "2015-03-26T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:apache2-threaded-dev", "p-cpe:/a:debian:debian_linux:apache2.2-common", "cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:apache2-dbg", "p-cpe:/a:debian:debian_linux:apache2-prefork-dev", "p-cpe:/a:debian:debian_linux:apache2-mpm-event", "p-cpe:/a:debian:debian_linux:apache2-doc", "p-cpe:/a:debian:debian_linux:apache2-suexec-custom", "p-cpe:/a:debian:debian_linux:apache2-suexec", "p-cpe:/a:debian:debian_linux:apache2.2-bin", "p-cpe:/a:debian:debian_linux:apache2-mpm-itk", "p-cpe:/a:debian:debian_linux:apache2-utils", "p-cpe:/a:debian:debian_linux:apache2", "p-cpe:/a:debian:debian_linux:apache2-mpm-worker", "p-cpe:/a:debian:debian_linux:apache2-mpm-prefork"], "id": "DEBIAN_DLA-71.NASL", "href": "https://www.tenable.com/plugins/nessus/82216", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-71-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82216);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-5704\", \"CVE-2014-3581\");\n script_bugtraq_id(66550, 71656);\n\n script_name(english:\"Debian DLA-71-1 : apache2 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes two security issues with apache2.\n\nCVE-2013-5704\n\nDisable the possibility to replace HTTP headers with HTTP trailers as\nthis could be used to circumvent earlier header operations made by\nother modules. This can be restored with a new MergeTrailers\ndirective.\n\nCVE-2014-3581\n\nFix denial of service where Apache can segfault when mod_cache is used\nand when the cached request contains an empty Content-Type header.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2014/10/msg00003.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/apache2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-mpm-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-mpm-itk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-mpm-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-mpm-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-prefork-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-suexec-custom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-threaded-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2.2-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2.2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"apache2\", reference:\"2.2.16-6+squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-dbg\", reference:\"2.2.16-6+squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-doc\", reference:\"2.2.16-6+squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-mpm-event\", reference:\"2.2.16-6+squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-mpm-itk\", reference:\"2.2.16-6+squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-mpm-prefork\", reference:\"2.2.16-6+squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-mpm-worker\", reference:\"2.2.16-6+squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-prefork-dev\", reference:\"2.2.16-6+squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-suexec\", reference:\"2.2.16-6+squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-suexec-custom\", reference:\"2.2.16-6+squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-threaded-dev\", reference:\"2.2.16-6+squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-utils\", reference:\"2.2.16-6+squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2.2-bin\", reference:\"2.2.16-6+squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2.2-common\", reference:\"2.2.16-6+squeeze14\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-06T09:30:02", "description": "Updated httpd packages that fix two security issues, several bugs, and\nadd various enhancements are for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Low security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which\ngive detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nA flaw was found in the way httpd handled HTTP Trailer headers when\nprocessing requests using chunked encoding. A malicious client could\nuse Trailer headers to set additional HTTP headers after header\nprocessing was performed by other modules. This could, for example,\nlead to a bypass of header restrictions defined with mod_headers.\n(CVE-2013-5704)\n\nA NULL pointer dereference flaw was found in the way the mod_cache\nhttpd module handled Content-Type headers. A malicious HTTP server\ncould cause the httpd child process to crash when the Apache HTTP\nserver was configured to proxy to a server with caching enabled.\n(CVE-2014-3581)\n\nThis update also fixes the following bugs :\n\n* Previously, the mod_proxy_fcgi Apache module always kept the\nback-end connections open even when they should have been closed. As a\nconsequence, the number of open file descriptors was increasing over\nthe time. With this update, mod_proxy_fcgi has been fixed to check the\nstate of the back-end connections, and it closes the idle back-end\nconnections as expected. (BZ#1168050)\n\n* An integer overflow occurred in the ab utility when a large request\ncount was used. Consequently, ab terminated unexpectedly with a\nsegmentation fault while printing statistics after the benchmark. This\nbug has been fixed, and ab no longer crashes in this scenario.\n(BZ#1092420)\n\n* Previously, when httpd was running in the foreground and the user\npressed Ctrl+C to interrupt the httpd processes, a race condition in\nsignal handling occurred. The SIGINT signal was sent to all children\nfollowed by SIGTERM from the main process, which interrupted the\nSIGINT handler. Consequently, the affected processes became\nunresponsive or terminated unexpectedly. With this update, the SIGINT\nsignals in the child processes are ignored, and httpd no longer hangs\nor crashes in this scenario. (BZ#1131006)\n\nIn addition, this update adds the following enhancements :\n\n* With this update, the mod_proxy module of the Apache HTTP Server\nsupports the Unix Domain Sockets (UDS). This allows mod_proxy back\nends to listen on UDS sockets instead of TCP sockets, and as a result,\nmod_proxy can be used to connect UDS back ends. (BZ#1168081)\n\n* This update adds support for using the SetHandler directive together\nwith the mod_proxy module. As a result, it is possible to configure\nSetHandler to use proxy for incoming requests, for example, in the\nfollowing format: SetHandler 'proxy:fcgi://127.0.0.1:9000'.\n(BZ#1136290)\n\n* The htaccess API changes introduced in httpd 2.4.7 have been\nbackported to httpd shipped with Red Hat Enterprise Linux 7.1. These\nchanges allow for the MPM-ITK module to be compiled as an httpd\nmodule. (BZ#1059143)\n\nAll httpd users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements. After installing the updated packages, the httpd daemon\nwill be restarted automatically.", "edition": 28, "published": "2015-03-18T00:00:00", "title": "CentOS 7 : httpd (CESA-2015:0325)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5704", "CVE-2014-3581"], "modified": "2015-03-18T00:00:00", "cpe": ["p-cpe:/a:centos:centos:mod_ssl", "p-cpe:/a:centos:centos:httpd-manual", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:mod_proxy_html", "p-cpe:/a:centos:centos:mod_session", "p-cpe:/a:centos:centos:httpd-tools", "p-cpe:/a:centos:centos:httpd", "p-cpe:/a:centos:centos:httpd-devel", "p-cpe:/a:centos:centos:mod_ldap"], "id": "CENTOS_RHSA-2015-0325.NASL", "href": "https://www.tenable.com/plugins/nessus/81888", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0325 and \n# CentOS Errata and Security Advisory 2015:0325 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81888);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-5704\", \"CVE-2014-3581\");\n script_xref(name:\"RHSA\", value:\"2015:0325\");\n\n script_name(english:\"CentOS 7 : httpd (CESA-2015:0325)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated httpd packages that fix two security issues, several bugs, and\nadd various enhancements are for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Low security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which\ngive detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nA flaw was found in the way httpd handled HTTP Trailer headers when\nprocessing requests using chunked encoding. A malicious client could\nuse Trailer headers to set additional HTTP headers after header\nprocessing was performed by other modules. This could, for example,\nlead to a bypass of header restrictions defined with mod_headers.\n(CVE-2013-5704)\n\nA NULL pointer dereference flaw was found in the way the mod_cache\nhttpd module handled Content-Type headers. A malicious HTTP server\ncould cause the httpd child process to crash when the Apache HTTP\nserver was configured to proxy to a server with caching enabled.\n(CVE-2014-3581)\n\nThis update also fixes the following bugs :\n\n* Previously, the mod_proxy_fcgi Apache module always kept the\nback-end connections open even when they should have been closed. As a\nconsequence, the number of open file descriptors was increasing over\nthe time. With this update, mod_proxy_fcgi has been fixed to check the\nstate of the back-end connections, and it closes the idle back-end\nconnections as expected. (BZ#1168050)\n\n* An integer overflow occurred in the ab utility when a large request\ncount was used. Consequently, ab terminated unexpectedly with a\nsegmentation fault while printing statistics after the benchmark. This\nbug has been fixed, and ab no longer crashes in this scenario.\n(BZ#1092420)\n\n* Previously, when httpd was running in the foreground and the user\npressed Ctrl+C to interrupt the httpd processes, a race condition in\nsignal handling occurred. The SIGINT signal was sent to all children\nfollowed by SIGTERM from the main process, which interrupted the\nSIGINT handler. Consequently, the affected processes became\nunresponsive or terminated unexpectedly. With this update, the SIGINT\nsignals in the child processes are ignored, and httpd no longer hangs\nor crashes in this scenario. (BZ#1131006)\n\nIn addition, this update adds the following enhancements :\n\n* With this update, the mod_proxy module of the Apache HTTP Server\nsupports the Unix Domain Sockets (UDS). This allows mod_proxy back\nends to listen on UDS sockets instead of TCP sockets, and as a result,\nmod_proxy can be used to connect UDS back ends. (BZ#1168081)\n\n* This update adds support for using the SetHandler directive together\nwith the mod_proxy module. As a result, it is possible to configure\nSetHandler to use proxy for incoming requests, for example, in the\nfollowing format: SetHandler 'proxy:fcgi://127.0.0.1:9000'.\n(BZ#1136290)\n\n* The htaccess API changes introduced in httpd 2.4.7 have been\nbackported to httpd shipped with Red Hat Enterprise Linux 7.1. These\nchanges allow for the MPM-ITK module to be compiled as an httpd\nmodule. (BZ#1059143)\n\nAll httpd users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements. After installing the updated packages, the httpd daemon\nwill be restarted automatically.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2015-March/001584.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e039993a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-5704\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"httpd-2.4.6-31.el7.centos\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"httpd-devel-2.4.6-31.el7.centos\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"httpd-manual-2.4.6-31.el7.centos\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"httpd-tools-2.4.6-31.el7.centos\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mod_ldap-2.4.6-31.el7.centos\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mod_proxy_html-2.4.6-31.el7.centos\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mod_session-2.4.6-31.el7.centos\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mod_ssl-2.4.6-31.el7.centos\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-tools / mod_ldap / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-03-01T05:36:25", "description": "Updated httpd packages that fix two security issues, several bugs, and\nadd various enhancements are for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Low security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which\ngive detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nA flaw was found in the way httpd handled HTTP Trailer headers when\nprocessing requests using chunked encoding. A malicious client could\nuse Trailer headers to set additional HTTP headers after header\nprocessing was performed by other modules. This could, for example,\nlead to a bypass of header restrictions defined with mod_headers.\n(CVE-2013-5704)\n\nA NULL pointer dereference flaw was found in the way the mod_cache\nhttpd module handled Content-Type headers. A malicious HTTP server\ncould cause the httpd child process to crash when the Apache HTTP\nserver was configured to proxy to a server with caching enabled.\n(CVE-2014-3581)\n\nThis update also fixes the following bugs :\n\n* Previously, the mod_proxy_fcgi Apache module always kept the\nback-end connections open even when they should have been closed. As a\nconsequence, the number of open file descriptors was increasing over\nthe time. With this update, mod_proxy_fcgi has been fixed to check the\nstate of the back-end connections, and it closes the idle back-end\nconnections as expected. (BZ#1168050)\n\n* An integer overflow occurred in the ab utility when a large request\ncount was used. Consequently, ab terminated unexpectedly with a\nsegmentation fault while printing statistics after the benchmark. This\nbug has been fixed, and ab no longer crashes in this scenario.\n(BZ#1092420)\n\n* Previously, when httpd was running in the foreground and the user\npressed Ctrl+C to interrupt the httpd processes, a race condition in\nsignal handling occurred. The SIGINT signal was sent to all children\nfollowed by SIGTERM from the main process, which interrupted the\nSIGINT handler. Consequently, the affected processes became\nunresponsive or terminated unexpectedly. With this update, the SIGINT\nsignals in the child processes are ignored, and httpd no longer hangs\nor crashes in this scenario. (BZ#1131006)\n\nIn addition, this update adds the following enhancements :\n\n* With this update, the mod_proxy module of the Apache HTTP Server\nsupports the Unix Domain Sockets (UDS). This allows mod_proxy back\nends to listen on UDS sockets instead of TCP sockets, and as a result,\nmod_proxy can be used to connect UDS back ends. (BZ#1168081)\n\n* This update adds support for using the SetHandler directive together\nwith the mod_proxy module. As a result, it is possible to configure\nSetHandler to use proxy for incoming requests, for example, in the\nfollowing format: SetHandler 'proxy:fcgi://127.0.0.1:9000'.\n(BZ#1136290)\n\n* The htaccess API changes introduced in httpd 2.4.7 have been\nbackported to httpd shipped with Red Hat Enterprise Linux 7.1. These\nchanges allow for the MPM-ITK module to be compiled as an httpd\nmodule. (BZ#1059143)\n\nAll httpd users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements. After installing the updated packages, the httpd daemon\nwill be restarted automatically.", "edition": 30, "published": "2015-03-05T00:00:00", "title": "RHEL 7 : httpd (RHSA-2015:0325)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5704", "CVE-2014-3581"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:mod_ssl", "cpe:/o:redhat:enterprise_linux:7.4", "p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo", "cpe:/o:redhat:enterprise_linux:7.7", "p-cpe:/a:redhat:enterprise_linux:mod_session", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:mod_ldap", "cpe:/o:redhat:enterprise_linux:7.3", "p-cpe:/a:redhat:enterprise_linux:httpd", "cpe:/o:redhat:enterprise_linux:7.6", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:httpd-devel"], "id": "REDHAT-RHSA-2015-0325.NASL", "href": "https://www.tenable.com/plugins/nessus/81629", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0325. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81629);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/10/24 15:35:39\");\n\n script_cve_id(\"CVE-2013-5704\", \"CVE-2014-3581\");\n script_xref(name:\"RHSA\", value:\"2015:0325\");\n\n script_name(english:\"RHEL 7 : httpd (RHSA-2015:0325)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated httpd packages that fix two security issues, several bugs, and\nadd various enhancements are for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Low security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which\ngive detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nA flaw was found in the way httpd handled HTTP Trailer headers when\nprocessing requests using chunked encoding. A malicious client could\nuse Trailer headers to set additional HTTP headers after header\nprocessing was performed by other modules. This could, for example,\nlead to a bypass of header restrictions defined with mod_headers.\n(CVE-2013-5704)\n\nA NULL pointer dereference flaw was found in the way the mod_cache\nhttpd module handled Content-Type headers. A malicious HTTP server\ncould cause the httpd child process to crash when the Apache HTTP\nserver was configured to proxy to a server with caching enabled.\n(CVE-2014-3581)\n\nThis update also fixes the following bugs :\n\n* Previously, the mod_proxy_fcgi Apache module always kept the\nback-end connections open even when they should have been closed. As a\nconsequence, the number of open file descriptors was increasing over\nthe time. With this update, mod_proxy_fcgi has been fixed to check the\nstate of the back-end connections, and it closes the idle back-end\nconnections as expected. (BZ#1168050)\n\n* An integer overflow occurred in the ab utility when a large request\ncount was used. Consequently, ab terminated unexpectedly with a\nsegmentation fault while printing statistics after the benchmark. This\nbug has been fixed, and ab no longer crashes in this scenario.\n(BZ#1092420)\n\n* Previously, when httpd was running in the foreground and the user\npressed Ctrl+C to interrupt the httpd processes, a race condition in\nsignal handling occurred. The SIGINT signal was sent to all children\nfollowed by SIGTERM from the main process, which interrupted the\nSIGINT handler. Consequently, the affected processes became\nunresponsive or terminated unexpectedly. With this update, the SIGINT\nsignals in the child processes are ignored, and httpd no longer hangs\nor crashes in this scenario. (BZ#1131006)\n\nIn addition, this update adds the following enhancements :\n\n* With this update, the mod_proxy module of the Apache HTTP Server\nsupports the Unix Domain Sockets (UDS). This allows mod_proxy back\nends to listen on UDS sockets instead of TCP sockets, and as a result,\nmod_proxy can be used to connect UDS back ends. (BZ#1168081)\n\n* This update adds support for using the SetHandler directive together\nwith the mod_proxy module. As a result, it is possible to configure\nSetHandler to use proxy for incoming requests, for example, in the\nfollowing format: SetHandler 'proxy:fcgi://127.0.0.1:9000'.\n(BZ#1136290)\n\n* The htaccess API changes introduced in httpd 2.4.7 have been\nbackported to httpd shipped with Red Hat Enterprise Linux 7.1. These\nchanges allow for the MPM-ITK module to be compiled as an httpd\nmodule. (BZ#1059143)\n\nAll httpd users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements. After installing the updated packages, the httpd daemon\nwill be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0325\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3581\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0325\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"httpd-2.4.6-31.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd-2.4.6-31.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"httpd-debuginfo-2.4.6-31.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd-debuginfo-2.4.6-31.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"httpd-devel-2.4.6-31.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd-devel-2.4.6-31.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"httpd-manual-2.4.6-31.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"httpd-tools-2.4.6-31.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd-tools-2.4.6-31.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mod_ldap-2.4.6-31.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_ldap-2.4.6-31.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mod_proxy_html-2.4.6-31.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_proxy_html-2.4.6-31.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mod_session-2.4.6-31.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_session-2.4.6-31.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mod_ssl-2.4.6-31.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_ssl-2.4.6-31.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-07T14:16:16", "description": "The Apache2 webserver was updated to fix various issues.\n\nThe following feature was added :\n\n - Provide support for the tunneling of web socket\n connections to a backend websockets server.\n (FATE#316880) The following security issues have been\n fixed :\n\n - The mod_headers module in the Apache HTTP Server 2.2.22\n allowed remote attackers to bypass 'RequestHeader unset'\n directives by placing a header in the trailer portion of\n data sent with chunked transfer coding. The fix also\n adds a 'MergeTrailers' directive to restore legacy\n behavior. (CVE-2013-5704)\n\n - The cache_merge_headers_out function in\n modules/cache/cache_util.c in the mod_cache module in\n the Apache HTTP Server allowed remote attackers to cause\n a denial of service (NULL pointer dereference and\n application crash) via an empty HTTP Content-Type\n header. (CVE-2014-3581)\n\n - Apache HTTP Server allowed remote attackers to obtain\n sensitive information via (1) the ETag header, which\n reveals the inode number, or (2) multipart MIME\n boundary, which reveals child process IDs (PID). We so\n far assumed that this not useful to attackers, the fix\n is basically just reducing potential information leaks.\n (CVE-2003-1418)\n\nThe following bugs have been fixed :\n\n - Treat the 'server unavailable' condition as a transient\n error with all LDAP SDKs. (bsc#904427)\n\n - Fixed a segmentation fault at startup if the certs are\n shared across > 1 server_rec. (bsc#907339)", "edition": 24, "published": "2015-04-09T00:00:00", "title": "SuSE 11.3 Security Update : apache2 (SAT Patch Number 10533)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5704", "CVE-2014-3581", "CVE-2003-1418"], "modified": "2015-04-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:apache2-prefork", "p-cpe:/a:novell:suse_linux:11:apache2-utils", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:apache2", "p-cpe:/a:novell:suse_linux:11:apache2-example-pages", "p-cpe:/a:novell:suse_linux:11:apache2-doc", "p-cpe:/a:novell:suse_linux:11:apache2-worker"], "id": "SUSE_11_APACHE2-150325.NASL", "href": "https://www.tenable.com/plugins/nessus/82657", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82657);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2003-1418\", \"CVE-2013-5704\", \"CVE-2014-3581\");\n\n script_name(english:\"SuSE 11.3 Security Update : apache2 (SAT Patch Number 10533)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Apache2 webserver was updated to fix various issues.\n\nThe following feature was added :\n\n - Provide support for the tunneling of web socket\n connections to a backend websockets server.\n (FATE#316880) The following security issues have been\n fixed :\n\n - The mod_headers module in the Apache HTTP Server 2.2.22\n allowed remote attackers to bypass 'RequestHeader unset'\n directives by placing a header in the trailer portion of\n data sent with chunked transfer coding. The fix also\n adds a 'MergeTrailers' directive to restore legacy\n behavior. (CVE-2013-5704)\n\n - The cache_merge_headers_out function in\n modules/cache/cache_util.c in the mod_cache module in\n the Apache HTTP Server allowed remote attackers to cause\n a denial of service (NULL pointer dereference and\n application crash) via an empty HTTP Content-Type\n header. (CVE-2014-3581)\n\n - Apache HTTP Server allowed remote attackers to obtain\n sensitive information via (1) the ETag header, which\n reveals the inode number, or (2) multipart MIME\n boundary, which reveals child process IDs (PID). We so\n far assumed that this not useful to attackers, the fix\n is basically just reducing potential information leaks.\n (CVE-2003-1418)\n\nThe following bugs have been fixed :\n\n - Treat the 'server unavailable' condition as a transient\n error with all LDAP SDKs. (bsc#904427)\n\n - Fixed a segmentation fault at startup if the certs are\n shared across > 1 server_rec. (bsc#907339)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=713970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=871310\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=899836\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=904427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=907339\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=907477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2003-1418.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5704.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-3581.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 10533.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"apache2-2.2.12-1.51.52.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"apache2-doc-2.2.12-1.51.52.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"apache2-example-pages-2.2.12-1.51.52.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"apache2-prefork-2.2.12-1.51.52.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"apache2-utils-2.2.12-1.51.52.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"apache2-worker-2.2.12-1.51.52.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-07T14:22:36", "description": "Apache2 updated to fix four security issues and one non-security bug.\n\nThe following vulnerabilities have been fixed :\n\n - mod_headers rules could be bypassed via chunked\n requests. Adds 'MergeTrailers' directive to restore\n legacy behavior. (bsc#871310, CVE-2013-5704)\n\n - An empty value in Content-Type could lead to a crash\n through a null pointer dereference and a denial of\n service. (bsc#899836, CVE-2014-3581)\n\n - Remote attackers could bypass intended access\n restrictions in mod_lua LuaAuthzProvider when multiple\n Require directives with different arguments are used.\n (bsc#909715, CVE-2014-8109)\n\n - Remote attackers could cause a denial of service\n (child-process crash) by sending a crafted WebSocket\n Ping frame after a Lua script has called the wsupgrade\n function. (bsc#918352, CVE-2015-0228)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "published": "2015-06-02T00:00:00", "title": "SUSE SLES12 Security Update : apache2 (SUSE-SU-2015:0974-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5704", "CVE-2015-0228", "CVE-2014-3581", "CVE-2014-8109"], "modified": "2015-06-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-worker", "p-cpe:/a:novell:suse_linux:apache2-prefork", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:apache2-worker-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-prefork-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-example-pages", "p-cpe:/a:novell:suse_linux:apache2-utils-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-utils", "p-cpe:/a:novell:suse_linux:apache2-debugsource", "p-cpe:/a:novell:suse_linux:apache2"], "id": "SUSE_SU-2015-0974-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83945", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:0974-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83945);\n script_version(\"2.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-5704\", \"CVE-2014-3581\", \"CVE-2014-8109\", \"CVE-2015-0228\");\n script_bugtraq_id(66550, 71656, 73040, 73041);\n\n script_name(english:\"SUSE SLES12 Security Update : apache2 (SUSE-SU-2015:0974-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Apache2 updated to fix four security issues and one non-security bug.\n\nThe following vulnerabilities have been fixed :\n\n - mod_headers rules could be bypassed via chunked\n requests. Adds 'MergeTrailers' directive to restore\n legacy behavior. (bsc#871310, CVE-2013-5704)\n\n - An empty value in Content-Type could lead to a crash\n through a null pointer dereference and a denial of\n service. (bsc#899836, CVE-2014-3581)\n\n - Remote attackers could bypass intended access\n restrictions in mod_lua LuaAuthzProvider when multiple\n Require directives with different arguments are used.\n (bsc#909715, CVE-2014-8109)\n\n - Remote attackers could cause a denial of service\n (child-process crash) by sending a crafted WebSocket\n Ping frame after a Lua script has called the wsupgrade\n function. (bsc#918352, CVE-2015-0228)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=792309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=871310\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=899836\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=909715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=918352\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=923090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-5704/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-3581/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-8109/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0228/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20150974-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?79aea48c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-226=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-226=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-2.4.10-12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-debuginfo-2.4.10-12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-debugsource-2.4.10-12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-example-pages-2.4.10-12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-prefork-2.4.10-12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-prefork-debuginfo-2.4.10-12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-utils-2.4.10-12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-utils-debuginfo-2.4.10-12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-worker-2.4.10-12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-worker-debuginfo-2.4.10-12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-07T10:43:58", "description": "Apache HTTP SERVER PROJECT reports : mod_proxy_fcgi: Fix a potential\ncrash due to buffer over-read, with response headers' size above 8K.\n\nmod_cache: Avoid a crash when Content-Type has an empty value. PR\n56924.\n\nmod_lua: Fix handling of the Require line when a LuaAuthzProvider is\nused in multiple Require directives with different arguments. PR57204.\n\ncore: HTTP trailers could be used to replace HTTP headers late during\nrequest processing, potentially undoing or otherwise confusing modules\nthat examined or modified request headers earlier. Adds\n'MergeTrailers' directive to restore legacy behavior.", "edition": 22, "published": "2015-02-02T00:00:00", "title": "FreeBSD : apache24 -- several vulnerabilities (5804b9d4-a959-11e4-9363-20cf30e32f6d)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3583", "CVE-2013-5704", "CVE-2014-3581", "CVE-2014-8109"], "modified": "2015-02-02T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:apache24"], "id": "FREEBSD_PKG_5804B9D4A95911E4936320CF30E32F6D.NASL", "href": "https://www.tenable.com/plugins/nessus/81116", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81116);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-5704\", \"CVE-2014-3581\", \"CVE-2014-3583\", \"CVE-2014-8109\");\n\n script_name(english:\"FreeBSD : apache24 -- several vulnerabilities (5804b9d4-a959-11e4-9363-20cf30e32f6d)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Apache HTTP SERVER PROJECT reports : mod_proxy_fcgi: Fix a potential\ncrash due to buffer over-read, with response headers' size above 8K.\n\nmod_cache: Avoid a crash when Content-Type has an empty value. PR\n56924.\n\nmod_lua: Fix handling of the Require line when a LuaAuthzProvider is\nused in multiple Require directives with different arguments. PR57204.\n\ncore: HTTP trailers could be used to replace HTTP headers late during\nrequest processing, potentially undoing or otherwise confusing modules\nthat examined or modified request headers earlier. Adds\n'MergeTrailers' directive to restore legacy behavior.\"\n );\n # https://vuxml.freebsd.org/freebsd/5804b9d4-a959-11e4-9363-20cf30e32f6d.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?abe25e17\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache24\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"apache24<2.4.12\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T09:10:47", "description": "New httpd packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, and -current to fix security issues.", "edition": 24, "published": "2015-04-22T00:00:00", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : httpd (SSA:2015-111-03)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3583", "CVE-2013-5704", "CVE-2014-3581", "CVE-2014-8109"], "modified": "2015-04-22T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:13.0", "p-cpe:/a:slackware:slackware_linux:httpd", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:13.1"], "id": "SLACKWARE_SSA_2015-111-03.NASL", "href": "https://www.tenable.com/plugins/nessus/82916", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2015-111-03. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82916);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-5704\", \"CVE-2014-3581\", \"CVE-2014-3583\", \"CVE-2014-8109\");\n script_bugtraq_id(66550, 71656, 71657, 73040);\n script_xref(name:\"SSA\", value:\"2015-111-03\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : httpd (SSA:2015-111-03)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New httpd packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.568837\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5fc47d17\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected httpd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"httpd\", pkgver:\"2.2.29\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.2.29\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"httpd\", pkgver:\"2.2.29\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.2.29\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"httpd\", pkgver:\"2.2.29\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.2.29\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"httpd\", pkgver:\"2.4.12\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.4.12\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"httpd\", pkgver:\"2.4.12\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.4.12\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"httpd\", pkgver:\"2.4.12\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.4.12\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:12:24", "description": " - core: fix bypassing of mod_headers rules via chunked\n requests (CVE-2013-5704)\n\n - mod_cache: fix NULL pointer dereference on empty\n Content-Type (CVE-2014-3581)\n\n - mod_proxy_fcgi: fix a potential crash with long\n headers (CVE-2014-3583)\n\n - mod_lua: fix handling of the Require line when a\n LuaAuthzProvider is used in multiple Require\n directives with different arguments (CVE-2014-8109)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2015-03-17T00:00:00", "title": "Fedora 21 : httpd-2.4.10-15.fc21 (2014-17195)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3583", "CVE-2013-5704", "CVE-2014-3581", "CVE-2014-8109"], "modified": "2015-03-17T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:httpd", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2014-17195.NASL", "href": "https://www.tenable.com/plugins/nessus/81837", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-17195.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81837);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-5704\", \"CVE-2014-3581\", \"CVE-2014-3583\");\n script_bugtraq_id(66550, 71656, 71657);\n script_xref(name:\"FEDORA\", value:\"2014-17195\");\n\n script_name(english:\"Fedora 21 : httpd-2.4.10-15.fc21 (2014-17195)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - core: fix bypassing of mod_headers rules via chunked\n requests (CVE-2013-5704)\n\n - mod_cache: fix NULL pointer dereference on empty\n Content-Type (CVE-2014-3581)\n\n - mod_proxy_fcgi: fix a potential crash with long\n headers (CVE-2014-3583)\n\n - mod_lua: fix handling of the Require line when a\n LuaAuthzProvider is used in multiple Require\n directives with different arguments (CVE-2014-8109)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1082903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1149709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1163555\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-March/151990.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?61f3a82a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected httpd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"httpd-2.4.10-15.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "amazon": [{"lastseen": "2020-11-10T12:35:39", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3583", "CVE-2013-5704", "CVE-2014-3581", "CVE-2014-8109"], "description": "**Issue Overview:**\n\nmod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory. ([CVE-2014-8109 __](<https://access.redhat.com/security/cve/CVE-2014-8109>))\n\nA flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header restrictions defined with mod_headers. ([CVE-2013-5704 __](<https://access.redhat.com/security/cve/CVE-2013-5704>))\n\nA NULL pointer dereference flaw was found in the way the mod_cache httpd module handled Content-Type headers. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP server was configured to proxy to a server with caching enabled. ([CVE-2014-3581 __](<https://access.redhat.com/security/cve/CVE-2014-3581>))\n\nThe handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers. ([CVE-2014-3583 __](<https://access.redhat.com/security/cve/CVE-2014-3583>))\n\n \n**Affected Packages:** \n\n\nhttpd24\n\n \n**Issue Correction:** \nRun _yum update httpd24_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n mod24_proxy_html-2.4.10-15.58.amzn1.i686 \n httpd24-tools-2.4.10-15.58.amzn1.i686 \n httpd24-devel-2.4.10-15.58.amzn1.i686 \n mod24_ssl-2.4.10-15.58.amzn1.i686 \n mod24_ldap-2.4.10-15.58.amzn1.i686 \n mod24_session-2.4.10-15.58.amzn1.i686 \n httpd24-2.4.10-15.58.amzn1.i686 \n httpd24-debuginfo-2.4.10-15.58.amzn1.i686 \n \n noarch: \n httpd24-manual-2.4.10-15.58.amzn1.noarch \n \n src: \n httpd24-2.4.10-15.58.amzn1.src \n \n x86_64: \n mod24_session-2.4.10-15.58.amzn1.x86_64 \n httpd24-tools-2.4.10-15.58.amzn1.x86_64 \n mod24_ldap-2.4.10-15.58.amzn1.x86_64 \n httpd24-debuginfo-2.4.10-15.58.amzn1.x86_64 \n mod24_ssl-2.4.10-15.58.amzn1.x86_64 \n mod24_proxy_html-2.4.10-15.58.amzn1.x86_64 \n httpd24-devel-2.4.10-15.58.amzn1.x86_64 \n httpd24-2.4.10-15.58.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2015-02-12T10:57:00", "published": "2015-02-12T10:57:00", "id": "ALAS-2015-483", "href": "https://alas.aws.amazon.com/ALAS-2015-483.html", "title": "Low: httpd24", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-11-10T12:36:17", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5704"], "description": "**Issue Overview:**\n\nThe mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass \"RequestHeader unset\" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states \"this is not a security issue in httpd as such.\"\n\n \n**Affected Packages:** \n\n\nhttpd\n\n \n**Issue Correction:** \nRun _yum update httpd_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n mod_ssl-2.2.29-1.4.amzn1.i686 \n httpd-2.2.29-1.4.amzn1.i686 \n httpd-debuginfo-2.2.29-1.4.amzn1.i686 \n httpd-devel-2.2.29-1.4.amzn1.i686 \n httpd-tools-2.2.29-1.4.amzn1.i686 \n \n noarch: \n httpd-manual-2.2.29-1.4.amzn1.noarch \n \n src: \n httpd-2.2.29-1.4.amzn1.src \n \n x86_64: \n httpd-debuginfo-2.2.29-1.4.amzn1.x86_64 \n httpd-devel-2.2.29-1.4.amzn1.x86_64 \n httpd-tools-2.2.29-1.4.amzn1.x86_64 \n httpd-2.2.29-1.4.amzn1.x86_64 \n mod_ssl-2.2.29-1.4.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2014-09-17T21:48:00", "published": "2014-09-17T21:48:00", "id": "ALAS-2014-414", "href": "https://alas.aws.amazon.com/ALAS-2014-414.html", "title": "Low: httpd", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5704", "CVE-2014-3581", "CVE-2014-3583", "CVE-2014-8109"], "description": "The Apache HTTP Server is a powerful, efficient, and extensible web server. ", "modified": "2015-03-16T01:41:46", "published": "2015-03-16T01:41:46", "id": "FEDORA:A5B39608798D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: httpd-2.4.10-15.fc21", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5704", "CVE-2014-3581", "CVE-2014-3583", "CVE-2014-8109"], "description": "The Apache HTTP Server is a powerful, efficient, and extensible web server. ", "modified": "2015-02-28T10:22:55", "published": "2015-02-28T10:22:55", "id": "FEDORA:30CE76087A4B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: httpd-2.4.10-2.fc20", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "slackware": [{"lastseen": "2020-10-25T16:36:14", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5704", "CVE-2014-3581", "CVE-2014-3583", "CVE-2014-8109"], "description": "New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/httpd-2.4.12-i486-1_slack14.1.txz: Upgraded.\n This update fixes the following security issues:\n * CVE-2014-3583 mod_proxy_fcgi: Fix a potential crash due to buffer\n over-read, with response headers' size above 8K.\n * CVE-2014-3581 mod_cache: Avoid a crash when Content-Type has an\n empty value. PR 56924.\n * CVE-2014-8109 mod_lua: Fix handling of the Require line when a\n LuaAuthzProvider is used in multiple Require directives with\n different arguments. PR57204.\n * CVE-2013-5704 core: HTTP trailers could be used to replace HTTP\n headers late during request processing, potentially undoing or\n otherwise confusing modules that examined or modified request\n headers earlier. Adds \"MergeTrailers\" directive to restore legacy\n behavior.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3583\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3581\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8109\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5704\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/httpd-2.2.29-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/httpd-2.2.29-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/httpd-2.2.29-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/httpd-2.2.29-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/httpd-2.2.29-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/httpd-2.2.29-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/httpd-2.4.12-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/httpd-2.4.12-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/httpd-2.4.12-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/httpd-2.4.12-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.12-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.12-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 package:\n511973e7033d924fe8f2dfac870cfc9d httpd-2.2.29-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n5fb45ffc524b4afc2b6e3c322bd43ff2 httpd-2.2.29-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n47ef44a58d821fe2462817bd308e4c88 httpd-2.2.29-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n4e99389080c31b12a863d315f17e0897 httpd-2.2.29-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n9ecaeefcc21871e101c4e41487879ba7 httpd-2.2.29-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n4c4badc191f0c2337d0f05fe4f5f6701 httpd-2.2.29-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n44ee311cec11c0b8b5361871f076060a httpd-2.4.12-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nd222d77977fea4f3d2583398070e70fe httpd-2.4.12-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\nd65e3a24abd582fb54b6da0ba926106e httpd-2.4.12-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\ne655bdd8f6f7e13da6ae2c70f9c9eea0 httpd-2.4.12-x86_64-1_slack14.1.txz\n\nSlackware -current package:\nbfd8439df17a91bf8b3351a9fdafbfc9 n/httpd-2.4.12-i486-1.txz\n\nSlackware x86_64 -current package:\n3c68dceffdf6de2c67ac2b40fc3846dc n/httpd-2.4.12-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg httpd-2.4.12-i486-1_slack14.1.txz\n\nThen, restart Apache httpd:\n\n > /etc/rc.d/rc.httpd stop\n > /etc/rc.d/rc.httpd start", "modified": "2015-04-22T01:20:26", "published": "2015-04-22T01:20:26", "id": "SSA-2015-111-03", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.568837", "type": "slackware", "title": "[slackware-security] httpd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:20", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3583", "CVE-2013-5704", "CVE-2014-3581", "CVE-2014-8109"], "description": "\nApache HTTP SERVER PROJECT reports:\n\nmod_proxy_fcgi: Fix a potential crash due to buffer over-read,\n\t with response headers' size above 8K.\nmod_cache: Avoid a crash when Content-Type has an empty value. PR 56924.\nmod_lua: Fix handling of the Require line when a LuaAuthzProvider is used\n\t in multiple Require directives with different arguments. PR57204.\ncore: HTTP trailers could be used to replace HTTP headers late during\n\t request processing, potentially undoing or otherwise confusing modules\n\t that examined or modified request headers earlier. Adds \"MergeTrailers\"\n\t directive to restore legacy behavior.\n\n", "edition": 4, "modified": "2015-01-29T00:00:00", "published": "2015-01-29T00:00:00", "id": "5804B9D4-A959-11E4-9363-20CF30E32F6D", "href": "https://vuxml.freebsd.org/freebsd/5804b9d4-a959-11e4-9363-20cf30e32f6d.html", "title": "apache24 -- several vulnerabilities", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:33:26", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0231", "CVE-2013-5704", "CVE-2014-0118", "CVE-2014-0226"], "description": "\nApache HTTP SERVER PROJECT reports:\n\n mod_deflate: The DEFLATE input filter (inflates request bodies) now\n\t limits the length and compression ratio of inflated request bodies to\n\t avoid denial of service via highly compressed bodies. See directives\n\t DeflateInflateLimitRequestBody, DeflateInflateRatioLimit, and\n\t DeflateInflateRatioBurst.\nmod_cgid: Fix a denial of service against CGI scripts that do not consume\n\t stdin that could lead to lingering HTTPD child processes filling up the\n\t scoreboard and eventually hanging the server. By default, the client I/O\n\t timeout (Timeout directive) now applies to communication with scripts. The\n\t CGIDScriptTimeout directive can be used to set a different timeout for\n\t communication with scripts.\nFix a race condition in scoreboard handling, which could lead to a heap\n\t buffer overflow.\ncore: HTTP trailers could be used to replace HTTP headers late during\n\t request processing, potentially undoing or otherwise confusing modules\n\t that examined or modified request headers earlier. Adds \"MergeTrailers\"\n\t directive to restore legacy behavior.\n\n", "edition": 4, "modified": "2014-09-03T00:00:00", "published": "2014-07-19T00:00:00", "id": "F927E06C-1109-11E4-B090-20CF30E32F6D", "href": "https://vuxml.freebsd.org/freebsd/f927e06c-1109-11e4-b090-20cf30e32f6d.html", "title": "apache22 -- several vulnerabilities", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:35:17", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3583", "CVE-2013-5704", "CVE-2015-0228", "CVE-2014-3581", "CVE-2014-8109"], "description": "Martin Holst Swende discovered that the mod_headers module allowed HTTP \ntrailers to replace HTTP headers during request processing. A remote \nattacker could possibly use this issue to bypass RequestHeaders directives. \n(CVE-2013-5704)\n\nMark Montague discovered that the mod_cache module incorrectly handled \nempty HTTP Content-Type headers. A remote attacker could use this issue to \ncause the server to stop responding, leading to a denial of service. This \nissue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2014-3581)\n\nTeguh P. Alko discovered that the mod_proxy_fcgi module incorrectly \nhandled long response headers. A remote attacker could use this issue to \ncause the server to stop responding, leading to a denial of service. This \nissue only affected Ubuntu 14.10. (CVE-2014-3583)\n\nIt was discovered that the mod_lua module incorrectly handled different \narguments within different contexts. A remote attacker could possibly use \nthis issue to bypass intended access restrictions. This issue only affected \nUbuntu 14.10. (CVE-2014-8109)\n\nGuido Vranken discovered that the mod_lua module incorrectly handled a \nspecially crafted websocket PING in certain circumstances. A remote \nattacker could possibly use this issue to cause the server to stop \nresponding, leading to a denial of service. This issue only affected \nUbuntu 14.10. (CVE-2015-0228)", "edition": 5, "modified": "2015-03-10T00:00:00", "published": "2015-03-10T00:00:00", "id": "USN-2523-1", "href": "https://ubuntu.com/security/notices/USN-2523-1", "title": "Apache HTTP Server vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:57", "bulletinFamily": "software", "cvelist": ["CVE-2014-3583", "CVE-2013-5704", "CVE-2015-0228", "CVE-2014-3581", "CVE-2014-8109"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2523-1\r\nMarch 10, 2015\r\n\r\napache2 vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 14.10\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n- Ubuntu 10.04 LTS\r\n\r\nSummary:\r\n\r\nSeveral security issues were fixed in the Apache HTTP Server.\r\n\r\nSoftware Description:\r\n- apache2: Apache HTTP server\r\n\r\nDetails:\r\n\r\nMartin Holst Swende discovered that the mod_headers module allowed HTTP\r\ntrailers to replace HTTP headers during request processing. A remote\r\nattacker could possibly use this issue to bypass RequestHeaders directives.\r\n&#40;CVE-2013-5704&#41;\r\n\r\nMark Montague discovered that the mod_cache module incorrectly handled\r\nempty HTTP Content-Type headers. A remote attacker could use this issue to\r\ncause the server to stop responding, leading to a denial of service. This\r\nissue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. &#40;CVE-2014-3581&#41;\r\n\r\nTeguh P. Alko discovered that the mod_proxy_fcgi module incorrectly\r\nhandled long response headers. A remote attacker could use this issue to\r\ncause the server to stop responding, leading to a denial of service. This\r\nissue only affected Ubuntu 14.10. &#40;CVE-2014-3583&#41;\r\n\r\nIt was discovered that the mod_lua module incorrectly handled different\r\narguments within different contexts. A remote attacker could possibly use\r\nthis issue to bypass intended access restrictions. This issue only affected\r\nUbuntu 14.10. &#40;CVE-2014-8109&#41;\r\n\r\nGuido Vranken discovered that the mod_lua module incorrectly handled a\r\nspecially crafted websocket PING in certain circumstances. A remote\r\nattacker could possibly use this issue to cause the server to stop\r\nresponding, leading to a denial of service. This issue only affected\r\nUbuntu 14.10. &#40;CVE-2015-0228&#41;\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 14.10:\r\n apache2.2-bin 2.4.10-1ubuntu1.1\r\n\r\nUbuntu 14.04 LTS:\r\n apache2.2-bin 2.4.7-1ubuntu4.4\r\n\r\nUbuntu 12.04 LTS:\r\n apache2.2-bin 2.2.22-1ubuntu1.8\r\n\r\nUbuntu 10.04 LTS:\r\n apache2.2-bin 2.2.14-5ubuntu8.15\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2523-1\r\n CVE-2013-5704, CVE-2014-3581, CVE-2014-3583, CVE-2014-8109,\r\n CVE-2015-0228\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/apache2/2.4.10-1ubuntu1.1\r\n https://launchpad.net/ubuntu/+source/apache2/2.4.7-1ubuntu4.4\r\n https://launchpad.net/ubuntu/+source/apache2/2.2.22-1ubuntu1.8\r\n https://launchpad.net/ubuntu/+source/apache2/2.2.14-5ubuntu8.15\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "modified": "2015-03-15T00:00:00", "published": "2015-03-15T00:00:00", "id": "SECURITYVULNS:DOC:31783", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31783", "title": "[USN-2523-1] Apache HTTP Server vulnerabilities", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:59", "bulletinFamily": "software", "cvelist": ["CVE-2014-3583", "CVE-2015-2091", "CVE-2013-5704", "CVE-2015-0228", "CVE-2014-3581", "CVE-2014-8109"], "description": "mod_headers restrictions bypass, mod_cache DoS, mod_lua restrictions bypass and DoS, mod_proxy_fcgi DoS, mod_gnutls restrictions bypass.", "edition": 1, "modified": "2015-04-16T00:00:00", "published": "2015-04-16T00:00:00", "id": "SECURITYVULNS:VULN:14306", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14306", "title": "Apache multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:58", "bulletinFamily": "software", "cvelist": ["CVE-2015-1144", "CVE-2015-1117", "CVE-2015-1102", "CVE-2014-4405", "CVE-2015-1096", "CVE-2014-3478", "CVE-2014-0231", "CVE-2014-3572", "CVE-2014-0237", "CVE-2014-3571", "CVE-2013-5704", "CVE-2014-3587", "CVE-2015-1132", "CVE-2014-3479", "CVE-2014-4670", "CVE-2015-1091", "CVE-2015-1067", "CVE-2015-1148", "CVE-2015-1143", "CVE-2014-9298", "CVE-2014-3668", "CVE-2014-8830", "CVE-2015-1145", "CVE-2014-0098", "CVE-2014-3480", "CVE-2015-1138", "CVE-2014-3981", "CVE-2015-1140", "CVE-2013-0118", "CVE-2014-0207", "CVE-2014-8275", "CVE-2014-3570", "CVE-2013-6438", "CVE-2015-1147", "CVE-2014-3669", "CVE-2015-1093", "CVE-2015-1545", "CVE-2014-3487", "CVE-2014-3538", "CVE-2014-5120", "CVE-2014-3597", "CVE-2015-1130", "CVE-2015-1136", "CVE-2015-1142", "CVE-2014-3710", "CVE-2015-1139", "CVE-2014-4698", "CVE-2014-3523", "CVE-2014-4049", "CVE-2014-3670", "CVE-2015-1546", "CVE-2015-0204", "CVE-2015-1105", "CVE-2015-1099", "CVE-2015-1146", "CVE-2015-1135", "CVE-2014-2497", "CVE-2015-1118", "CVE-2014-0118", "CVE-2015-1131", "CVE-2015-1137", "CVE-2015-1101", "CVE-2015-1103", "CVE-2015-1104", "CVE-2014-4404", "CVE-2015-1089", "CVE-2015-1133", "CVE-2015-1141", "CVE-2014-0117", "CVE-2015-1088", "CVE-2013-6712", "CVE-2015-1069", "CVE-2014-4380", "CVE-2015-1095", "CVE-2015-1098", "CVE-2014-3569", "CVE-2015-1100", "CVE-2014-0238", "CVE-2014-0226", "CVE-2015-1134"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004\r\n\r\nOS X Yosemite 10.10.3 and Security Update 2015-004 are now available\r\nand address the following:\r\n\r\nAdmin Framework\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: A process may gain admin privileges without properly\r\nauthenticating\r\nDescription: An issue existed when checking XPC entitlements. This\r\nissue was addressed with improved entitlement checking.\r\nCVE-ID\r\nCVE-2015-1130 : Emil Kvarnhammar at TrueSec\r\n\r\napache\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: Multiple vulnerabilities in Apache\r\nDescription: Multiple vulnerabilities existed in Apache versions\r\nprior to 2.4.10 and 2.2.29, including one that may allow a remote\r\nattacker to execute arbitrary code. These issues were addressed by\r\nupdating Apache to versions 2.4.10 and 2.2.29\r\nCVE-ID\r\nCVE-2013-0118\r\nCVE-2013-5704\r\nCVE-2013-6438\r\nCVE-2014-0098\r\nCVE-2014-0117\r\nCVE-2014-0118\r\nCVE-2014-0226\r\nCVE-2014-0231\r\nCVE-2014-3523\r\n\r\nATS\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: Multiple input validation issues existed in fontd.\r\nThese issues were addressed through improved input validation.\r\nCVE-ID\r\nCVE-2015-1131 : Ian Beer of Google Project Zero\r\nCVE-2015-1132 : Ian Beer of Google Project Zero\r\nCVE-2015-1133 : Ian Beer of Google Project Zero\r\nCVE-2015-1134 : Ian Beer of Google Project Zero\r\nCVE-2015-1135 : Ian Beer of Google Project Zero\r\n\r\nCertificate Trust Policy\r\nImpact: Update to the certificate trust policy\r\nDescription: The certificate trust policy was updated. The complete\r\nlist of certificates may be viewed at https://support.apple.com/en-\r\nus/HT202858.\r\n\r\nCFNetwork HTTPProtocol\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: Cookies belonging to one origin may be sent to another\r\norigin\r\nDescription: A cross-domain cookie issue existed in redirect\r\nhandling. Cookies set in a redirect response could be passed on to a\r\nredirect target belonging to another origin. The issue was address\r\nthrough improved handling of redirects.\r\nCVE-ID\r\nCVE-2015-1089 : Niklas Keller\r\n\r\nCFNetwork Session\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: Authentication credentials may be sent to a server on\r\nanother origin\r\nDescription: A cross-domain HTTP request headers issue existed in\r\nredirect handling. HTTP request headers sent in a redirect response\r\ncould be passed on to another origin. The issue was addressed through\r\nimproved handling of redirects.\r\nCVE-ID\r\nCVE-2015-1091 : Diego Torres &#40;http://dtorres.me&#41;\r\n\r\nCFURL\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: Visiting a maliciously crafted website may lead to arbitrary\r\ncode execution\r\nDescription: An input validation issue existed within URL\r\nprocessing. This issue was addressed through improved URL validation.\r\nCVE-ID\r\nCVE-2015-1088 : Luigi Galli\r\n\r\nCoreAnimation\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: Visiting a maliciously crafted website may lead to arbitrary\r\ncode execution\r\nDescription: A use-after-free issue existed in CoreAnimation. This\r\nissue was addressed through improved mutex management.\r\nCVE-ID\r\nCVE-2015-1136 : Apple\r\n\r\nFontParser\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: Processing a maliciously crafted font file may lead to\r\narbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nprocessing of font files. These issues were addressed through\r\nimproved bounds checking.\r\nCVE-ID\r\nCVE-2015-1093 : Marc Schoenefeld\r\n\r\nGraphics Driver\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A NULL pointer dereference existed in NVIDIA graphics\r\ndriver&#39;s handling of certain IOService userclient types. This issue\r\nwas addressed through additional context validation.\r\nCVE-ID\r\nCVE-2015-1137 :\r\nFrank Graziano and John Villamil of the Yahoo Pentest Team\r\n\r\nHypervisor\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: A local application may be able to cause a denial of service\r\nDescription: An input validation issue existed in the hypervisor\r\nframework. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-1138 : Izik Eidus and Alex Fishman\r\n\r\nImageIO\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: Processing a maliciously crafted .sgi file may lead to\r\narbitrary code execution\r\nDescription: A memory corruption issue existed in the handling of\r\n.sgi files. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2015-1139 : Apple\r\n\r\nIOHIDFamily\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: A malicious HID device may be able to cause arbitrary code\r\nexecution\r\nDescription: A memory corruption issue existed in an IOHIDFamily\r\nAPI. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-1095 : Andrew Church\r\n\r\nIOHIDFamily\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A buffer overflow issue existed in IOHIDFamily. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-1140 : lokihardt@ASRT working with HP&#39;s Zero Day Initiative,\r\nLuca Todesco\r\n\r\nIOHIDFamily\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: A local user may be able to determine kernel memory layout\r\nDescription: An issue existed in IOHIDFamily that led to the\r\ndisclosure of kernel memory content. This issue was addressed through\r\nimproved bounds checking.\r\nCVE-ID\r\nCVE-2015-1096 : Ilja van Sprundel of IOActive\r\n\r\nIOHIDFamily\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A heap buffer overflow existed in IOHIDFamily&#39;s\r\nhandling of key-mapping properties. This issue was addressed through\r\nimproved bounds checking.\r\nCVE-ID\r\nCVE-2014-4404 : Ian Beer of Google Project Zero\r\n\r\nIOHIDFamily\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A null pointer dereference existed in IOHIDFamily&#39;s\r\nhandling of key-mapping properties. This issue was addressed through\r\nimproved validation of IOHIDFamily key-mapping properties.\r\nCVE-ID\r\nCVE-2014-4405 : Ian Beer of Google Project Zero\r\n\r\nIOHIDFamily\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\r\nImpact: A user may be able to execute arbitrary code with system\r\nprivileges\r\nDescription: An out-of-bounds write issue exited in the IOHIDFamily\r\ndriver. The issue was addressed through improved input validation.\r\nCVE-ID\r\nCVE-2014-4380 : cunzhang from Adlab of Venustech\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: A local user may be able to cause unexpected system shutdown\r\nDescription: An issue existed in the handling of virtual memory\r\noperations within the kernel. The issue is fixed through improved\r\nhandling of the mach_vm_read operation.\r\nCVE-ID\r\nCVE-2015-1141 : Ole Andre Vadla Ravnas of www.frida.re\r\n\r\nKernel\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: A local user may be able to cause a system denial of service\r\nDescription: A race condition existed in the kernel&#39;s setreuid\r\nsystem call. This issue was addressed through improved state\r\nmanagement.\r\nCVE-ID\r\nCVE-2015-1099 : Mark Mentovai of Google Inc.\r\n\r\nKernel\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: A local application may escalate privileges using a\r\ncompromised service intended to run with reduced privileges\r\nDescription: setreuid and setregid system calls failed to drop\r\nprivileges permanently. This issue was addressed by correctly\r\ndropping privileges.\r\nCVE-ID\r\nCVE-2015-1117 : Mark Mentovai of Google Inc.\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: An attacker with a privileged network position may be able\r\nto redirect user traffic to arbitrary hosts\r\nDescription: ICMP redirects were enabled by default on OS X. This\r\nissue was addressed by disabling ICMP redirects.\r\nCVE-ID\r\nCVE-2015-1103 : Zimperium Mobile Security Labs\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: An attacker with a privileged network position may be able\r\nto cause a denial of service\r\nDescription: A state inconsistency existed in the processing of TCP\r\nheaders. This issue was addressed through improved state handling.\r\nCVE-ID\r\nCVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab\r\n\r\nKernel\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: A local user may be able to cause unexpected system\r\ntermination or read kernel memory\r\nDescription: A out of bounds memory access issue existed in the\r\nkernel. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-1100 : Maxime Villard of m00nbsd\r\n\r\nKernel\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: A remote attacker may be able to bypass network filters\r\nDescription: The system would treat some IPv6 packets from remote\r\nnetwork interfaces as local packets. The issue was addressed by\r\nrejecting these packets.\r\nCVE-ID\r\nCVE-2015-1104 : Stephen Roettger of the Google Security Team\r\n\r\nKernel\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: A local user may be able to execute arbitrary code with\r\nkernel privileges\r\nDescription: A memory corruption issue existed in the kernel. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-1101 : lokihardt@ASRT working with HP&#39;s Zero Day Initiative\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: A remote attacker may be able to cause a denial of service\r\nDescription: A state inconsistency issue existed in the handling of\r\nTCP out of band data. This issue was addressed through improved state\r\nmanagement.\r\nCVE-ID\r\nCVE-2015-1105 : Kenton Varda of Sandstorm.io\r\n\r\nLaunchServices\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: A local user may be able to cause the Finder to crash\r\nDescription: An input validation issue existed in LaunchServices&#39;s\r\nhandling of application localization data. This issue was addressed\r\nthrough improved validation of localization data.\r\nCVE-ID\r\nCVE-2015-1142\r\n\r\nLaunchServices\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A type confusion issue existed in LaunchServices&#39;s\r\nhandling of localized strings. This issue was addressed through\r\nadditional bounds checking.\r\nCVE-ID\r\nCVE-2015-1143 : Apple\r\n\r\nlibnetcore\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: Processing a maliciously crafted configuration profile may\r\nlead to unexpected application termination\r\nDescription: A memory corruption issue existed in the handling of\r\nconfiguration profiles. This issue was addressed through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2015-1118 : Zhaofeng Chen, Hui Xue, Yulong Zhang, and Tao Wei of\r\nFireEye, Inc.\r\n\r\nntp\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: A remote attacker may brute force ntpd authentication keys\r\nDescription: The config_auth function in ntpd generated a weak key\r\nwhen an authentication key was not configured. This issue was\r\naddressed by improved key generation.\r\nCVE-ID\r\nCVE-2014-9298\r\n\r\nOpenLDAP\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: A remote unauthenticated client may be able to cause a\r\ndenial of service\r\nDescription: Multiple input validation issues existed in OpenLDAP.\r\nThese issues were addressed by improved input validation.\r\nCVE-ID\r\nCVE-2015-1545 : Ryan Tandy\r\nCVE-2015-1546 : Ryan Tandy\r\n\r\nOpenSSL\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: Multiple vulnerabilities in OpenSSL\r\nDescription: Multiple vulnerabilities existed in OpenSSL 0.9.8zc,\r\nincluding one that may allow an attacker to intercept connections to\r\na server that supports export-grade ciphers. These issues were\r\naddressed by updating OpenSSL to version 0.9.8zd.\r\nCVE-ID\r\nCVE-2014-3569\r\nCVE-2014-3570\r\nCVE-2014-3571\r\nCVE-2014-3572\r\nCVE-2014-8275\r\nCVE-2015-0204\r\n\r\nOpen Directory Client\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: A password might be sent unencrypted over the network when\r\nusing Open Directory from OS X Server\r\nDescription: If an Open Directory client was bound to an OS X Server\r\nbut did not install the certificates of the OS X Server, and then a\r\nuser on that client changed their password, the password change\r\nrequest was sent over the network without encryption. This issue was\r\naddressed by having the client require encryption for this case.\r\nCVE-ID\r\nCVE-2015-1147 : Apple\r\n\r\nPHP\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: Multiple vulnerabilities in PHP\r\nDescription: Multiple vulnerabilities existed in PHP versions prior\r\nto 5.3.29, 5.4.38, and 5.5.20, including one which may have led to\r\narbitrary code execution. This update addresses the issues by\r\nupdating PHP to versions 5.3.29, 5.4.38, and 5.5.20.\r\nCVE-ID\r\nCVE-2013-6712\r\nCVE-2014-0207\r\nCVE-2014-0237\r\nCVE-2014-0238\r\nCVE-2014-2497\r\nCVE-2014-3478\r\nCVE-2014-3479\r\nCVE-2014-3480\r\nCVE-2014-3487\r\nCVE-2014-3538\r\nCVE-2014-3587\r\nCVE-2014-3597\r\nCVE-2014-3668\r\nCVE-2014-3669\r\nCVE-2014-3670\r\nCVE-2014-3710\r\nCVE-2014-3981\r\nCVE-2014-4049\r\nCVE-2014-4670\r\nCVE-2014-4698\r\nCVE-2014-5120\r\n\r\nQuickLook\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: Opening a maliciously crafted iWork file may lead to\r\narbitrary code execution\r\nDescription: A memory corruption issue existed in the handling of\r\niWork files. This issue was addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-1098 : Christopher Hickstein\r\n\r\nSceneKit\r\nAvailable for: OS X Mountain Lion v10.8.5\r\nImpact: Viewing a maliciously crafted Collada file may lead to\r\narbitrary code execution\r\nDescription: A heap buffer overflow existed in SceneKit&#39;s handling\r\nof Collada files. Viewing a maliciously crafted Collada file may have\r\nled to arbitrary code execution. This issue was addressed through\r\nimproved validation of accessor elements.\r\nCVE-ID\r\nCVE-2014-8830 : Jose Duart of Google Security Team\r\n\r\nScreen Sharing\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: A user&#39;s password may be logged to a local file\r\nDescription: In some circumstances, Screen Sharing may log a user&#39;s\r\npassword that is not readable by other users on the system. This\r\nissue was addressed by removing logging of credential.\r\nCVE-ID\r\nCVE-2015-1148 : Apple\r\n\r\nSecurity - Code Signing\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: Tampered applications may not be prevented from launching\r\nDescription: Applications containing specially crafted bundles may\r\nhave been able to launch without a completely valid signature. This\r\nissue was addressed by adding additional checks.\r\nCVE-ID\r\nCVE-2015-1145\r\nCVE-2015-1146\r\n\r\nUniformTypeIdentifiers\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A buffer overflow existed in the way Uniform Type\r\nIdentifiers were handled. This issue was addressed with improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2015-1144 : Apple\r\n\r\nWebKit\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: Visiting a maliciously crafted website may lead to arbitrary\r\ncode execution\r\nDescription: A memory corruption issue existed in WebKit. This\r\nissues was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-1069 : lokihardt@ASRT working with HP&#39;s Zero Day Initiative\r\n\r\nSecurity Update 2015-004 &#40;available for OS X Mountain Lion v10.8.5\r\nand OS X Mavericks v10.9.5&#41; also addresses an issue caused by the fix\r\nfor CVE-2015-1067 in Security Update 2015-002. This issue prevented\r\nRemote Apple Events clients on any version from connecting to the\r\nRemote Apple Events server. In default configurations, Remote Apple\r\nEvents is not enabled.\r\n\r\nOS X Yosemite 10.10.3 includes the security content of Safari 8.0.5.\r\nhttps://support.apple.com/en-us/HT204658\r\n\r\nOS X Yosemite 10.10.3 and Security Update 2015-004 may be obtained\r\nfrom the Mac App Store or Apple&#39;s Software Downloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple&#39;s Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.22 &#40;Darwin&#41;\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJVJKj2AAoJEBcWfLTuOo7tDh4QAK0LxfwMRKcdOXOKpXsRz6lg\r\nlhZ+CLVcSepq8qBkFQ74f3B5CuhxD0IGQPaAuSXl51tWYdfN+92tkbmyZ9k8901l\r\n+I0vw6upeE+oqRnGtSRzq68UhcARbdV8V1+C0Xl3IIuuHc+xlEgvklDhF9Pc8XM6\r\nDudGiVNqt6MOqd5Oc4s4FFF0nnpnyG9+UJem3mi4Ee88PwI4x1Hev7utPPmaPDzj\r\ncjkVeislko3QArNJxtBpkYudErA4eR5OX8Tdf12jAmPTtjrXUb3VigEf78Nna0RW\r\nkHTOGdB5EZ+YFZ8KlyIQlENBjTtI8CGdCF4/S/2xDN83NTRsimd5Y7LSjdd0uANo\r\npqxAc3Gzn5xngWF1Qbb6V+XZBfz5NoeTq5BXBB5OHz4PSGaQuMsBA2RYFMzNLqWv\r\nD/T5U1JtzRLALt0lYAz63B0OhW7KXeLI9oer1Vo4wWF9O9cUFyuSI4JU5uYLQpJX\r\nkEpSFt4YPFFxMnlzCLzLkmVGax4w9M/tRHYeSKAnRlnsoPBtIGFItlNZE2RduD/R\r\n5n2APoJa3banQ8miycGORYP3WsktDRZzBy+2QPWuz8sE3AvAkO9xWp8PrQBkqf/b\r\n6CIG5UkCYITG2uzBXqnGbfDiEDvBLNN1Yq0ZZI23iYRxrdW0I0pv1CHio354q12G\r\nvVE37tYUU4PnLfwlcazq\r\n=MOsT\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2015-04-09T00:00:00", "published": "2015-04-09T00:00:00", "id": "SECURITYVULNS:DOC:31890", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31890", "title": "APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:59", "bulletinFamily": "software", "cvelist": ["CVE-2015-1144", "CVE-2015-1117", "CVE-2015-1102", "CVE-2014-4405", "CVE-2015-1096", "CVE-2014-3478", "CVE-2014-0231", "CVE-2014-3572", "CVE-2014-0237", "CVE-2014-3571", "CVE-2013-5704", "CVE-2014-3587", "CVE-2015-1132", "CVE-2014-3479", "CVE-2014-4670", "CVE-2015-1091", "CVE-2015-1148", "CVE-2015-1143", "CVE-2014-9298", "CVE-2014-3668", "CVE-2015-1149", "CVE-2014-8830", "CVE-2015-1145", "CVE-2014-0098", "CVE-2014-3480", "CVE-2015-1138", "CVE-2014-3981", "CVE-2015-1140", "CVE-2013-0118", "CVE-2014-0207", "CVE-2014-8275", "CVE-2014-3570", "CVE-2013-6438", "CVE-2015-1147", "CVE-2014-3669", "CVE-2015-1093", "CVE-2015-1545", "CVE-2014-3487", "CVE-2014-3538", "CVE-2014-5120", "CVE-2014-3597", "CVE-2015-1130", "CVE-2015-1136", "CVE-2015-1142", "CVE-2014-3710", "CVE-2015-1139", "CVE-2014-4698", "CVE-2014-3523", "CVE-2014-4049", "CVE-2014-3670", "CVE-2015-1546", "CVE-2015-0204", "CVE-2015-1105", "CVE-2015-1099", "CVE-2015-1146", "CVE-2015-1135", "CVE-2014-2497", "CVE-2015-1118", "CVE-2014-0118", "CVE-2015-1131", "CVE-2015-1137", "CVE-2015-1101", "CVE-2015-1103", "CVE-2015-1104", "CVE-2014-4404", "CVE-2015-1089", "CVE-2015-1133", "CVE-2015-1141", "CVE-2014-0117", "CVE-2015-1088", "CVE-2013-6712", "CVE-2015-1069", "CVE-2014-4380", "CVE-2015-1095", "CVE-2015-1098", "CVE-2014-3569", "CVE-2015-1100", "CVE-2014-0238", "CVE-2014-0226", "CVE-2015-1134"], "description": "80 different vulnerabilities.", "edition": 1, "modified": "2015-04-13T00:00:00", "published": "2015-04-13T00:00:00", "id": "SECURITYVULNS:VULN:14366", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14366", "title": "Apple Mac OS X multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:01", "bulletinFamily": "software", "cvelist": ["CVE-2015-5768", "CVE-2015-5600", "CVE-2015-2787", "CVE-2015-5779", "CVE-2013-1775", "CVE-2015-3185", "CVE-2015-3786", "CVE-2015-1792", "CVE-2015-3761", "CVE-2014-7844", "CVE-2015-3781", "CVE-2015-3776", "CVE-2015-2783", "CVE-2015-5748", "CVE-2014-1912", "CVE-2015-5477", "CVE-2015-3802", "CVE-2015-3797", "CVE-2014-0191", "CVE-2015-3762", "CVE-2015-3329", "CVE-2009-5078", "CVE-2015-5754", "CVE-2015-3783", "CVE-2015-3330", "CVE-2014-3613", "CVE-2015-1789", "CVE-2015-3789", "CVE-2014-8150", "CVE-2014-3583", "CVE-2015-3779", "CVE-2015-3788", "CVE-2015-3778", "CVE-2015-0241", "CVE-2013-1776", "CVE-2015-5776", "CVE-2015-3766", "CVE-2015-3775", "CVE-2013-7338", "CVE-2015-3798", "CVE-2015-5777", "CVE-2015-3765", "CVE-2015-3782", "CVE-2015-0242", "CVE-2015-0253", "CVE-2015-3784", "CVE-2015-3787", "CVE-2015-3799", "CVE-2015-3153", "CVE-2015-3768", "CVE-2015-3760", "CVE-2015-4148", "CVE-2015-5781", "CVE-2015-3805", "CVE-2015-3790", "CVE-2015-5774", "CVE-2015-3792", "CVE-2015-3803", "CVE-2015-3307", "CVE-2015-4025", "CVE-2015-5784", "CVE-2015-5751", "CVE-2015-4024", "CVE-2015-3795", "CVE-2015-5750", "CVE-2015-5747", "CVE-2015-4021", "CVE-2015-3144", "CVE-2014-7185", "CVE-2015-5761", "CVE-2013-2777", "CVE-2015-3794", "CVE-2015-5773", "CVE-2015-3769", "CVE-2014-3707", "CVE-2015-3800", "CVE-2015-0228", "CVE-2015-3807", "CVE-2015-0244", "CVE-2015-4026", "CVE-2014-8769", "CVE-2015-5756", "CVE-2014-3660", "CVE-2015-1788", "CVE-2015-4147", "CVE-2014-8161", "CVE-2012-6685", "CVE-2015-5753", "CVE-2015-3183", "CVE-2015-3772", "CVE-2014-3620", "CVE-2014-9140", "CVE-2013-2776", "CVE-2015-4022", "CVE-2015-3770", "CVE-2015-3777", "CVE-2015-5771", "CVE-2015-5775", "CVE-2015-3780", "CVE-2013-7422", "CVE-2015-5755", "CVE-2015-3145", "CVE-2015-1790", "CVE-2015-5758", "CVE-2014-0106", "CVE-2015-0243", "CVE-2015-3804", "CVE-2015-3773", "CVE-2014-3581", "CVE-2015-3774", "CVE-2015-5782", "CVE-2014-8109", "CVE-2015-5778", "CVE-2013-7040", "CVE-2015-3757", "CVE-2015-3764", "CVE-2015-3143", "CVE-2014-0067", "CVE-2015-5772", "CVE-2015-3791", "CVE-2014-9365", "CVE-2014-8151", "CVE-2015-5757", "CVE-2015-3796", "CVE-2009-5044", "CVE-2015-5783", "CVE-2014-9680", "CVE-2015-5763", "CVE-2014-8767", "CVE-2015-3767", "CVE-2015-3806", "CVE-2015-1791", "CVE-2015-3771", "CVE-2015-3148"], "description": "Over 150 different vulnerabilities in system components and libraries.", "edition": 1, "modified": "2015-08-17T00:00:00", "published": "2015-08-17T00:00:00", "id": "SECURITYVULNS:VULN:14630", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14630", "title": "Apple Mac OS X / OS X Server multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:11:00", "bulletinFamily": "software", "cvelist": ["CVE-2015-5768", "CVE-2015-5600", "CVE-2015-2787", "CVE-2015-5779", "CVE-2013-1775", "CVE-2015-3185", "CVE-2015-3786", "CVE-2015-1792", "CVE-2015-3761", "CVE-2014-7844", "CVE-2015-3781", "CVE-2015-3776", "CVE-2015-2783", "CVE-2015-5748", "CVE-2014-1912", "CVE-2015-3802", "CVE-2015-3797", "CVE-2014-0191", "CVE-2015-3762", "CVE-2015-3329", "CVE-2009-5078", "CVE-2015-5754", "CVE-2015-3783", "CVE-2015-3330", "CVE-2014-3613", "CVE-2015-1789", "CVE-2015-3789", "CVE-2014-8150", "CVE-2014-3583", "CVE-2015-3779", "CVE-2015-3788", "CVE-2015-3778", "CVE-2015-0241", "CVE-2013-1776", "CVE-2015-5776", "CVE-2015-3766", "CVE-2015-3775", "CVE-2013-7338", "CVE-2015-3798", "CVE-2015-5777", "CVE-2015-3765", "CVE-2015-3782", "CVE-2015-0242", "CVE-2015-0253", "CVE-2015-3784", "CVE-2015-3787", "CVE-2015-3799", "CVE-2015-3153", "CVE-2015-3768", "CVE-2015-3760", "CVE-2015-4148", "CVE-2015-5781", "CVE-2015-3805", "CVE-2015-3790", "CVE-2015-5774", "CVE-2015-3792", "CVE-2015-3803", "CVE-2015-3307", "CVE-2015-4025", "CVE-2015-5784", "CVE-2015-5751", "CVE-2015-4024", "CVE-2015-3795", "CVE-2015-5750", "CVE-2015-5747", "CVE-2015-4021", "CVE-2015-3144", "CVE-2014-7185", "CVE-2015-5761", "CVE-2013-2777", "CVE-2015-3794", "CVE-2015-5773", "CVE-2015-3769", "CVE-2014-3707", "CVE-2015-3800", "CVE-2015-0228", "CVE-2015-3807", "CVE-2015-0244", "CVE-2015-4026", "CVE-2014-8769", "CVE-2015-5756", "CVE-2014-3660", "CVE-2015-1788", "CVE-2015-4147", "CVE-2014-8161", "CVE-2012-6685", "CVE-2015-5753", "CVE-2015-3183", "CVE-2015-3772", "CVE-2014-3620", "CVE-2014-9140", "CVE-2013-2776", "CVE-2015-4022", "CVE-2015-3770", "CVE-2015-3777", "CVE-2015-5771", "CVE-2015-5775", "CVE-2015-3780", "CVE-2013-7422", "CVE-2015-5755", "CVE-2015-3145", "CVE-2015-1790", "CVE-2015-5758", "CVE-2014-0106", "CVE-2015-0243", "CVE-2015-3804", "CVE-2015-3773", "CVE-2014-3581", "CVE-2015-3774", "CVE-2015-5782", "CVE-2014-8109", "CVE-2015-5778", "CVE-2013-7040", "CVE-2015-3757", "CVE-2015-3764", "CVE-2015-3143", "CVE-2014-0067", "CVE-2015-5772", "CVE-2015-3791", "CVE-2014-9365", "CVE-2014-8151", "CVE-2015-5757", "CVE-2015-3796", "CVE-2009-5044", "CVE-2015-5783", "CVE-2014-9680", "CVE-2015-5763", "CVE-2014-8767", "CVE-2015-3767", "CVE-2015-3806", "CVE-2015-1791", "CVE-2015-3771", "CVE-2015-3148"], "description": "\r\n\r\nAPPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update\r\n2015-006\r\n\r\nOS X Yosemite v10.10.5 and Security Update 2015-006 is now available\r\nand addresses the following:\r\n\r\napache\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in Apache 2.4.16, the most\r\nserious of which may allow a remote attacker to cause a denial of\r\nservice.\r\nDescription: Multiple vulnerabilities existed in Apache versions\r\nprior to 2.4.16. These were addressed by updating Apache to version\r\n2.4.16.\r\nCVE-ID\r\nCVE-2014-3581\r\nCVE-2014-3583\r\nCVE-2014-8109\r\nCVE-2015-0228\r\nCVE-2015-0253\r\nCVE-2015-3183\r\nCVE-2015-3185\r\n\r\napache_mod_php\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in PHP 5.5.20, the most\r\nserious of which may lead to arbitrary code execution.\r\nDescription: Multiple vulnerabilities existed in PHP versions prior\r\nto 5.5.20. These were addressed by updating Apache to version 5.5.27.\r\nCVE-ID\r\nCVE-2015-2783\r\nCVE-2015-2787\r\nCVE-2015-3307\r\nCVE-2015-3329\r\nCVE-2015-3330\r\nCVE-2015-4021\r\nCVE-2015-4022\r\nCVE-2015-4024\r\nCVE-2015-4025\r\nCVE-2015-4026\r\nCVE-2015-4147\r\nCVE-2015-4148\r\n\r\nApple ID OD Plug-in\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able change the password of a\r\nlocal user\r\nDescription: In some circumstances, a state management issue existed\r\nin password authentication. The issue was addressed through improved\r\nstate management.\r\nCVE-ID\r\nCVE-2015-3799 : an anonymous researcher working with HP&#39;s Zero Day\r\nInitiative\r\n\r\nAppleGraphicsControl\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An issue existed in AppleGraphicsControl which could\r\nhave led to the disclosure of kernel memory layout. This issue was\r\naddressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2015-5768 : JieTao Yang of KeenTeam\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in\r\nIOBluetoothHCIController. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3779 : Teddy Reed of Facebook Security\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: A memory management issue could have led to the\r\ndisclosure of kernel memory layout. This issue was addressed with\r\nimproved memory management.\r\nCVE-ID\r\nCVE-2015-3780 : Roberto Paleari and Aristide Fattori of Emaze\r\nNetworks\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious app may be able to access notifications from\r\nother iCloud devices\r\nDescription: An issue existed where a malicious app could access a\r\nBluetooth-paired Mac or iOS device&#39;s Notification Center\r\nnotifications via the Apple Notification Center Service. The issue\r\naffected devices using Handoff and logged into the same iCloud\r\naccount. This issue was resolved by revoking access to the Apple\r\nNotification Center Service.\r\nCVE-ID\r\nCVE-2015-3786 : Xiaolong Bai &#40;Tsinghua University&#41;, System Security\r\nLab &#40;Indiana University&#41;, Tongxin Li &#40;Peking University&#41;, XiaoFeng\r\nWang &#40;Indiana University&#41;\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: An attacker with privileged network position may be able to\r\nperform denial of service attack using malformed Bluetooth packets\r\nDescription: An input validation issue existed in parsing of\r\nBluetooth ACL packets. This issue was addressed through improved\r\ninput validation.\r\nCVE-ID\r\nCVE-2015-3787 : Trend Micro\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local attacker may be able to cause unexpected application\r\ntermination or arbitrary code execution\r\nDescription: Multiple buffer overflow issues existed in blued&#39;s\r\nhandling of XPC messages. These issues were addressed through\r\nimproved bounds checking.\r\nCVE-ID\r\nCVE-2015-3777 : mitp0sh of [PDX]\r\n\r\nbootp\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious Wi-Fi network may be able to determine networks\r\na device has previously accessed\r\nDescription: Upon connecting to a Wi-Fi network, iOS may have\r\nbroadcast MAC addresses of previously accessed networks via the DNAv4\r\nprotocol. This issue was addressed through disabling DNAv4 on\r\nunencrypted Wi-Fi networks.\r\nCVE-ID\r\nCVE-2015-3778 : Piers O&#39;Hanlon of Oxford Internet Institute,\r\nUniversity of Oxford &#40;on the EPSRC Being There project&#41;\r\n\r\nCloudKit\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to access the iCloud\r\nuser record of a previously signed in user\r\nDescription: A state inconsistency existed in CloudKit when signing\r\nout users. This issue was addressed through improved state handling.\r\nCVE-ID\r\nCVE-2015-3782 : Deepkanwal Plaha of University of Toronto\r\n\r\nCoreMedia Playback\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in CoreMedia Playback.\r\nThese were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5777 : Apple\r\nCVE-2015-5778 : Apple\r\n\r\nCoreText\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5761 : John Villamil &#40;@day6reak&#41;, Yahoo Pentest Team\r\n\r\nCoreText\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5755 : John Villamil &#40;@day6reak&#41;, Yahoo Pentest Team\r\n\r\ncurl\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities in cURL and libcurl prior to\r\n7.38.0, one of which may allow remote attackers to bypass the Same\r\nOrigin Policy.\r\nDescription: Multiple vulnerabilities existed in cURL and libcurl\r\nprior to 7.38.0. These issues were addressed by updating cURL to\r\nversion 7.43.0.\r\nCVE-ID\r\nCVE-2014-3613\r\nCVE-2014-3620\r\nCVE-2014-3707\r\nCVE-2014-8150\r\nCVE-2014-8151\r\nCVE-2015-3143\r\nCVE-2015-3144\r\nCVE-2015-3145\r\nCVE-2015-3148\r\nCVE-2015-3153\r\n\r\nData Detectors Engine\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a sequence of unicode characters can lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in processing of\r\nUnicode characters. These issues were addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-5750 : M1x7e1 of Safeye Team &#40;www.safeye.org&#41;\r\n\r\nDate &amp; Time pref pane\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Applications that rely on system time may have unexpected\r\nbehavior\r\nDescription: An authorization issue existed when modifying the\r\nsystem date and time preferences. This issue was addressed with\r\nadditional authorization checks.\r\nCVE-ID\r\nCVE-2015-3757 : Mark S C Smith\r\n\r\nDictionary Application\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: An attacker with a privileged network position may be able\r\nto intercept users&#39; Dictionary app queries\r\nDescription: An issue existed in the Dictionary app, which did not\r\nproperly secure user communications. This issue was addressed by\r\nmoving Dictionary queries to HTTPS.\r\nCVE-ID\r\nCVE-2015-3774 : Jeffrey Paul of EEQJ, Jan Bee of the Google Security\r\nTeam\r\n\r\nDiskImages\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted DMG file may lead to an\r\nunexpected application termination or arbitrary code execution with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in parsing of\r\nmalformed DMG images. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3800 : Frank Graziano of the Yahoo Pentest Team\r\n\r\ndyld\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A path validation issue existed in dyld. This was\r\naddressed through improved environment sanitization.\r\nCVE-ID\r\nCVE-2015-3760 : beist of grayhash, Stefan Esser\r\n\r\nFontParser\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-3804 : Apple\r\nCVE-2015-5775 : Apple\r\n\r\nFontParser\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5756 : John Villamil &#40;@day6reak&#41;, Yahoo Pentest Team\r\n\r\ngroff\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple issues in pdfroff\r\nDescription: Multiple issues existed in pdfroff, the most serious of\r\nwhich may allow arbitrary filesystem modification. These issues were\r\naddressed by removing pdfroff.\r\nCVE-ID\r\nCVE-2009-5044\r\nCVE-2009-5078\r\n\r\nImageIO\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nTIFF images. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2015-5758 : Apple\r\n\r\nImageIO\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Visiting a maliciously crafted website may result in the\r\ndisclosure of process memory\r\nDescription: An uninitialized memory access issue existed in\r\nImageIO&#39;s handling of PNG and TIFF images. Visiting a malicious\r\nwebsite may result in sending data from process memory to the\r\nwebsite. This issue is addressed through improved memory\r\ninitialization and additional validation of PNG and TIFF images.\r\nCVE-ID\r\nCVE-2015-5781 : Michal Zalewski\r\nCVE-2015-5782 : Michal Zalewski\r\n\r\nInstall Framework Legacy\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with root privileges\r\nDescription: An issue existed in how Install.framework&#39;s &#39;runner&#39;\r\nbinary dropped privileges. This issue was addressed through improved\r\nprivilege management.\r\nCVE-ID\r\nCVE-2015-5784 : Ian Beer of Google Project Zero\r\n\r\nInstall Framework Legacy\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A race condition existed in\r\nInstall.framework&#39;s &#39;runner&#39; binary that resulted in\r\nprivileges being incorrectly dropped. This issue was addressed\r\nthrough improved object locking.\r\nCVE-ID\r\nCVE-2015-5754 : Ian Beer of Google Project Zero\r\n\r\nIOFireWireFamily\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: Memory corruption issues existed in IOFireWireFamily.\r\nThese issues were addressed through additional type input validation.\r\nCVE-ID\r\nCVE-2015-3769 : Ilja van Sprundel\r\nCVE-2015-3771 : Ilja van Sprundel\r\nCVE-2015-3772 : Ilja van Sprundel\r\n\r\nIOGraphics\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in IOGraphics. This\r\nissue was addressed through additional type input validation.\r\nCVE-ID\r\nCVE-2015-3770 : Ilja van Sprundel\r\nCVE-2015-5783 : Ilja van Sprundel\r\n\r\nIOHIDFamily\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A buffer overflow issue existed in IOHIDFamily. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5774 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An issue existed in the mach_port_space_info interface,\r\nwhich could have led to the disclosure of kernel memory layout. This\r\nwas addressed by disabling the mach_port_space_info interface.\r\nCVE-ID\r\nCVE-2015-3766 : Cererdlong of Alibaba Mobile Security Team,\r\n@PanguTeam\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: An integer overflow existed in the handling of IOKit\r\nfunctions. This issue was addressed through improved validation of\r\nIOKit API arguments.\r\nCVE-ID\r\nCVE-2015-3768 : Ilja van Sprundel\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to cause a system denial of service\r\nDescription: A resource exhaustion issue existed in the fasttrap\r\ndriver. This was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5747 : Maxime VILLARD of m00nbsd\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to cause a system denial of service\r\nDescription: A validation issue existed in the mounting of HFS\r\nvolumes. This was addressed by adding additional checks.\r\nCVE-ID\r\nCVE-2015-5748 : Maxime VILLARD of m00nbsd\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute unsigned code\r\nDescription: An issue existed that allowed unsigned code to be\r\nappended to signed code in a specially crafted executable file. This\r\nissue was addressed through improved code signature validation.\r\nCVE-ID\r\nCVE-2015-3806 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A specially crafted executable file could allow unsigned,\r\nmalicious code to execute\r\nDescription: An issue existed in the way multi-architecture\r\nexecutable files were evaluated that could have allowed unsigned code\r\nto be executed. This issue was addressed through improved validation\r\nof executable files.\r\nCVE-ID\r\nCVE-2015-3803 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute unsigned code\r\nDescription: A validation issue existed in the handling of Mach-O\r\nfiles. This was addressed by adding additional checks.\r\nCVE-ID\r\nCVE-2015-3802 : TaiG Jailbreak Team\r\nCVE-2015-3805 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted plist may lead to an\r\nunexpected application termination or arbitrary code execution with\r\nsystem privileges\r\nDescription: A memory corruption existed in processing of malformed\r\nplists. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3776 : Teddy Reed of Facebook Security, Patrick Stein\r\n&#40;@jollyjinx&#41; of Jinx Germany\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A path validation issue existed. This was addressed\r\nthrough improved environment sanitization.\r\nCVE-ID\r\nCVE-2015-3761 : Apple\r\n\r\nLibc\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted regular expression may lead\r\nto an unexpected application termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in the TRE library.\r\nThese were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3796 : Ian Beer of Google Project Zero\r\nCVE-2015-3797 : Ian Beer of Google Project Zero\r\nCVE-2015-3798 : Ian Beer of Google Project Zero\r\n\r\nLibinfo\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in handling AF_INET6\r\nsockets. These were addressed by improved memory handling.\r\nCVE-ID\r\nCVE-2015-5776 : Apple\r\n\r\nlibpthread\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in handling syscalls.\r\nThis issue was addressed through improved lock state checking.\r\nCVE-ID\r\nCVE-2015-5757 : Lufeng Li of Qihoo 360\r\n\r\nlibxml2\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in libxml2 versions prior\r\nto 2.9.2, the most serious of which may allow a remote attacker to\r\ncause a denial of service\r\nDescription: Multiple vulnerabilities existed in libxml2 versions\r\nprior to 2.9.2. These were addressed by updating libxml2 to version\r\n2.9.2.\r\nCVE-ID\r\nCVE-2012-6685 : Felix Groebert of Google\r\nCVE-2014-0191 : Felix Groebert of Google\r\n\r\nlibxml2\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted XML document may lead to\r\ndisclosure of user information\r\nDescription: A memory access issue existed in libxml2. This was\r\naddressed by improved memory handling\r\nCVE-ID\r\nCVE-2014-3660 : Felix Groebert of Google\r\n\r\nlibxml2\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted XML document may lead to\r\ndisclosure of user information\r\nDescription: A memory corruption issue existed in parsing of XML\r\nfiles. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3807 : Apple\r\n\r\nlibxpc\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in handling of\r\nmalformed XPC messages. This issue was improved through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2015-3795 : Mathew Rowley\r\n\r\nmail_cmds\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary shell commands\r\nDescription: A validation issue existed in the mailx parsing of\r\nemail addresses. This was addressed by improved sanitization.\r\nCVE-ID\r\nCVE-2014-7844\r\n\r\nNotification Center OSX\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to access all\r\nnotifications previously displayed to users\r\nDescription: An issue existed in Notification Center, which did not\r\nproperly delete user notifications. This issue was addressed by\r\ncorrectly deleting notifications dismissed by users.\r\nCVE-ID\r\nCVE-2015-3764 : Jonathan Zdziarski\r\n\r\nntfs\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in NTFS. This issue\r\nwas addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5763 : Roberto Paleari and Aristide Fattori of Emaze\r\nNetworks\r\n\r\nOpenSSH\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Remote attackers may be able to circumvent a time delay for\r\nfailed login attempts and conduct brute-force attacks\r\nDescription: An issue existed when processing keyboard-interactive\r\ndevices. This issue was addressed through improved authentication\r\nrequest validation.\r\nCVE-ID\r\nCVE-2015-5600\r\n\r\nOpenSSL\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in OpenSSL versions prior\r\nto 0.9.8zg, the most serious of which may allow a remote attacker to\r\ncause a denial of service.\r\nDescription: Multiple vulnerabilities existed in OpenSSL versions\r\nprior to 0.9.8zg. These were addressed by updating OpenSSL to version\r\n0.9.8zg.\r\nCVE-ID\r\nCVE-2015-1788\r\nCVE-2015-1789\r\nCVE-2015-1790\r\nCVE-2015-1791\r\nCVE-2015-1792\r\n\r\nperl\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted regular expression may lead to\r\ndisclosure of unexpected application termination or arbitrary code\r\nexecution\r\nDescription: An integer underflow issue existed in the way Perl\r\nparsed regular expressions. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2013-7422\r\n\r\nPostgreSQL\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: An attacker may be able to cause unexpected application\r\ntermination or gain access to data without proper authentication\r\nDescription: Multiple issues existed in PostgreSQL 9.2.4. These\r\nissues were addressed by updating PostgreSQL to 9.2.13.\r\nCVE-ID\r\nCVE-2014-0067\r\nCVE-2014-8161\r\nCVE-2015-0241\r\nCVE-2015-0242\r\nCVE-2015-0243\r\nCVE-2015-0244\r\n\r\npython\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in Python 2.7.6, the most\r\nserious of which may lead to arbitrary code execution\r\nDescription: Multiple vulnerabilities existed in Python versions\r\nprior to 2.7.6. These were addressed by updating Python to version\r\n2.7.10.\r\nCVE-ID\r\nCVE-2013-7040\r\nCVE-2013-7338\r\nCVE-2014-1912\r\nCVE-2014-7185\r\nCVE-2014-9365\r\n\r\nQL Office\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted Office document may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in parsing of Office\r\ndocuments. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5773 : Apple\r\n\r\nQL Office\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted XML file may lead to\r\ndisclosure of user information\r\nDescription: An external entity reference issue existed in XML file\r\nparsing. This issue was addressed through improved parsing.\r\nCVE-ID\r\nCVE-2015-3784 : Bruno Morisson of INTEGRITY S.A.\r\n\r\nQuartz Composer Framework\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted QuickTime file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in parsing of\r\nQuickTime files. This issue was addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-5771 : Apple\r\n\r\nQuick Look\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Searching for a previously viewed website may launch the web\r\nbrowser and render that website\r\nDescription: An issue existed where QuickLook had the capability to\r\nexecute JavaScript. The issue was addressed by disallowing execution\r\nof JavaScript.\r\nCVE-ID\r\nCVE-2015-3781 : Andrew Pouliot of Facebook, Anto Loyola of Qubole\r\n\r\nQuickTime 7\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in QuickTime.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3772\r\nCVE-2015-3779\r\nCVE-2015-5753 : Apple\r\nCVE-2015-5779 : Apple\r\n\r\nQuickTime 7\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in QuickTime.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3765 : Joe Burnett of Audio Poison\r\nCVE-2015-3788 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3789 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3790 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3791 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3792 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-5751 : WalkerFuz\r\n\r\nSceneKit\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Viewing a maliciously crafted Collada file may lead to\r\narbitrary code execution\r\nDescription: A heap buffer overflow existed in SceneKit&#39;s handling\r\nof Collada files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5772 : Apple\r\n\r\nSceneKit\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in SceneKit. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3783 : Haris Andrianakis of Google Security Team\r\n\r\nSecurity\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A standard user may be able to gain access to admin\r\nprivileges without proper authentication\r\nDescription: An issue existed in handling of user authentication.\r\nThis issue was addressed through improved authentication checks.\r\nCVE-ID\r\nCVE-2015-3775 : [Eldon Ahrold]\r\n\r\nSMBClient\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the SMB client.\r\nThis issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3773 : Ilja van Sprundel\r\n\r\nSpeech UI\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted unicode string with speech\r\nalerts enabled may lead to an unexpected application termination or\r\narbitrary code execution\r\nDescription: A memory corruption issue existed in handling of\r\nUnicode strings. This issue was addressed by improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-3794 : Adam Greenbaum of Refinitive\r\n\r\nsudo\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in sudo versions prior to\r\n1.7.10p9, the most serious of which may allow an attacker access to\r\narbitrary files\r\nDescription: Multiple vulnerabilities existed in sudo versions prior\r\nto 1.7.10p9. These were addressed by updating sudo to version\r\n1.7.10p9.\r\nCVE-ID\r\nCVE-2013-1775\r\nCVE-2013-1776\r\nCVE-2013-2776\r\nCVE-2013-2777\r\nCVE-2014-0106\r\nCVE-2014-9680\r\n\r\ntcpdump\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in tcpdump 4.7.3, the most\r\nserious of which may allow a remote attacker to cause a denial of\r\nservice.\r\nDescription: Multiple vulnerabilities existed in tcpdump versions\r\nprior to 4.7.3. These were addressed by updating tcpdump to version\r\n4.7.3.\r\nCVE-ID\r\nCVE-2014-8767\r\nCVE-2014-8769\r\nCVE-2014-9140\r\n\r\nText Formats\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted text file may lead to\r\ndisclosure of user information\r\nDescription: An XML external entity reference issue existed with\r\nTextEdit parsing. This issue was addressed through improved parsing.\r\nCVE-ID\r\nCVE-2015-3762 : Xiaoyong Wu of the Evernote Security Team\r\n\r\nudf\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted DMG file may lead to an\r\nunexpected application termination or arbitrary code execution with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in parsing of\r\nmalformed DMG images. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3767 : beist of grayhash\r\n\r\nOS X Yosemite v10.10.5 includes the security content of Safari 8.0.8:\r\nhttps://support.apple.com/en-us/HT205033\r\n\r\nOS X Yosemite 10.10.5 and Security Update 2015-006 may be obtained\r\nfrom the Mac App Store or Apple&#39;s Software Downloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: https://support.apple.com/kb/HT201222\r\n\r\nThis message is signed with Apple&#39;s Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n\r\n\r\n", "edition": 1, "modified": "2015-08-17T00:00:00", "published": "2015-08-17T00:00:00", "id": "SECURITYVULNS:DOC:32390", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32390", "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:58", "bulletinFamily": "software", "cvelist": ["CVE-2015-0388", "CVE-2014-6574", "CVE-2015-0390", "CVE-2014-6592", "CVE-2014-3566", "CVE-2011-4461", "CVE-2015-0386", "CVE-2015-0425", "CVE-2014-6566", "CVE-2013-4784", "CVE-2014-0191", "CVE-2015-0365", "CVE-2014-6579", "CVE-2014-6556", "CVE-2014-6571", "CVE-2015-0427", "CVE-2014-6578", "CVE-2015-0398", "CVE-2014-6510", "CVE-2014-6595", "CVE-2011-3607", "CVE-2014-6518", "CVE-2015-0385", "CVE-2015-0395", "CVE-2015-0368", "CVE-2014-6575", "CVE-2015-0380", "CVE-2015-0424", "CVE-2003-0001", "CVE-2014-6565", "CVE-2015-0407", "CVE-2015-0362", "CVE-2015-0430", "CVE-2014-6585", "CVE-2015-0410", "CVE-2013-5704", "CVE-2015-0402", "CVE-2015-0379", "CVE-2014-6548", "CVE-2015-0396", "CVE-2015-0422", "CVE-2015-0435", "CVE-2014-6584", "CVE-2014-0224", "CVE-2014-4259", "CVE-2015-0391", "CVE-2014-6567", "CVE-2015-0418", "CVE-2013-0338", "CVE-2014-6480", "CVE-2014-6576", "CVE-2015-0428", "CVE-2015-0431", "CVE-2014-0098", "CVE-2014-6549", "CVE-2015-0420", "CVE-2015-0432", "CVE-2015-0383", "CVE-2011-3389", "CVE-2013-1741", "CVE-2014-6583", "CVE-2014-6597", "CVE-2014-4279", "CVE-2004-0230", "CVE-2015-0369", "CVE-2014-6525", "CVE-2015-0372", "CVE-2014-6582", "CVE-2015-0378", "CVE-2015-0392", "CVE-2015-0416", "CVE-2014-6587", "CVE-2013-6438", "CVE-2015-0406", "CVE-2015-0401", "CVE-2014-6569", "CVE-2014-6599", "CVE-2013-2877", "CVE-2015-0417", "CVE-2015-0404", "CVE-2013-6450", "CVE-2014-0114", "CVE-2015-0364", "CVE-2010-5107", "CVE-2011-3368", "CVE-2014-6573", "CVE-2013-4286", "CVE-2015-0371", "CVE-2014-6526", "CVE-2015-0382", "CVE-2014-1568", "CVE-2015-0363", "CVE-2014-6600", "CVE-2014-6580", "CVE-2014-6509", "CVE-2015-0375", "CVE-2015-0414", "CVE-2015-0413", "CVE-2014-6593", "CVE-2014-6601", "CVE-2014-6594", "CVE-2015-0373", "CVE-2015-0421", "CVE-2013-2186", "CVE-2014-3567", "CVE-2014-6581", "CVE-2015-0403", "CVE-2014-6570", "CVE-2015-0408", "CVE-2015-0429", "CVE-2014-6596", "CVE-2014-6521", "CVE-2015-0374", "CVE-2014-6591", "CVE-2014-6586", "CVE-2014-6524", "CVE-2014-6572", "CVE-2015-0370", "CVE-2015-0412", "CVE-2015-0400", "CVE-2015-0409", "CVE-2015-0387", "CVE-2015-0389", "CVE-2015-0399", "CVE-2015-0415", "CVE-2014-6590", "CVE-2015-0376", "CVE-2014-6481", "CVE-2015-0393", "CVE-2015-0366", "CVE-2015-0419", "CVE-2014-6568", "CVE-2015-0377", "CVE-2015-0394", "CVE-2015-0397", "CVE-2015-0384", "CVE-2014-6589", "CVE-2014-6528", "CVE-2014-6588", "CVE-2014-6541", "CVE-2011-1944", "CVE-2015-0437", "CVE-2014-6514", "CVE-2014-4212", "CVE-2015-0436", "CVE-2014-6598", "CVE-2015-0367", "CVE-2014-0226", "CVE-2013-1620", "CVE-2013-4545", "CVE-2015-0426", "CVE-2015-0434", "CVE-2015-0411", "CVE-2015-0381", "CVE-2014-6577"], "description": "Over 150 vulnerabilities in different applications are closed in auqrterly update.", "edition": 1, "modified": "2015-01-25T00:00:00", "published": "2015-01-25T00:00:00", "id": "SECURITYVULNS:VULN:14233", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14233", "title": "Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "httpd": [{"lastseen": "2020-12-24T14:26:50", "bulletinFamily": "software", "cvelist": ["CVE-2014-3581"], "description": "\nA NULL pointer deference was found in mod_cache. A malicious HTTP\nserver could cause a crash in a caching forward proxy configuration.\nThis crash would only be a denial of service if using a threaded MPM.\n", "edition": 5, "modified": "2014-09-08T00:00:00", "published": "2014-09-08T00:00:00", "id": "HTTPD:6573AA423444D48814198437D67A124C", "href": "https://httpd.apache.org/security_report.html", "title": "Apache Httpd < None: mod_cache crash with empty Content-Type header", "type": "httpd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2016-09-26T21:39:37", "bulletinFamily": "software", "cvelist": ["CVE-2014-3581"], "edition": 1, "description": "\nA NULL pointer deference was found in mod_cache. A malicious HTTP\nserver could cause a crash in a caching forward proxy configuration.\nThis crash would only be a denial of service if using a threaded MPM.\n", "modified": "2015-01-30T00:00:00", "published": "2014-09-08T00:00:00", "id": "HTTPD:F2A87ED4391D8B489A9CEE6E7FF7265B", "href": "https://httpd.apache.org/security_report.html", "type": "httpd", "title": "Apache Httpd < 2.4.12: mod_cache crash with empty Content-Type header", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T21:39:37", "bulletinFamily": "software", "cvelist": ["CVE-2013-5704"], "edition": 1, "description": "\nHTTP trailers could be used to replace HTTP headers late during request\nprocessing, potentially undoing or otherwise confusing modules that\nexamined or modified request headers earlier.\nThis fix adds the \"MergeTrailers\" directive to restore legacy behavior.\n", "modified": "2014-09-03T00:00:00", "published": "2013-09-06T00:00:00", "id": "HTTPD:A524D631D92D34A98F278942749ECB13", "href": "https://httpd.apache.org/security_report.html", "type": "httpd", "title": "Apache Httpd < 2.2.29: HTTP Trailers processing bypass", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-26T21:39:37", "bulletinFamily": "software", "cvelist": ["CVE-2013-5704"], "edition": 1, "description": "\nHTTP trailers could be used to replace HTTP headers late during request\nprocessing, potentially undoing or otherwise confusing modules that\nexamined or modified request headers earlier.\nThis fix adds the \"MergeTrailers\" directive to restore legacy behavior.\n", "modified": "2015-01-30T00:00:00", "published": "2013-09-06T00:00:00", "id": "HTTPD:E1CF90532AA2021DA820BEF49250B460", "href": "https://httpd.apache.org/security_report.html", "type": "httpd", "title": "Apache Httpd < 2.4.12: HTTP Trailers processing bypass", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2020-12-24T14:26:50", "bulletinFamily": "software", "cvelist": ["CVE-2013-5704"], "description": "\nHTTP trailers could be used to replace HTTP headers late during request\nprocessing, potentially undoing or otherwise confusing modules that\nexamined or modified request headers earlier.\nThis fix adds the \"MergeTrailers\" directive to restore legacy behavior.\n", "edition": 5, "modified": "2013-10-19T00:00:00", "published": "2013-09-06T00:00:00", "id": "HTTPD:62C816876F31B66A0ABB9350EAB1B165", "href": "https://httpd.apache.org/security_report.html", "title": "Apache Httpd < None: HTTP Trailers processing bypass", "type": "httpd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "seebug": [{"lastseen": "2017-11-19T17:28:24", "description": "Bugtraq ID:66550\r\nCVE ID:CVE-2013-5704\r\n\r\nModSecurity\u662fWeb\u5e94\u7528\u670d\u52a1\u5668\u3002\r\n\r\nModSecurity\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u5b89\u5168\u9650\u5236\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u6210\u529f\u5229\u7528\u540e\u53ef\u4f7f\u653b\u51fb\u8005\u7ed5\u8fc7\u8fc7\u6ee4\u89c4\u5219\u3002\n0\nmodsecurity\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8bf7\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttp://sourceforge.net/projects/mod-security/", "published": "2014-04-04T00:00:00", "title": "ModSecurity 'mod_headers'\u6a21\u5757\u5b89\u5168\u9650\u5236\u7ed5\u8fc7\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-5704"], "modified": "2014-04-04T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-62058", "id": "SSV:62058", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": ""}], "gentoo": [{"lastseen": "2016-10-06T20:54:50", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1546", "CVE-2016-4979", "CVE-2015-3183", "CVE-2014-3581"], "edition": 1, "description": "### Background\n\nApache HTTP Server is one of the most popular web servers on the Internet. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Apache HTTP Server. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nRemote attackers could bypass intended access restrictions, conduct HTTP request smuggling attacks, or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Apache users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/apache-2.4.23\"", "modified": "2016-10-06T00:00:00", "published": "2016-10-06T00:00:00", "id": "GLSA-201610-02", "href": "https://security.gentoo.org/glsa/201610-02", "type": "gentoo", "title": "Apache: Multiple vulnerabilities", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-06T19:46:51", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0231", "CVE-2013-5704", "CVE-2014-0118", "CVE-2014-0226"], "description": "### Background\n\nApache HTTP Server is one of the most popular web servers on the Internet. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Apache HTTP Server. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker may be able to execute arbitrary code or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Apache users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/apache-2.2.29\"", "edition": 1, "modified": "2015-04-19T00:00:00", "published": "2015-04-11T00:00:00", "id": "GLSA-201504-03", "href": "https://security.gentoo.org/glsa/201504-03", "type": "gentoo", "title": "Apache: Multiple vulnerabilities", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "hackerone": [{"lastseen": "2018-04-19T17:34:11", "bulletinFamily": "bugbounty", "bounty": 80.0, "cvelist": ["CVE-2014-0231", "CVE-2013-5704", "CVE-2014-0118", "CVE-2014-0226"], "description": "###Issue Description\nThe researcher identified that the remote host is vulnerable to several denial of service vulnerabilities, however due to the nature of these issues the researcher did not attempt to generate a proof of concept. The information about these issues is based upon the version of apache that is running on the affected host being outdated.\nAdditionally it was noted that the affected host displays the default suse apache test page when visited over http or https as shown:\n\n{F118343}\n\nFrom the screencap it can clearly be seen that the test page is displayed. It was noted that there are several publicly available exploits for the vulnerabilities in this version of apache.\n\n###Response\n\n curl -I http://dolph2.booztx.com\n HTTP/1.1 403 Forbidden\n Date: Thu, 08 Sep 2016 15:18:14 GMT\n Server: Apache/2.2.15 (SuSE)\n Accept-Ranges: bytes\n Content-Length: 4002\n Connection: close\n Content-Type: text/html; charset=UTF-8\n\nFrom the response it can be seen that the version of apache running on the server is 2.2.15 (SuSE) which on further inspection was found to be vulnerable to the following CVEs based upon the version number:\n\n|CVE ID |\tRisk Score|\n| ----- | ------------|\n|[CVE-2013-5704](https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-2013-5704)\t|5.0 |\n|[CVE-2014-0118](https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-2014-0118)\t|4.3 |\n|[CVE-2014-0226](https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-2014-0226)\t|6.8 |\n|[CVE-2014-0231](https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-2014-0231)\t|5 |\n\n\nFrom the CVEs in the table the following descriptions\n\n- The 'mod_headers' module contains an issue which could enable a remote attacker to inject arbitrary headers. This can be done by placing a header in the trailer portion of data being sent using chunked transfer encoding. (CVE-2013-5704)\n- The 'mod_deflate' module has an issue when handling highly compressed bodies. Using a specially crafted request, a remote attacker can exploit this to cause a denial of service by exhausting memory and CPU resources. (CVE-2014-0118)\n- The 'mod_status' module contains a race condition that can be triggered when handling the scoreboard. A remote attacker can exploit this to cause a denial of service, execute arbitrary code, or obtain sensitive credential information. (CVE-2014-0226)\n- The 'mod_cgid' module lacks a timeout mechanism. Using a specially crafted request, a remote attacker can use this flaw to cause a denial of service by causing child processes to linger indefinitely, eventually filling up the scoreboard. (CVE-2014-0231)\n\nThese issues were deemed the most high risk from the CVEs that affect the installed version, if Boozt are interested the consultant can provide a full list of CVEs that affect this version. \n\n###Affected URLs\n- dolph2.booztx.com\n \n###Risk Breakdown\nRisk: **High**\nDifficulty to Exploit: **Medium** \nAuthentication: **None**\n\n\n###Recommended Fix \nUpdate to the latest version of apache for SUSE which at the time of writing is [2.4](https://doc.opensuse.org/documentation/leap/reference/html/book.opensuse.reference/cha.apache2.html) additionally the server should be hardened to not disclose the version as can be seen in the example below:\n\nOpen `httpd.conf` in an editor, and change the following options:\n\n Header unset Server\n \n ServerSignature Off\n ServerTokens Prod\n\nAlso the default index page should be replaced with either a blank page or adapt the permissions of the domain to return 404/403 pages. For more information please see the apache [docs](http://httpd.apache.org/docs/2.4/mod/core.html#serversignature).", "modified": "2016-09-14T08:27:21", "published": "2016-09-08T15:44:15", "id": "H1:166871", "href": "https://hackerone.com/reports/166871", "type": "hackerone", "title": "Boozt Fashion AB: Instance of Apache Vulnerable to Several Issues", "cvss": {"score": 0.0, "vector": "NONE"}}], "oracle": [{"lastseen": "2019-05-29T18:20:52", "bulletinFamily": "software", "cvelist": ["CVE-2016-0571", "CVE-2016-0528", "CVE-2015-6013", "CVE-2015-4000", "CVE-2016-0608", "CVE-2016-0515", "CVE-2016-0514", "CVE-2016-0600", "CVE-2015-1792", "CVE-2016-0492", "CVE-2016-0611", "CVE-2016-0575", "CVE-2016-0544", "CVE-2016-0599", "CVE-2015-0235", "CVE-2016-0445", "CVE-2016-0500", "CVE-2016-0572", "CVE-2015-1793", "CVE-2016-0592", "CVE-2016-0435", "CVE-2016-0512", "CVE-2015-8126", "CVE-2016-0526", "CVE-2016-0457", "CVE-2016-0594", "CVE-2016-0498", "CVE-2016-0516", "CVE-2016-0580", "CVE-2016-0470", "CVE-2016-0444", "CVE-2016-0577", "CVE-2016-0440", "CVE-2016-0546", "CVE-2015-1789", "CVE-2016-0541", "CVE-2016-0560", "CVE-2016-0428", "CVE-2016-0447", "CVE-2016-0477", "CVE-2016-0568", "CVE-2016-0415", "CVE-2015-0286", "CVE-2016-0489", "CVE-2016-0559", "CVE-2016-0472", "CVE-2016-0578", "CVE-2016-0579", "CVE-2016-0561", "CVE-2014-3583", "CVE-2016-0412", "CVE-2015-3195", "CVE-2016-0449", "CVE-2016-0555", "CVE-2016-0481", "CVE-2016-0511", "CVE-2016-0605", "CVE-2015-4885", "CVE-2016-0455", "CVE-2015-4921", "CVE-2016-0534", "CVE-2016-0414", "CVE-2015-4924", "CVE-2016-0589", "CVE-2016-0474", "CVE-2016-0508", "CVE-2016-0465", "CVE-2016-0553", "CVE-2016-0582", "CVE-2016-0483", "CVE-2013-5855", "CVE-2016-0517", "CVE-2013-5704", "CVE-2016-0454", "CVE-2015-0288", "CVE-2016-0486", "CVE-2013-5605", "CVE-2016-0554", "CVE-2016-0542", "CVE-2016-0591", "CVE-2016-0433", "CVE-2016-0448", "CVE-2016-0506", "CVE-2016-0401", "CVE-2016-0416", "CVE-2016-0437", "CVE-2016-0550", "CVE-2016-0533", "CVE-2016-0403", "CVE-2015-4922", "CVE-2016-0566", "CVE-2016-0606", "CVE-2016-0510", "CVE-2016-0431", "CVE-2015-0285", "CVE-2016-0569", "CVE-2016-0459", "CVE-2016-0471", "CVE-2016-0564", "CVE-2016-0524", "CVE-2016-0563", "CVE-2016-0522", "CVE-2015-3153", "CVE-2016-0616", "CVE-2016-0614", "CVE-2013-1741", "CVE-2015-0207", "CVE-2016-0442", "CVE-2016-0493", "CVE-2016-0443", "CVE-2016-0618", "CVE-2016-0573", "CVE-2016-0527", "CVE-2016-0610", "CVE-2016-0609", "CVE-2016-0570", "CVE-2015-4926", "CVE-2015-0208", "CVE-2015-5307", "CVE-2016-0473", "CVE-2016-0518", "CVE-2013-1740", "CVE-2016-0567", "CVE-2015-7575", "CVE-2016-0558", "CVE-2016-0543", "CVE-2016-0463", "CVE-2016-0487", "CVE-2013-1739", "CVE-2016-0466", "CVE-2016-0462", "CVE-2016-0423", "CVE-2016-0596", "CVE-2016-0535", "CVE-2016-0509", "CVE-2016-0574", "CVE-2014-1492", "CVE-2016-0426", "CVE-2016-0460", "CVE-2016-0504", "CVE-2016-0521", "CVE-2016-0501", "CVE-2013-5606", "CVE-2016-0451", "CVE-2016-0482", "CVE-2015-4808", "CVE-2016-0539", "CVE-2014-0050", "CVE-2016-0404", "CVE-2016-0419", "CVE-2016-0494", "CVE-2015-0293", "CVE-2016-0552", "CVE-2016-0485", "CVE-2014-1490", "CVE-2016-0595", "CVE-2016-0402", "CVE-2016-0480", "CVE-2016-0478", "CVE-2016-0427", "CVE-2015-4919", "CVE-2016-0529", "CVE-2015-7183", "CVE-2016-0503", "CVE-2015-1788", "CVE-2016-0413", "CVE-2016-0476", "CVE-2016-0598", "CVE-2016-0556", "CVE-2015-0209", "CVE-2016-0422", "CVE-2016-0502", "CVE-2016-0601", "CVE-2013-2186", "CVE-2015-3183", "CVE-2015-4920", "CVE-2016-0441", "CVE-2016-0432", "CVE-2016-0484", "CVE-2016-0536", "CVE-2016-0576", "CVE-2015-0204", "CVE-2016-0540", "CVE-2016-0584", "CVE-2016-0537", "CVE-2016-0590", "CVE-2016-0565", "CVE-2016-0420", "CVE-2016-0557", "CVE-2016-0586", "CVE-2016-0417", "CVE-2016-0491", "CVE-2016-0424", "CVE-2015-8472", "CVE-2016-0450", "CVE-2016-0495", "CVE-2016-0520", "CVE-2016-0405", "CVE-2016-0488", "CVE-2015-1790", "CVE-2016-0525", "CVE-2016-0475", "CVE-2016-0499", "CVE-2016-0452", "CVE-2015-6014", "CVE-2016-0548", "CVE-2016-0519", "CVE-2016-0587", "CVE-2016-0461", "CVE-2016-0464", "CVE-2016-0409", "CVE-2016-0438", "CVE-2015-0291", "CVE-2016-0429", "CVE-2016-0497", "CVE-2014-3581", "CVE-2016-0607", "CVE-2015-8370", "CVE-2016-0439", "CVE-2015-0287", "CVE-2014-8109", "CVE-2016-0530", "CVE-2016-0456", "CVE-2016-0496", "CVE-2016-0551", "CVE-2016-0425", "CVE-2016-0421", "CVE-2016-0523", "CVE-2016-0430", "CVE-2015-0289", "CVE-2016-0597", "CVE-2016-0467", "CVE-2016-0581", "CVE-2016-0549", "CVE-2016-0458", "CVE-2014-1491", "CVE-2016-0538", "CVE-2016-0531", "CVE-2015-0292", "CVE-2016-0583", "CVE-2016-0411", "CVE-2016-0507", "CVE-2016-0490", "CVE-2016-0418", "CVE-2014-0107", "CVE-2016-0453", "CVE-2015-7744", "CVE-2016-0513", "CVE-2016-0436", "CVE-2016-0547", "CVE-2016-0588", "CVE-2015-0290", "CVE-2016-0434", "CVE-2016-0446", "CVE-2015-1787", "CVE-2016-0505", "CVE-2015-4852", "CVE-2016-0562", "CVE-2016-0585", "CVE-2015-4923", "CVE-2016-0406", "CVE-2015-1791", "CVE-2015-8104", "CVE-2016-0532", "CVE-2015-4925", "CVE-2015-6015", "CVE-2016-0545", "CVE-2016-0602"], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n \n\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n \n\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\n \n\n\nThis Critical Patch Update contains 248 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\n \n\n\n** Please note that on November 10, 2015, Oracle released [Security Alert for CVE-2015-4852](<http://www.oracle.com/technetwork/topics/security/alert-cve-2015-4852-2763333.html>). Customers of affected Oracle products are strongly advised to apply the fixes and/or configuration steps that were announced for CVE-2015-4852. **\n\n \n\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: <http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>.\n\n \n\n", "modified": "2016-02-12T00:00:00", "published": "2016-01-19T00:00:00", "id": "ORACLE:CPUJAN2016-2367955", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - January 2016", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-04T21:15:56", "bulletinFamily": "software", "cvelist": ["CVE-2013-1739", "CVE-2013-1740", "CVE-2013-1741", "CVE-2013-2186", "CVE-2013-5605", "CVE-2013-5606", "CVE-2013-5704", "CVE-2013-5855", "CVE-2014-0050", "CVE-2014-0107", "CVE-2014-1490", "CVE-2014-1491", "CVE-2014-1492", "CVE-2014-3581", "CVE-2014-3583", "CVE-2014-8109", "CVE-2015-0204", "CVE-2015-0207", "CVE-2015-0208", "CVE-2015-0209", "CVE-2015-0235", "CVE-2015-0285", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0290", "CVE-2015-0291", "CVE-2015-0292", "CVE-2015-0293", "CVE-2015-1787", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-1793", "CVE-2015-3153", "CVE-2015-3183", "CVE-2015-3195", "CVE-2015-4000", "CVE-2015-4808", "CVE-2015-4852", "CVE-2015-4885", "CVE-2015-4919", "CVE-2015-4920", "CVE-2015-4921", "CVE-2015-4922", "CVE-2015-4923", "CVE-2015-4924", "CVE-2015-4925", "CVE-2015-4926", "CVE-2015-5307", "CVE-2015-6013", "CVE-2015-6014", "CVE-2015-6015", "CVE-2015-7183", "CVE-2015-7575", "CVE-2015-7744", "CVE-2015-8104", "CVE-2015-8126", "CVE-2015-8370", "CVE-2015-8472", "CVE-2016-0401", "CVE-2016-0402", "CVE-2016-0403", "CVE-2016-0404", "CVE-2016-0405", "CVE-2016-0406", "CVE-2016-0409", "CVE-2016-0411", "CVE-2016-0412", "CVE-2016-0413", "CVE-2016-0414", "CVE-2016-0415", "CVE-2016-0416", "CVE-2016-0417", "CVE-2016-0418", "CVE-2016-0419", "CVE-2016-0420", "CVE-2016-0421", "CVE-2016-0422", "CVE-2016-0423", "CVE-2016-0424", "CVE-2016-0425", "CVE-2016-0426", "CVE-2016-0427", "CVE-2016-0428", "CVE-2016-0429", "CVE-2016-0430", "CVE-2016-0431", "CVE-2016-0432", "CVE-2016-0433", "CVE-2016-0434", "CVE-2016-0435", "CVE-2016-0436", "CVE-2016-0437", "CVE-2016-0438", "CVE-2016-0439", "CVE-2016-0440", "CVE-2016-0441", "CVE-2016-0442", "CVE-2016-0443", "CVE-2016-0444", "CVE-2016-0445", "CVE-2016-0446", "CVE-2016-0447", "CVE-2016-0448", "CVE-2016-0449", "CVE-2016-0450", "CVE-2016-0451", "CVE-2016-0452", "CVE-2016-0453", "CVE-2016-0454", "CVE-2016-0455", "CVE-2016-0456", "CVE-2016-0457", "CVE-2016-0458", "CVE-2016-0459", "CVE-2016-0460", "CVE-2016-0461", "CVE-2016-0462", "CVE-2016-0463", "CVE-2016-0464", "CVE-2016-0465", "CVE-2016-0466", "CVE-2016-0467", "CVE-2016-0470", "CVE-2016-0471", "CVE-2016-0472", "CVE-2016-0473", "CVE-2016-0474", "CVE-2016-0475", "CVE-2016-0476", "CVE-2016-0477", "CVE-2016-0478", "CVE-2016-0480", "CVE-2016-0481", "CVE-2016-0482", "CVE-2016-0483", "CVE-2016-0484", "CVE-2016-0485", "CVE-2016-0486", "CVE-2016-0487", "CVE-2016-0488", "CVE-2016-0489", "CVE-2016-0490", "CVE-2016-0491", "CVE-2016-0492", "CVE-2016-0493", "CVE-2016-0494", "CVE-2016-0495", "CVE-2016-0496", "CVE-2016-0497", "CVE-2016-0498", "CVE-2016-0499", "CVE-2016-0500", "CVE-2016-0501", "CVE-2016-0502", "CVE-2016-0503", "CVE-2016-0504", "CVE-2016-0505", "CVE-2016-0506", "CVE-2016-0507", "CVE-2016-0508", "CVE-2016-0509", "CVE-2016-0510", "CVE-2016-0511", "CVE-2016-0512", "CVE-2016-0513", "CVE-2016-0514", "CVE-2016-0515", "CVE-2016-0516", "CVE-2016-0517", "CVE-2016-0518", "CVE-2016-0519", "CVE-2016-0520", "CVE-2016-0521", "CVE-2016-0522", "CVE-2016-0523", "CVE-2016-0524", "CVE-2016-0525", "CVE-2016-0526", "CVE-2016-0527", "CVE-2016-0528", "CVE-2016-0529", "CVE-2016-0530", "CVE-2016-0531", "CVE-2016-0532", "CVE-2016-0533", "CVE-2016-0534", "CVE-2016-0535", "CVE-2016-0536", "CVE-2016-0537", "CVE-2016-0538", "CVE-2016-0539", "CVE-2016-0540", "CVE-2016-0541", "CVE-2016-0542", "CVE-2016-0543", "CVE-2016-0544", "CVE-2016-0545", "CVE-2016-0546", "CVE-2016-0547", "CVE-2016-0548", "CVE-2016-0549", "CVE-2016-0550", "CVE-2016-0551", "CVE-2016-0552", "CVE-2016-0553", "CVE-2016-0554", "CVE-2016-0555", "CVE-2016-0556", "CVE-2016-0557", "CVE-2016-0558", "CVE-2016-0559", "CVE-2016-0560", "CVE-2016-0561", "CVE-2016-0562", "CVE-2016-0563", "CVE-2016-0564", "CVE-2016-0565", "CVE-2016-0566", "CVE-2016-0567", "CVE-2016-0568", "CVE-2016-0569", "CVE-2016-0570", "CVE-2016-0571", "CVE-2016-0572", "CVE-2016-0573", "CVE-2016-0574", "CVE-2016-0575", "CVE-2016-0576", "CVE-2016-0577", "CVE-2016-0578", "CVE-2016-0579", "CVE-2016-0580", "CVE-2016-0581", "CVE-2016-0582", "CVE-2016-0583", "CVE-2016-0584", "CVE-2016-0585", "CVE-2016-0586", "CVE-2016-0587", "CVE-2016-0588", "CVE-2016-0589", "CVE-2016-0590", "CVE-2016-0591", "CVE-2016-0592", "CVE-2016-0594", "CVE-2016-0595", "CVE-2016-0596", "CVE-2016-0597", "CVE-2016-0598", "CVE-2016-0599", "CVE-2016-0600", "CVE-2016-0601", "CVE-2016-0602", "CVE-2016-0605", "CVE-2016-0606", "CVE-2016-0607", "CVE-2016-0608", "CVE-2016-0609", "CVE-2016-0610", "CVE-2016-0611", "CVE-2016-0614", "CVE-2016-0616", "CVE-2016-0618"], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\nCritical Patch Updates and Security Alerts for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nThis Critical Patch Update contains 248 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\n**Please note that on November 10, 2015, Oracle released Security Alert for CVE-2015-4852. Customers of affected Oracle products are strongly advised to apply the fixes and/or configuration steps that were announced for CVE-2015-4852. **\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: https://www.oracle.com/security-alerts/cpufaq.html#CVRF.\n", "modified": "2016-02-12T00:00:00", "published": "2016-01-19T00:00:00", "id": "ORACLE:CPUJAN2016", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - January 2016", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:21:04", "bulletinFamily": "software", "cvelist": ["CVE-2015-0388", "CVE-2014-6574", "CVE-2015-0390", "CVE-2011-4317", "CVE-2014-6592", "CVE-2014-3566", "CVE-2011-4461", "CVE-2015-0386", "CVE-2015-0425", "CVE-2014-6566", "CVE-2013-4784", "CVE-2014-0191", "CVE-2015-0365", "CVE-2014-6579", "CVE-2014-6556", "CVE-2014-0231", "CVE-2014-6571", "CVE-2015-0427", "CVE-2014-6578", "CVE-2015-0398", "CVE-2014-6510", "CVE-2014-6595", "CVE-2011-3607", "CVE-2014-6518", "CVE-2015-0385", "CVE-2015-0395", "CVE-2015-0368", "CVE-2013-6449", "CVE-2014-6575", "CVE-2015-0380", "CVE-2015-0424", "CVE-2003-0001", "CVE-2014-6565", "CVE-2015-0407", "CVE-2014-0076", "CVE-2015-0362", "CVE-2015-0430", "CVE-2014-6585", "CVE-2015-0410", "CVE-2013-5704", "CVE-2015-0402", "CVE-2015-0379", "CVE-2014-6548", "CVE-2015-0396", "CVE-2015-0422", "CVE-2015-0435", "CVE-2014-5704", "CVE-2013-5605", "CVE-2014-6584", "CVE-2014-0224", "CVE-2014-4259", "CVE-2015-0391", "CVE-2014-6567", "CVE-2015-0418", "CVE-2013-0338", "CVE-2014-6480", "CVE-2014-6576", "CVE-2015-0428", "CVE-2015-0431", "CVE-2014-0098", "CVE-2014-6549", "CVE-2015-0420", "CVE-2015-0432", "CVE-2015-0383", "CVE-2011-3389", "CVE-2013-1741", "CVE-2014-6583", "CVE-2014-6597", "CVE-2014-4279", "CVE-2004-0230", "CVE-2015-0369", "CVE-2014-6525", "CVE-2015-0372", "CVE-2014-6582", "CVE-2015-0378", "CVE-2015-0392", "CVE-2015-0416", "CVE-2014-6587", "CVE-2013-1740", "CVE-2013-6438", "CVE-2015-0406", "CVE-2015-0401", "CVE-2014-6569", "CVE-2014-3470", "CVE-2012-0053", "CVE-2013-1739", "CVE-2014-6599", "CVE-2014-1492", "CVE-2013-2877", "CVE-2015-0417", "CVE-2015-0404", "CVE-2013-6450", "CVE-2013-5606", "CVE-2014-0114", "CVE-2015-0364", "CVE-2014-0050", "CVE-2010-5107", "CVE-2011-3368", "CVE-2014-6573", "CVE-2014-1490", "CVE-2010-5298", "CVE-2013-4286", "CVE-2015-0371", "CVE-2014-6526", "CVE-2015-0382", "CVE-2014-1568", "CVE-2015-0363", "CVE-2014-6600", "CVE-2014-6580", "CVE-2014-6509", "CVE-2015-0375", "CVE-2015-0414", "CVE-2014-0195", "CVE-2015-0413", "CVE-2014-6593", "CVE-2014-0198", "CVE-2014-6601", "CVE-2014-6594", "CVE-2015-0373", "CVE-2015-0421", "CVE-2013-2186", "CVE-2014-3567", "CVE-2014-6581", "CVE-2014-0015", "CVE-2015-0403", "CVE-2014-6570", "CVE-2015-0408", "CVE-2015-0429", "CVE-2014-6596", "CVE-2014-6521", "CVE-2015-0374", "CVE-2014-6591", "CVE-2014-6586", "CVE-2014-6524", "CVE-2014-6572", "CVE-2015-0370", "CVE-2015-0412", "CVE-2015-0400", "CVE-2015-0409", "CVE-2015-0387", "CVE-2015-0389", "CVE-2015-0399", "CVE-2014-0118", "CVE-2015-0415", "CVE-2014-6590", "CVE-2015-0376", "CVE-2014-6481", "CVE-2015-0393", "CVE-2015-0366", "CVE-2015-0419", "CVE-2014-6568", "CVE-2015-0377", "CVE-2015-0394", "CVE-2015-0397", "CVE-2015-0384", "CVE-2014-6589", "CVE-2014-1491", "CVE-2014-6528", "CVE-2014-6588", "CVE-2014-6541", "CVE-2011-1944", "CVE-2015-0437", "CVE-2014-6514", "CVE-2014-0117", "CVE-2014-4212", "CVE-2015-0436", "CVE-2014-6598", "CVE-2015-0367", "CVE-2014-0226", "CVE-2013-1620", "CVE-2013-4545", "CVE-2015-0426", "CVE-2015-0434", "CVE-2014-0221", "CVE-2015-0411", "CVE-2015-0381", "CVE-2014-6577"], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n \n\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n \n\n\n**Oracle has received specific reports of malicious exploitation of vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that malicious attackers have been successful because customers had failed to apply these Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\n \n\n\nThis Critical Patch Update contains 169 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\n \n\n\nPlease note that on October 16, 2014, Oracle released information for [CVE-2014-3566 \"POODLE\"](<http://www.oracle.com/technetwork/topics/security/poodlecve-2014-3566-2339408.html>). Customers of affected Oracle products are strongly advised to apply the fixes and/or configuration steps that were announced for CVE-2014-3566 in addition to the fixes announced in this CPU.\n\n \n\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: <http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>.\n\n \n\n", "modified": "2015-01-20T00:00:00", "published": "2015-03-10T00:00:00", "id": "ORACLE:CPUJAN2015-1972971", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - January 2015", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}