(RHSA-2015:2659) Moderate: Red Hat JBoss Web Server 3.0.2 security update
2015-12-16T23:09:20
ID RHSA-2015:2659 Type redhat Reporter RedHat Modified 2018-06-07T02:42:54
Description
Red Hat JBoss Web Server is a fully integrated and certified set of
components for hosting Java web applications. It is comprised of the
Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat
Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and
the Tomcat Native library.
It was found that Tomcat would keep connections open after processing
requests with a large enough request body. A remote attacker could
potentially use this flaw to exhaust the pool of available connections
and prevent further, legitimate connections to the Tomcat server.
(CVE-2014-0230)
A flaw was found in the way httpd handled HTTP Trailer headers when
processing requests using chunked encoding. A malicious client could
use Trailer headers to set additional HTTP headers after header
processing was performed by other modules. This could, for example,
lead to a bypass of header restrictions defined with mod_headers.
(CVE-2013-5704)
Multiple flaws were found in the way httpd parsed HTTP requests and
responses using chunked transfer encoding. A remote attacker could
use these flaws to create a specially crafted request, which httpd
would decode differently from an HTTP proxy software in front of it,
possibly leading to HTTP request smuggling attacks. (CVE-2015-3183)
This enhancement update adds the Red Hat JBoss Web Server 3.0.2
packages to Red Hat Enterprise Linux 6. These packages provide a
number of enhancements over the previous version of Red Hat JBoss Web
Server. (JIRA#JWS-228)
Users of Red Hat JBoss Web Server are advised to upgrade to these
updated packages, which add this enhancement.
{"nessus": [{"lastseen": "2021-02-06T13:45:32", "description": "Updated Red Hat JBoss Web Server 3.0.2 packages are now available for\nRed Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the\nApache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat\nConnector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and\nthe Tomcat Native library.\n\nIt was found that Tomcat would keep connections open after processing\nrequests with a large enough request body. A remote attacker could\npotentially use this flaw to exhaust the pool of available connections\nand prevent further, legitimate connections to the Tomcat server.\n(CVE-2014-0230)\n\nA flaw was found in the way httpd handled HTTP Trailer headers when\nprocessing requests using chunked encoding. A malicious client could\nuse Trailer headers to set additional HTTP headers after header\nprocessing was performed by other modules. This could, for example,\nlead to a bypass of header restrictions defined with mod_headers.\n(CVE-2013-5704)\n\nMultiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would\ndecode differently from an HTTP proxy software in front of it,\npossibly leading to HTTP request smuggling attacks. (CVE-2015-3183)\n\n* This enhancement update adds the Red Hat JBoss Web Server 3.0.2\npackages to Red Hat Enterprise Linux 6. These packages provide a\nnumber of enhancements over the previous version of Red Hat JBoss Web\nServer. (JIRA#JWS-228)\n\nUsers of Red Hat JBoss Web Server are advised to upgrade to these\nupdated packages, which add this enhancement.", "edition": 31, "cvss3": {"score": 4.3, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}, "published": "2015-12-17T00:00:00", "title": "RHEL 6 : JBoss Web Server (RHSA-2015:2659)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0230", "CVE-2013-5704", "CVE-2015-5174", "CVE-2015-3183", "CVE-2014-3581"], "modified": "2015-12-17T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:mod_bmx", "p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j", "p-cpe:/a:redhat:enterprise_linux:tomcat8-javadoc", "p-cpe:/a:redhat:enterprise_linux:httpd24-devel", "p-cpe:/a:redhat:enterprise_linux:tomcat8-log4j", "p-cpe:/a:redhat:enterprise_linux:tomcat8-servlet-3.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat8", "p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps", "p-cpe:/a:redhat:enterprise_linux:httpd24", "p-cpe:/a:redhat:enterprise_linux:httpd24-debuginfo", "p-cpe:/a:redhat:enterprise_linux:mod_proxy24_html", "p-cpe:/a:redhat:enterprise_linux:mod_ldap24", "p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat7-lib", "p-cpe:/a:redhat:enterprise_linux:httpd24-tools", "p-cpe:/a:redhat:enterprise_linux:tomcat8-webapps", "p-cpe:/a:redhat:enterprise_linux:mod_ssl24", "p-cpe:/a:redhat:enterprise_linux:mod_bmx-debuginfo", "p-cpe:/a:redhat:enterprise_linux:apache-commons-collections-tomcat-eap6", "p-cpe:/a:redhat:enterprise_linux:tomcat-vault", "p-cpe:/a:redhat:enterprise_linux:tomcat7-el-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7", "p-cpe:/a:redhat:enterprise_linux:tomcat8-jsp-2.3-api", "p-cpe:/a:redhat:enterprise_linux:apache-commons-collections-eap6", "p-cpe:/a:redhat:enterprise_linux:mod_session24", "p-cpe:/a:redhat:enterprise_linux:tomcat8-el-2.2-api", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-native-debuginfo", "p-cpe:/a:redhat:enterprise_linux:tomcat8-lib", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-native", "p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:tomcat8-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:httpd24-manual", "p-cpe:/a:redhat:enterprise_linux:tomcat8-docs-webapp"], "id": "REDHAT-RHSA-2015-2659.NASL", "href": "https://www.tenable.com/plugins/nessus/87457", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:2659. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87457);\n script_version(\"2.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/05\");\n\n script_cve_id(\"CVE-2013-5704\", \"CVE-2014-0230\", \"CVE-2014-3581\", \"CVE-2015-3183\", \"CVE-2015-5174\");\n script_xref(name:\"RHSA\", value:\"2015:2659\");\n\n script_name(english:\"RHEL 6 : JBoss Web Server (RHSA-2015:2659)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Updated Red Hat JBoss Web Server 3.0.2 packages are now available for\nRed Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the\nApache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat\nConnector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and\nthe Tomcat Native library.\n\nIt was found that Tomcat would keep connections open after processing\nrequests with a large enough request body. A remote attacker could\npotentially use this flaw to exhaust the pool of available connections\nand prevent further, legitimate connections to the Tomcat server.\n(CVE-2014-0230)\n\nA flaw was found in the way httpd handled HTTP Trailer headers when\nprocessing requests using chunked encoding. A malicious client could\nuse Trailer headers to set additional HTTP headers after header\nprocessing was performed by other modules. This could, for example,\nlead to a bypass of header restrictions defined with mod_headers.\n(CVE-2013-5704)\n\nMultiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would\ndecode differently from an HTTP proxy software in front of it,\npossibly leading to HTTP request smuggling attacks. (CVE-2015-3183)\n\n* This enhancement update adds the Red Hat JBoss Web Server 3.0.2\npackages to Red Hat Enterprise Linux 6. These packages provide a\nnumber of enhancements over the previous version of Red Hat JBoss Web\nServer. (JIRA#JWS-228)\n\nUsers of Red Hat JBoss Web Server are advised to upgrade to these\nupdated packages, which add this enhancement.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:2659\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0230\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5174\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-commons-collections-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-commons-collections-tomcat-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd24-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd24-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd24-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd24-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_bmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_bmx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-native-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ldap24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_proxy24_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_session24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-vault\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-jsp-2.3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-servlet-3.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:2659\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"jws-3\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss Web Server\");\n\n if (rpm_check(release:\"RHEL6\", reference:\"apache-commons-collections-eap6-3.2.1-18.redhat_7.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"apache-commons-collections-tomcat-eap6-3.2.1-18.redhat_7.1.ep6.el6\")) flag++;\n if (rpm_exists(rpm:\"httpd24-2.4\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"httpd24-2.4.6-59.ep7.el6\")) flag++;\n if (rpm_exists(rpm:\"httpd24-2.4\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd24-2.4.6-59.ep7.el6\")) flag++;\n if (rpm_exists(rpm:\"httpd24-debuginfo-2.4\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"httpd24-debuginfo-2.4.6-59.ep7.el6\")) flag++;\n if (rpm_exists(rpm:\"httpd24-debuginfo-2.4\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd24-debuginfo-2.4.6-59.ep7.el6\")) flag++;\n if (rpm_exists(rpm:\"httpd24-devel-2.4\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"httpd24-devel-2.4.6-59.ep7.el6\")) flag++;\n if (rpm_exists(rpm:\"httpd24-devel-2.4\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd24-devel-2.4.6-59.ep7.el6\")) flag++;\n if (rpm_exists(rpm:\"httpd24-manual-2.4\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", reference:\"httpd24-manual-2.4.6-59.ep7.el6\")) flag++;\n if (rpm_exists(rpm:\"httpd24-tools-2.4\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"httpd24-tools-2.4.6-59.ep7.el6\")) flag++;\n if (rpm_exists(rpm:\"httpd24-tools-2.4\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd24-tools-2.4.6-59.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"mod_bmx-0.9.5-7.GA.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_bmx-0.9.5-7.GA.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"mod_bmx-debuginfo-0.9.5-7.GA.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_bmx-debuginfo-0.9.5-7.GA.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"mod_cluster-native-1.3.1-6.Final_redhat_2.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_cluster-native-1.3.1-6.Final_redhat_2.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"mod_cluster-native-debuginfo-1.3.1-6.Final_redhat_2.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_cluster-native-debuginfo-1.3.1-6.Final_redhat_2.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"mod_ldap24-2.4.6-59.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_ldap24-2.4.6-59.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"mod_proxy24_html-2.4.6-59.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_proxy24_html-2.4.6-59.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"mod_session24-2.4.6-59.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_session24-2.4.6-59.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"mod_ssl24-2.4.6-59.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_ssl24-2.4.6-59.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat-vault-1.0.8-4.Final_redhat_4.1.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-7.0.59-42_patch_01.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-admin-webapps-7.0.59-42_patch_01.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-docs-webapp-7.0.59-42_patch_01.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-el-2.2-api-7.0.59-42_patch_01.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-javadoc-7.0.59-42_patch_01.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-jsp-2.2-api-7.0.59-42_patch_01.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-lib-7.0.59-42_patch_01.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-log4j-7.0.59-42_patch_01.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-servlet-3.0-api-7.0.59-42_patch_01.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-webapps-7.0.59-42_patch_01.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-8.0.18-52_patch_01.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-admin-webapps-8.0.18-52_patch_01.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-docs-webapp-8.0.18-52_patch_01.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-el-2.2-api-8.0.18-52_patch_01.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-javadoc-8.0.18-52_patch_01.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-jsp-2.3-api-8.0.18-52_patch_01.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-lib-8.0.18-52_patch_01.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-log4j-8.0.18-52_patch_01.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-servlet-3.1-api-8.0.18-52_patch_01.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-webapps-8.0.18-52_patch_01.ep7.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache-commons-collections-eap6 / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-02-06T13:45:32", "description": "Updated Red Hat JBoss Web Server 3.0.2 packages are now available for\nRed Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the\nApache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat\nConnector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and\nthe Tomcat Native library.\n\nIt was found that Tomcat would keep connections open after processing\nrequests with a large enough request body. A remote attacker could\npotentially use this flaw to exhaust the pool of available connections\nand prevent further, legitimate connections to the Tomcat server.\n(CVE-2014-0230)\n\nA flaw was found in the way httpd handled HTTP Trailer headers when\nprocessing requests using chunked encoding. A malicious client could\nuse Trailer headers to set additional HTTP headers after header\nprocessing was performed by other modules. This could, for example,\nlead to a bypass of header restrictions defined with mod_headers.\n(CVE-2013-5704)\n\nMultiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would\ndecode differently from an HTTP proxy software in front of it,\npossibly leading to HTTP request smuggling attacks. (CVE-2015-3183)\n\n* This enhancement update adds the Red Hat JBoss Web Server 3.0.2\npackages to Red Hat Enterprise Linux 7. These packages provide a\nnumber of enhancements over the previous version of Red Hat JBoss Web\nServer. (JIRA#JWS-229)\n\nUsers of Red Hat JBoss Web Server are advised to upgrade to these\nupdated packages, which add this enhancement.", "edition": 31, "cvss3": {"score": 4.3, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}, "published": "2015-12-17T00:00:00", "title": "RHEL 7 : JBoss Web Server (RHSA-2015:2660)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0230", "CVE-2013-5704", "CVE-2015-5174", "CVE-2015-3183", "CVE-2014-3581"], "modified": "2015-12-17T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:mod_bmx", "p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j", "p-cpe:/a:redhat:enterprise_linux:tomcat8-javadoc", "p-cpe:/a:redhat:enterprise_linux:httpd24-devel", "p-cpe:/a:redhat:enterprise_linux:tomcat8-log4j", "p-cpe:/a:redhat:enterprise_linux:tomcat8-servlet-3.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat8", "p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps", "p-cpe:/a:redhat:enterprise_linux:httpd24", "p-cpe:/a:redhat:enterprise_linux:httpd24-debuginfo", "p-cpe:/a:redhat:enterprise_linux:mod_proxy24_html", "p-cpe:/a:redhat:enterprise_linux:mod_ldap24", "p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat7-lib", "p-cpe:/a:redhat:enterprise_linux:httpd24-tools", "p-cpe:/a:redhat:enterprise_linux:tomcat8-webapps", "p-cpe:/a:redhat:enterprise_linux:mod_ssl24", "p-cpe:/a:redhat:enterprise_linux:mod_bmx-debuginfo", "p-cpe:/a:redhat:enterprise_linux:apache-commons-collections-tomcat-eap6", "p-cpe:/a:redhat:enterprise_linux:tomcat-vault", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:tomcat7-el-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7", "p-cpe:/a:redhat:enterprise_linux:tomcat8-jsp-2.3-api", "p-cpe:/a:redhat:enterprise_linux:apache-commons-collections-eap6", "p-cpe:/a:redhat:enterprise_linux:mod_session24", "p-cpe:/a:redhat:enterprise_linux:tomcat8-el-2.2-api", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-native-debuginfo", "p-cpe:/a:redhat:enterprise_linux:tomcat8-lib", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-native", "p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat8-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:httpd24-manual", "p-cpe:/a:redhat:enterprise_linux:tomcat8-docs-webapp"], "id": "REDHAT-RHSA-2015-2660.NASL", "href": "https://www.tenable.com/plugins/nessus/87458", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:2660. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87458);\n script_version(\"2.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/05\");\n\n script_cve_id(\"CVE-2013-5704\", \"CVE-2014-0230\", \"CVE-2014-3581\", \"CVE-2015-3183\", \"CVE-2015-5174\");\n script_xref(name:\"RHSA\", value:\"2015:2660\");\n\n script_name(english:\"RHEL 7 : JBoss Web Server (RHSA-2015:2660)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Updated Red Hat JBoss Web Server 3.0.2 packages are now available for\nRed Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the\nApache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat\nConnector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and\nthe Tomcat Native library.\n\nIt was found that Tomcat would keep connections open after processing\nrequests with a large enough request body. A remote attacker could\npotentially use this flaw to exhaust the pool of available connections\nand prevent further, legitimate connections to the Tomcat server.\n(CVE-2014-0230)\n\nA flaw was found in the way httpd handled HTTP Trailer headers when\nprocessing requests using chunked encoding. A malicious client could\nuse Trailer headers to set additional HTTP headers after header\nprocessing was performed by other modules. This could, for example,\nlead to a bypass of header restrictions defined with mod_headers.\n(CVE-2013-5704)\n\nMultiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would\ndecode differently from an HTTP proxy software in front of it,\npossibly leading to HTTP request smuggling attacks. (CVE-2015-3183)\n\n* This enhancement update adds the Red Hat JBoss Web Server 3.0.2\npackages to Red Hat Enterprise Linux 7. These packages provide a\nnumber of enhancements over the previous version of Red Hat JBoss Web\nServer. (JIRA#JWS-229)\n\nUsers of Red Hat JBoss Web Server are advised to upgrade to these\nupdated packages, which add this enhancement.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:2660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0230\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5174\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-commons-collections-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-commons-collections-tomcat-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd24-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd24-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd24-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd24-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_bmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_bmx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-native-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ldap24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_proxy24_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_session24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-vault\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-jsp-2.3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-servlet-3.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:2660\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL7\", rpm:\"jws-3\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss Web Server\");\n\n if (rpm_check(release:\"RHEL7\", reference:\"apache-commons-collections-eap6-3.2.1-18.redhat_7.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"apache-commons-collections-tomcat-eap6-3.2.1-18.redhat_7.1.ep6.el7\")) flag++;\n if (rpm_exists(rpm:\"httpd24-2.4\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd24-2.4.6-59.ep7.el7\")) flag++;\n if (rpm_exists(rpm:\"httpd24-debuginfo-2.4\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd24-debuginfo-2.4.6-59.ep7.el7\")) flag++;\n if (rpm_exists(rpm:\"httpd24-devel-2.4\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd24-devel-2.4.6-59.ep7.el7\")) flag++;\n if (rpm_exists(rpm:\"httpd24-manual-2.4\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", reference:\"httpd24-manual-2.4.6-59.ep7.el7\")) flag++;\n if (rpm_exists(rpm:\"httpd24-tools-2.4\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd24-tools-2.4.6-59.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_bmx-0.9.5-7.GA.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_bmx-debuginfo-0.9.5-7.GA.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_cluster-native-1.3.1-6.Final_redhat_2.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_cluster-native-debuginfo-1.3.1-6.Final_redhat_2.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_ldap24-2.4.6-59.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_proxy24_html-2.4.6-59.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_session24-2.4.6-59.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_ssl24-2.4.6-59.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-vault-1.0.8-4.Final_redhat_4.1.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-7.0.59-42_patch_01.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-admin-webapps-7.0.59-42_patch_01.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-docs-webapp-7.0.59-42_patch_01.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-el-2.2-api-7.0.59-42_patch_01.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-javadoc-7.0.59-42_patch_01.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-jsp-2.2-api-7.0.59-42_patch_01.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-lib-7.0.59-42_patch_01.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-log4j-7.0.59-42_patch_01.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-servlet-3.0-api-7.0.59-42_patch_01.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-webapps-7.0.59-42_patch_01.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-8.0.18-52_patch_01.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-admin-webapps-8.0.18-52_patch_01.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-docs-webapp-8.0.18-52_patch_01.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-el-2.2-api-8.0.18-52_patch_01.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-javadoc-8.0.18-52_patch_01.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-jsp-2.3-api-8.0.18-52_patch_01.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-lib-8.0.18-52_patch_01.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-log4j-8.0.18-52_patch_01.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-servlet-3.1-api-8.0.18-52_patch_01.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-webapps-8.0.18-52_patch_01.ep7.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache-commons-collections-eap6 / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-06T09:30:02", "description": "Updated httpd packages that fix two security issues, several bugs, and\nadd various enhancements are for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Low security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which\ngive detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nA flaw was found in the way httpd handled HTTP Trailer headers when\nprocessing requests using chunked encoding. A malicious client could\nuse Trailer headers to set additional HTTP headers after header\nprocessing was performed by other modules. This could, for example,\nlead to a bypass of header restrictions defined with mod_headers.\n(CVE-2013-5704)\n\nA NULL pointer dereference flaw was found in the way the mod_cache\nhttpd module handled Content-Type headers. A malicious HTTP server\ncould cause the httpd child process to crash when the Apache HTTP\nserver was configured to proxy to a server with caching enabled.\n(CVE-2014-3581)\n\nThis update also fixes the following bugs :\n\n* Previously, the mod_proxy_fcgi Apache module always kept the\nback-end connections open even when they should have been closed. As a\nconsequence, the number of open file descriptors was increasing over\nthe time. With this update, mod_proxy_fcgi has been fixed to check the\nstate of the back-end connections, and it closes the idle back-end\nconnections as expected. (BZ#1168050)\n\n* An integer overflow occurred in the ab utility when a large request\ncount was used. Consequently, ab terminated unexpectedly with a\nsegmentation fault while printing statistics after the benchmark. This\nbug has been fixed, and ab no longer crashes in this scenario.\n(BZ#1092420)\n\n* Previously, when httpd was running in the foreground and the user\npressed Ctrl+C to interrupt the httpd processes, a race condition in\nsignal handling occurred. The SIGINT signal was sent to all children\nfollowed by SIGTERM from the main process, which interrupted the\nSIGINT handler. Consequently, the affected processes became\nunresponsive or terminated unexpectedly. With this update, the SIGINT\nsignals in the child processes are ignored, and httpd no longer hangs\nor crashes in this scenario. (BZ#1131006)\n\nIn addition, this update adds the following enhancements :\n\n* With this update, the mod_proxy module of the Apache HTTP Server\nsupports the Unix Domain Sockets (UDS). This allows mod_proxy back\nends to listen on UDS sockets instead of TCP sockets, and as a result,\nmod_proxy can be used to connect UDS back ends. (BZ#1168081)\n\n* This update adds support for using the SetHandler directive together\nwith the mod_proxy module. As a result, it is possible to configure\nSetHandler to use proxy for incoming requests, for example, in the\nfollowing format: SetHandler 'proxy:fcgi://127.0.0.1:9000'.\n(BZ#1136290)\n\n* The htaccess API changes introduced in httpd 2.4.7 have been\nbackported to httpd shipped with Red Hat Enterprise Linux 7.1. These\nchanges allow for the MPM-ITK module to be compiled as an httpd\nmodule. (BZ#1059143)\n\nAll httpd users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements. After installing the updated packages, the httpd daemon\nwill be restarted automatically.", "edition": 28, "published": "2015-03-18T00:00:00", "title": "CentOS 7 : httpd (CESA-2015:0325)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5704", "CVE-2014-3581"], "modified": "2015-03-18T00:00:00", "cpe": ["p-cpe:/a:centos:centos:mod_ssl", "p-cpe:/a:centos:centos:httpd-manual", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:mod_proxy_html", "p-cpe:/a:centos:centos:mod_session", "p-cpe:/a:centos:centos:httpd-tools", "p-cpe:/a:centos:centos:httpd", "p-cpe:/a:centos:centos:httpd-devel", "p-cpe:/a:centos:centos:mod_ldap"], "id": "CENTOS_RHSA-2015-0325.NASL", "href": "https://www.tenable.com/plugins/nessus/81888", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0325 and \n# CentOS Errata and Security Advisory 2015:0325 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81888);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-5704\", \"CVE-2014-3581\");\n script_xref(name:\"RHSA\", value:\"2015:0325\");\n\n script_name(english:\"CentOS 7 : httpd (CESA-2015:0325)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated httpd packages that fix two security issues, several bugs, and\nadd various enhancements are for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Low security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which\ngive detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nA flaw was found in the way httpd handled HTTP Trailer headers when\nprocessing requests using chunked encoding. A malicious client could\nuse Trailer headers to set additional HTTP headers after header\nprocessing was performed by other modules. This could, for example,\nlead to a bypass of header restrictions defined with mod_headers.\n(CVE-2013-5704)\n\nA NULL pointer dereference flaw was found in the way the mod_cache\nhttpd module handled Content-Type headers. A malicious HTTP server\ncould cause the httpd child process to crash when the Apache HTTP\nserver was configured to proxy to a server with caching enabled.\n(CVE-2014-3581)\n\nThis update also fixes the following bugs :\n\n* Previously, the mod_proxy_fcgi Apache module always kept the\nback-end connections open even when they should have been closed. As a\nconsequence, the number of open file descriptors was increasing over\nthe time. With this update, mod_proxy_fcgi has been fixed to check the\nstate of the back-end connections, and it closes the idle back-end\nconnections as expected. (BZ#1168050)\n\n* An integer overflow occurred in the ab utility when a large request\ncount was used. Consequently, ab terminated unexpectedly with a\nsegmentation fault while printing statistics after the benchmark. This\nbug has been fixed, and ab no longer crashes in this scenario.\n(BZ#1092420)\n\n* Previously, when httpd was running in the foreground and the user\npressed Ctrl+C to interrupt the httpd processes, a race condition in\nsignal handling occurred. The SIGINT signal was sent to all children\nfollowed by SIGTERM from the main process, which interrupted the\nSIGINT handler. Consequently, the affected processes became\nunresponsive or terminated unexpectedly. With this update, the SIGINT\nsignals in the child processes are ignored, and httpd no longer hangs\nor crashes in this scenario. (BZ#1131006)\n\nIn addition, this update adds the following enhancements :\n\n* With this update, the mod_proxy module of the Apache HTTP Server\nsupports the Unix Domain Sockets (UDS). This allows mod_proxy back\nends to listen on UDS sockets instead of TCP sockets, and as a result,\nmod_proxy can be used to connect UDS back ends. (BZ#1168081)\n\n* This update adds support for using the SetHandler directive together\nwith the mod_proxy module. As a result, it is possible to configure\nSetHandler to use proxy for incoming requests, for example, in the\nfollowing format: SetHandler 'proxy:fcgi://127.0.0.1:9000'.\n(BZ#1136290)\n\n* The htaccess API changes introduced in httpd 2.4.7 have been\nbackported to httpd shipped with Red Hat Enterprise Linux 7.1. These\nchanges allow for the MPM-ITK module to be compiled as an httpd\nmodule. (BZ#1059143)\n\nAll httpd users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements. After installing the updated packages, the httpd daemon\nwill be restarted automatically.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2015-March/001584.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e039993a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-5704\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"httpd-2.4.6-31.el7.centos\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"httpd-devel-2.4.6-31.el7.centos\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"httpd-manual-2.4.6-31.el7.centos\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"httpd-tools-2.4.6-31.el7.centos\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mod_ldap-2.4.6-31.el7.centos\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mod_proxy_html-2.4.6-31.el7.centos\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mod_session-2.4.6-31.el7.centos\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mod_ssl-2.4.6-31.el7.centos\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-tools / mod_ldap / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T13:48:41", "description": "A flaw was found in the way httpd handled HTTP Trailer headers when\nprocessing requests using chunked encoding. A malicious client could\nuse Trailer headers to set additional HTTP headers after header\nprocessing was performed by other modules. This could, for example,\nlead to a bypass of header restrictions defined with mod_headers.\n(CVE-2013-5704)\n\nA NULL pointer dereference flaw was found in the way the mod_cache\nhttpd module handled Content-Type headers. A malicious HTTP server\ncould cause the httpd child process to crash when the Apache HTTP\nserver was configured to proxy to a server with caching enabled.\n(CVE-2014-3581)\n\nThis update also fixes the following bugs :\n\n - Previously, the mod_proxy_fcgi Apache module always kept\n the back-end connections open even when they should have\n been closed. As a consequence, the number of open file\n descriptors was increasing over the time. With this\n update, mod_proxy_fcgi has been fixed to check the state\n of the back- end connections, and it closes the idle\n back-end connections as expected.\n\n - An integer overflow occurred in the ab utility when a\n large request count was used. Consequently, ab\n terminated unexpectedly with a segmentation fault while\n printing statistics after the benchmark. This bug has\n been fixed, and ab no longer crashes in this scenario.\n\n - Previously, when httpd was running in the foreground and\n the user pressed Ctrl+C to interrupt the httpd\n processes, a race condition in signal handling occurred.\n The SIGINT signal was sent to all children followed by\n SIGTERM from the main process, which interrupted the\n SIGINT handler. Consequently, the affected processes\n became unresponsive or terminated unexpectedly. With\n this update, the SIGINT signals in the child processes\n are ignored, and httpd no longer hangs or crashes in\n this scenario.\n\nIn addition, this update adds the following enhancements :\n\n - With this update, the mod_proxy module of the Apache\n HTTP Server supports the Unix Domain Sockets (UDS). This\n allows mod_proxy back ends to listen on UDS sockets\n instead of TCP sockets, and as a result, mod_proxy can\n be used to connect UDS back ends.\n\n - This update adds support for using the SetHandler\n directive together with the mod_proxy module. As a\n result, it is possible to configure SetHandler to use\n proxy for incoming requests, for example, in the\n following format: SetHandler\n 'proxy:fcgi://127.0.0.1:9000'.\n\n - The htaccess API changes introduced in httpd 2.4.7 have\n been backported to httpd shipped with Scientific Linux\n 7.1. These changes allow for the MPM-ITK module to be\n compiled as an httpd module.\n\nAfter installing the updated packages, the httpd daemon will be\nrestarted automatically.", "edition": 15, "published": "2015-03-26T00:00:00", "title": "Scientific Linux Security Update : httpd on SL7.x x86_64 (20150305)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5704", "CVE-2014-3581"], "modified": "2015-03-26T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:httpd-debuginfo", "p-cpe:/a:fermilab:scientific_linux:httpd-tools", "p-cpe:/a:fermilab:scientific_linux:httpd-manual", "p-cpe:/a:fermilab:scientific_linux:mod_ssl", "p-cpe:/a:fermilab:scientific_linux:mod_proxy_html", "p-cpe:/a:fermilab:scientific_linux:mod_session", "p-cpe:/a:fermilab:scientific_linux:httpd", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:mod_ldap", "p-cpe:/a:fermilab:scientific_linux:httpd-devel"], "id": "SL_20150305_HTTPD_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/82252", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82252);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-5704\", \"CVE-2014-3581\");\n\n script_name(english:\"Scientific Linux Security Update : httpd on SL7.x x86_64 (20150305)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way httpd handled HTTP Trailer headers when\nprocessing requests using chunked encoding. A malicious client could\nuse Trailer headers to set additional HTTP headers after header\nprocessing was performed by other modules. This could, for example,\nlead to a bypass of header restrictions defined with mod_headers.\n(CVE-2013-5704)\n\nA NULL pointer dereference flaw was found in the way the mod_cache\nhttpd module handled Content-Type headers. A malicious HTTP server\ncould cause the httpd child process to crash when the Apache HTTP\nserver was configured to proxy to a server with caching enabled.\n(CVE-2014-3581)\n\nThis update also fixes the following bugs :\n\n - Previously, the mod_proxy_fcgi Apache module always kept\n the back-end connections open even when they should have\n been closed. As a consequence, the number of open file\n descriptors was increasing over the time. With this\n update, mod_proxy_fcgi has been fixed to check the state\n of the back- end connections, and it closes the idle\n back-end connections as expected.\n\n - An integer overflow occurred in the ab utility when a\n large request count was used. Consequently, ab\n terminated unexpectedly with a segmentation fault while\n printing statistics after the benchmark. This bug has\n been fixed, and ab no longer crashes in this scenario.\n\n - Previously, when httpd was running in the foreground and\n the user pressed Ctrl+C to interrupt the httpd\n processes, a race condition in signal handling occurred.\n The SIGINT signal was sent to all children followed by\n SIGTERM from the main process, which interrupted the\n SIGINT handler. Consequently, the affected processes\n became unresponsive or terminated unexpectedly. With\n this update, the SIGINT signals in the child processes\n are ignored, and httpd no longer hangs or crashes in\n this scenario.\n\nIn addition, this update adds the following enhancements :\n\n - With this update, the mod_proxy module of the Apache\n HTTP Server supports the Unix Domain Sockets (UDS). This\n allows mod_proxy back ends to listen on UDS sockets\n instead of TCP sockets, and as a result, mod_proxy can\n be used to connect UDS back ends.\n\n - This update adds support for using the SetHandler\n directive together with the mod_proxy module. As a\n result, it is possible to configure SetHandler to use\n proxy for incoming requests, for example, in the\n following format: SetHandler\n 'proxy:fcgi://127.0.0.1:9000'.\n\n - The htaccess API changes introduced in httpd 2.4.7 have\n been backported to httpd shipped with Scientific Linux\n 7.1. These changes allow for the MPM-ITK module to be\n compiled as an httpd module.\n\nAfter installing the updated packages, the httpd daemon will be\nrestarted automatically.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1503&L=scientific-linux-errata&T=0&P=2522\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6347ee52\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"httpd-2.4.6-31.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"httpd-debuginfo-2.4.6-31.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"httpd-devel-2.4.6-31.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"httpd-manual-2.4.6-31.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"httpd-tools-2.4.6-31.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mod_ldap-2.4.6-31.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mod_proxy_html-2.4.6-31.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mod_session-2.4.6-31.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mod_ssl-2.4.6-31.sl7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T12:49:48", "description": "From Red Hat Security Advisory 2015:0325 :\n\nUpdated httpd packages that fix two security issues, several bugs, and\nadd various enhancements are for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Low security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which\ngive detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nA flaw was found in the way httpd handled HTTP Trailer headers when\nprocessing requests using chunked encoding. A malicious client could\nuse Trailer headers to set additional HTTP headers after header\nprocessing was performed by other modules. This could, for example,\nlead to a bypass of header restrictions defined with mod_headers.\n(CVE-2013-5704)\n\nA NULL pointer dereference flaw was found in the way the mod_cache\nhttpd module handled Content-Type headers. A malicious HTTP server\ncould cause the httpd child process to crash when the Apache HTTP\nserver was configured to proxy to a server with caching enabled.\n(CVE-2014-3581)\n\nThis update also fixes the following bugs :\n\n* Previously, the mod_proxy_fcgi Apache module always kept the\nback-end connections open even when they should have been closed. As a\nconsequence, the number of open file descriptors was increasing over\nthe time. With this update, mod_proxy_fcgi has been fixed to check the\nstate of the back-end connections, and it closes the idle back-end\nconnections as expected. (BZ#1168050)\n\n* An integer overflow occurred in the ab utility when a large request\ncount was used. Consequently, ab terminated unexpectedly with a\nsegmentation fault while printing statistics after the benchmark. This\nbug has been fixed, and ab no longer crashes in this scenario.\n(BZ#1092420)\n\n* Previously, when httpd was running in the foreground and the user\npressed Ctrl+C to interrupt the httpd processes, a race condition in\nsignal handling occurred. The SIGINT signal was sent to all children\nfollowed by SIGTERM from the main process, which interrupted the\nSIGINT handler. Consequently, the affected processes became\nunresponsive or terminated unexpectedly. With this update, the SIGINT\nsignals in the child processes are ignored, and httpd no longer hangs\nor crashes in this scenario. (BZ#1131006)\n\nIn addition, this update adds the following enhancements :\n\n* With this update, the mod_proxy module of the Apache HTTP Server\nsupports the Unix Domain Sockets (UDS). This allows mod_proxy back\nends to listen on UDS sockets instead of TCP sockets, and as a result,\nmod_proxy can be used to connect UDS back ends. (BZ#1168081)\n\n* This update adds support for using the SetHandler directive together\nwith the mod_proxy module. As a result, it is possible to configure\nSetHandler to use proxy for incoming requests, for example, in the\nfollowing format: SetHandler 'proxy:fcgi://127.0.0.1:9000'.\n(BZ#1136290)\n\n* The htaccess API changes introduced in httpd 2.4.7 have been\nbackported to httpd shipped with Red Hat Enterprise Linux 7.1. These\nchanges allow for the MPM-ITK module to be compiled as an httpd\nmodule. (BZ#1059143)\n\nAll httpd users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements. After installing the updated packages, the httpd daemon\nwill be restarted automatically.", "edition": 25, "published": "2015-03-13T00:00:00", "title": "Oracle Linux 7 : httpd (ELSA-2015-0325)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5704", "CVE-2014-3581"], "modified": "2015-03-13T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:httpd-devel", "p-cpe:/a:oracle:linux:httpd", "p-cpe:/a:oracle:linux:mod_session", "p-cpe:/a:oracle:linux:mod_ssl", "p-cpe:/a:oracle:linux:httpd-manual", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:mod_ldap", "p-cpe:/a:oracle:linux:httpd-tools", "p-cpe:/a:oracle:linux:mod_proxy_html"], "id": "ORACLELINUX_ELSA-2015-0325.NASL", "href": "https://www.tenable.com/plugins/nessus/81802", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:0325 and \n# Oracle Linux Security Advisory ELSA-2015-0325 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81802);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-5704\", \"CVE-2014-3581\");\n script_bugtraq_id(66550, 71656);\n script_xref(name:\"RHSA\", value:\"2015:0325\");\n\n script_name(english:\"Oracle Linux 7 : httpd (ELSA-2015-0325)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:0325 :\n\nUpdated httpd packages that fix two security issues, several bugs, and\nadd various enhancements are for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Low security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which\ngive detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nA flaw was found in the way httpd handled HTTP Trailer headers when\nprocessing requests using chunked encoding. A malicious client could\nuse Trailer headers to set additional HTTP headers after header\nprocessing was performed by other modules. This could, for example,\nlead to a bypass of header restrictions defined with mod_headers.\n(CVE-2013-5704)\n\nA NULL pointer dereference flaw was found in the way the mod_cache\nhttpd module handled Content-Type headers. A malicious HTTP server\ncould cause the httpd child process to crash when the Apache HTTP\nserver was configured to proxy to a server with caching enabled.\n(CVE-2014-3581)\n\nThis update also fixes the following bugs :\n\n* Previously, the mod_proxy_fcgi Apache module always kept the\nback-end connections open even when they should have been closed. As a\nconsequence, the number of open file descriptors was increasing over\nthe time. With this update, mod_proxy_fcgi has been fixed to check the\nstate of the back-end connections, and it closes the idle back-end\nconnections as expected. (BZ#1168050)\n\n* An integer overflow occurred in the ab utility when a large request\ncount was used. Consequently, ab terminated unexpectedly with a\nsegmentation fault while printing statistics after the benchmark. This\nbug has been fixed, and ab no longer crashes in this scenario.\n(BZ#1092420)\n\n* Previously, when httpd was running in the foreground and the user\npressed Ctrl+C to interrupt the httpd processes, a race condition in\nsignal handling occurred. The SIGINT signal was sent to all children\nfollowed by SIGTERM from the main process, which interrupted the\nSIGINT handler. Consequently, the affected processes became\nunresponsive or terminated unexpectedly. With this update, the SIGINT\nsignals in the child processes are ignored, and httpd no longer hangs\nor crashes in this scenario. (BZ#1131006)\n\nIn addition, this update adds the following enhancements :\n\n* With this update, the mod_proxy module of the Apache HTTP Server\nsupports the Unix Domain Sockets (UDS). This allows mod_proxy back\nends to listen on UDS sockets instead of TCP sockets, and as a result,\nmod_proxy can be used to connect UDS back ends. (BZ#1168081)\n\n* This update adds support for using the SetHandler directive together\nwith the mod_proxy module. As a result, it is possible to configure\nSetHandler to use proxy for incoming requests, for example, in the\nfollowing format: SetHandler 'proxy:fcgi://127.0.0.1:9000'.\n(BZ#1136290)\n\n* The htaccess API changes introduced in httpd 2.4.7 have been\nbackported to httpd shipped with Red Hat Enterprise Linux 7.1. These\nchanges allow for the MPM-ITK module to be compiled as an httpd\nmodule. (BZ#1059143)\n\nAll httpd users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements. After installing the updated packages, the httpd daemon\nwill be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-March/004882.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"httpd-2.4.6-31.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"httpd-devel-2.4.6-31.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"httpd-manual-2.4.6-31.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"httpd-tools-2.4.6-31.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mod_ldap-2.4.6-31.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mod_proxy_html-2.4.6-31.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mod_session-2.4.6-31.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mod_ssl-2.4.6-31.0.1.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-tools / mod_ldap / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-06-01T03:22:01", "description": "Updated httpd packages that fix two security issues, several bugs, and\nadd various enhancements are for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Low security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which\ngive detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nA flaw was found in the way httpd handled HTTP Trailer headers when\nprocessing requests using chunked encoding. A malicious client could\nuse Trailer headers to set additional HTTP headers after header\nprocessing was performed by other modules. This could, for example,\nlead to a bypass of header restrictions defined with mod_headers.\n(CVE-2013-5704)\n\nA NULL pointer dereference flaw was found in the way the mod_cache\nhttpd module handled Content-Type headers. A malicious HTTP server\ncould cause the httpd child process to crash when the Apache HTTP\nserver was configured to proxy to a server with caching enabled.\n(CVE-2014-3581)\n\nThis update also fixes the following bugs :\n\n* Previously, the mod_proxy_fcgi Apache module always kept the\nback-end connections open even when they should have been closed. As a\nconsequence, the number of open file descriptors was increasing over\nthe time. With this update, mod_proxy_fcgi has been fixed to check the\nstate of the back-end connections, and it closes the idle back-end\nconnections as expected. (BZ#1168050)\n\n* An integer overflow occurred in the ab utility when a large request\ncount was used. Consequently, ab terminated unexpectedly with a\nsegmentation fault while printing statistics after the benchmark. This\nbug has been fixed, and ab no longer crashes in this scenario.\n(BZ#1092420)\n\n* Previously, when httpd was running in the foreground and the user\npressed Ctrl+C to interrupt the httpd processes, a race condition in\nsignal handling occurred. The SIGINT signal was sent to all children\nfollowed by SIGTERM from the main process, which interrupted the\nSIGINT handler. Consequently, the affected processes became\nunresponsive or terminated unexpectedly. With this update, the SIGINT\nsignals in the child processes are ignored, and httpd no longer hangs\nor crashes in this scenario. (BZ#1131006)\n\nIn addition, this update adds the following enhancements :\n\n* With this update, the mod_proxy module of the Apache HTTP Server\nsupports the Unix Domain Sockets (UDS). This allows mod_proxy back\nends to listen on UDS sockets instead of TCP sockets, and as a result,\nmod_proxy can be used to connect UDS back ends. (BZ#1168081)\n\n* This update adds support for using the SetHandler directive together\nwith the mod_proxy module. As a result, it is possible to configure\nSetHandler to use proxy for incoming requests, for example, in the\nfollowing format: SetHandler 'proxy:fcgi://127.0.0.1:9000'.\n(BZ#1136290)\n\n* The htaccess API changes introduced in httpd 2.4.7 have been\nbackported to httpd shipped with Red Hat Enterprise Linux 7.1. These\nchanges allow for the MPM-ITK module to be compiled as an httpd\nmodule. (BZ#1059143)\n\nAll httpd users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements. After installing the updated packages, the httpd daemon\nwill be restarted automatically.", "edition": 33, "published": "2015-03-05T00:00:00", "title": "RHEL 7 : httpd (RHSA-2015:0325)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5704", "CVE-2014-3581"], "modified": "2021-06-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:mod_ssl", "cpe:/o:redhat:enterprise_linux:7.4", "p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo", "cpe:/o:redhat:enterprise_linux:7.7", "p-cpe:/a:redhat:enterprise_linux:mod_session", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:mod_ldap", "cpe:/o:redhat:enterprise_linux:7.3", "p-cpe:/a:redhat:enterprise_linux:httpd", "cpe:/o:redhat:enterprise_linux:7.6", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:httpd-devel"], "id": "REDHAT-RHSA-2015-0325.NASL", "href": "https://www.tenable.com/plugins/nessus/81629", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0325. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81629);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/10/24 15:35:39\");\n\n script_cve_id(\"CVE-2013-5704\", \"CVE-2014-3581\");\n script_xref(name:\"RHSA\", value:\"2015:0325\");\n\n script_name(english:\"RHEL 7 : httpd (RHSA-2015:0325)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated httpd packages that fix two security issues, several bugs, and\nadd various enhancements are for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Low security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which\ngive detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nA flaw was found in the way httpd handled HTTP Trailer headers when\nprocessing requests using chunked encoding. A malicious client could\nuse Trailer headers to set additional HTTP headers after header\nprocessing was performed by other modules. This could, for example,\nlead to a bypass of header restrictions defined with mod_headers.\n(CVE-2013-5704)\n\nA NULL pointer dereference flaw was found in the way the mod_cache\nhttpd module handled Content-Type headers. A malicious HTTP server\ncould cause the httpd child process to crash when the Apache HTTP\nserver was configured to proxy to a server with caching enabled.\n(CVE-2014-3581)\n\nThis update also fixes the following bugs :\n\n* Previously, the mod_proxy_fcgi Apache module always kept the\nback-end connections open even when they should have been closed. As a\nconsequence, the number of open file descriptors was increasing over\nthe time. With this update, mod_proxy_fcgi has been fixed to check the\nstate of the back-end connections, and it closes the idle back-end\nconnections as expected. (BZ#1168050)\n\n* An integer overflow occurred in the ab utility when a large request\ncount was used. Consequently, ab terminated unexpectedly with a\nsegmentation fault while printing statistics after the benchmark. This\nbug has been fixed, and ab no longer crashes in this scenario.\n(BZ#1092420)\n\n* Previously, when httpd was running in the foreground and the user\npressed Ctrl+C to interrupt the httpd processes, a race condition in\nsignal handling occurred. The SIGINT signal was sent to all children\nfollowed by SIGTERM from the main process, which interrupted the\nSIGINT handler. Consequently, the affected processes became\nunresponsive or terminated unexpectedly. With this update, the SIGINT\nsignals in the child processes are ignored, and httpd no longer hangs\nor crashes in this scenario. (BZ#1131006)\n\nIn addition, this update adds the following enhancements :\n\n* With this update, the mod_proxy module of the Apache HTTP Server\nsupports the Unix Domain Sockets (UDS). This allows mod_proxy back\nends to listen on UDS sockets instead of TCP sockets, and as a result,\nmod_proxy can be used to connect UDS back ends. (BZ#1168081)\n\n* This update adds support for using the SetHandler directive together\nwith the mod_proxy module. As a result, it is possible to configure\nSetHandler to use proxy for incoming requests, for example, in the\nfollowing format: SetHandler 'proxy:fcgi://127.0.0.1:9000'.\n(BZ#1136290)\n\n* The htaccess API changes introduced in httpd 2.4.7 have been\nbackported to httpd shipped with Red Hat Enterprise Linux 7.1. These\nchanges allow for the MPM-ITK module to be compiled as an httpd\nmodule. (BZ#1059143)\n\nAll httpd users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements. After installing the updated packages, the httpd daemon\nwill be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0325\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3581\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0325\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"httpd-2.4.6-31.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd-2.4.6-31.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"httpd-debuginfo-2.4.6-31.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd-debuginfo-2.4.6-31.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"httpd-devel-2.4.6-31.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd-devel-2.4.6-31.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"httpd-manual-2.4.6-31.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"httpd-tools-2.4.6-31.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd-tools-2.4.6-31.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mod_ldap-2.4.6-31.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_ldap-2.4.6-31.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mod_proxy_html-2.4.6-31.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_proxy_html-2.4.6-31.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mod_session-2.4.6-31.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_session-2.4.6-31.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mod_ssl-2.4.6-31.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_ssl-2.4.6-31.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T09:44:03", "description": "This update fixes two security issues with apache2.\n\nCVE-2013-5704\n\nDisable the possibility to replace HTTP headers with HTTP trailers as\nthis could be used to circumvent earlier header operations made by\nother modules. This can be restored with a new MergeTrailers\ndirective.\n\nCVE-2014-3581\n\nFix denial of service where Apache can segfault when mod_cache is used\nand when the cached request contains an empty Content-Type header.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 14, "published": "2015-03-26T00:00:00", "title": "Debian DLA-71-1 : apache2 security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5704", "CVE-2014-3581"], "modified": "2015-03-26T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:apache2-threaded-dev", "p-cpe:/a:debian:debian_linux:apache2.2-common", "cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:apache2-dbg", "p-cpe:/a:debian:debian_linux:apache2-prefork-dev", "p-cpe:/a:debian:debian_linux:apache2-mpm-event", "p-cpe:/a:debian:debian_linux:apache2-doc", "p-cpe:/a:debian:debian_linux:apache2-suexec-custom", "p-cpe:/a:debian:debian_linux:apache2-suexec", "p-cpe:/a:debian:debian_linux:apache2.2-bin", "p-cpe:/a:debian:debian_linux:apache2-mpm-itk", "p-cpe:/a:debian:debian_linux:apache2-utils", "p-cpe:/a:debian:debian_linux:apache2", "p-cpe:/a:debian:debian_linux:apache2-mpm-worker", "p-cpe:/a:debian:debian_linux:apache2-mpm-prefork"], "id": "DEBIAN_DLA-71.NASL", "href": "https://www.tenable.com/plugins/nessus/82216", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-71-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82216);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-5704\", \"CVE-2014-3581\");\n script_bugtraq_id(66550, 71656);\n\n script_name(english:\"Debian DLA-71-1 : apache2 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes two security issues with apache2.\n\nCVE-2013-5704\n\nDisable the possibility to replace HTTP headers with HTTP trailers as\nthis could be used to circumvent earlier header operations made by\nother modules. This can be restored with a new MergeTrailers\ndirective.\n\nCVE-2014-3581\n\nFix denial of service where Apache can segfault when mod_cache is used\nand when the cached request contains an empty Content-Type header.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2014/10/msg00003.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/apache2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-mpm-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-mpm-itk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-mpm-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-mpm-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-prefork-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-suexec-custom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-threaded-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2.2-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2.2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"apache2\", reference:\"2.2.16-6+squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-dbg\", reference:\"2.2.16-6+squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-doc\", reference:\"2.2.16-6+squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-mpm-event\", reference:\"2.2.16-6+squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-mpm-itk\", reference:\"2.2.16-6+squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-mpm-prefork\", reference:\"2.2.16-6+squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-mpm-worker\", reference:\"2.2.16-6+squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-prefork-dev\", reference:\"2.2.16-6+squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-suexec\", reference:\"2.2.16-6+squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-suexec-custom\", reference:\"2.2.16-6+squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-threaded-dev\", reference:\"2.2.16-6+squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-utils\", reference:\"2.2.16-6+squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2.2-bin\", reference:\"2.2.16-6+squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2.2-common\", reference:\"2.2.16-6+squeeze14\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-06-01T03:23:20", "description": "Updated httpd and httpd22 packages that fix two security issues are\nnow available for Red Hat JBoss Web Server 2.1.0 for Red Hat\nEnterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available from the\nCVE links in the References section.\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the\nApache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat\nConnector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and\nthe Tomcat Native library.\n\nMultiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would\ndecode differently from an HTTP proxy software in front of it,\npossibly leading to HTTP request smuggling attacks. (CVE-2015-3183)\n\nA flaw was found in the way httpd handled HTTP Trailer headers when\nprocessing requests using chunked encoding. A malicious client could\nuse Trailer headers to set additional HTTP headers after header\nprocessing was performed by other modules. This could, for example,\nlead to a bypass of header restrictions defined with mod_headers.\n(CVE-2013-5704)\n\nUsers of httpd or httpd22 are advised to upgrade to these updated\npackages, which contain a backported patch to correct this issue.\nAfter installing the updated packages, the httpd or httpd22 service\nmust be restarted manually for this update to take effect.", "edition": 34, "published": "2016-01-22T00:00:00", "title": "RHEL 5 / 6 / 7 : JBoss Web Server (RHSA-2016:0061)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5704", "CVE-2015-3183"], "modified": "2021-06-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:httpd22-tools", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:httpd22", "p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo", "p-cpe:/a:redhat:enterprise_linux:mod_ssl22", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:httpd22-manual", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-native-debuginfo", "p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-native", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:httpd22-devel", "p-cpe:/a:redhat:enterprise_linux:httpd22-debuginfo", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-devel"], "id": "REDHAT-RHSA-2016-0061.NASL", "href": "https://www.tenable.com/plugins/nessus/88077", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0061. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88077);\n script_version(\"2.17\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2013-5704\", \"CVE-2015-3183\");\n script_xref(name:\"RHSA\", value:\"2016:0061\");\n\n script_name(english:\"RHEL 5 / 6 / 7 : JBoss Web Server (RHSA-2016:0061)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated httpd and httpd22 packages that fix two security issues are\nnow available for Red Hat JBoss Web Server 2.1.0 for Red Hat\nEnterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available from the\nCVE links in the References section.\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the\nApache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat\nConnector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and\nthe Tomcat Native library.\n\nMultiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would\ndecode differently from an HTTP proxy software in front of it,\npossibly leading to HTTP request smuggling attacks. (CVE-2015-3183)\n\nA flaw was found in the way httpd handled HTTP Trailer headers when\nprocessing requests using chunked encoding. A malicious client could\nuse Trailer headers to set additional HTTP headers after header\nprocessing was performed by other modules. This could, for example,\nlead to a bypass of header restrictions defined with mod_headers.\n(CVE-2013-5704)\n\nUsers of httpd or httpd22 are advised to upgrade to these updated\npackages, which contain a backported patch to correct this issue.\nAfter installing the updated packages, the httpd or httpd22 service\nmust be restarted manually for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3183\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd22-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd22-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd22-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd22-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-native-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl22\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0061\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL5\", rpm:\"jws-2\") || rpm_exists(release:\"RHEL6\", rpm:\"jws-2\") || rpm_exists(release:\"RHEL7\", rpm:\"jws-2\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss Web Server\");\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"httpd-2.2.26-41.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"httpd-2.2.26-41.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"httpd-devel-2.2.26-41.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"httpd-devel-2.2.26-41.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"httpd-manual-2.2.26-41.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"httpd-manual-2.2.26-41.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"httpd-tools-2.2.26-41.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"httpd-tools-2.2.26-41.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"mod_cluster-native-1.2.9-6.Final_redhat_2.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"mod_cluster-native-1.2.9-6.Final_redhat_2.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"mod_ssl-2.2.26-41.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"mod_ssl-2.2.26-41.ep6.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"httpd-2.2.26-41.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd-2.2.26-41.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"httpd-debuginfo-2.2.26-41.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd-debuginfo-2.2.26-41.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"httpd-devel-2.2.26-41.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd-devel-2.2.26-41.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"httpd-manual-2.2.26-41.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd-manual-2.2.26-41.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"httpd-tools-2.2.26-41.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd-tools-2.2.26-41.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"mod_cluster-native-1.2.9-6.Final_redhat_2.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_cluster-native-1.2.9-6.Final_redhat_2.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"mod_cluster-native-debuginfo-1.2.9-6.Final_redhat_2.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_cluster-native-debuginfo-1.2.9-6.Final_redhat_2.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"mod_ssl-2.2.26-41.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_ssl-2.2.26-41.ep6.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd22-2.2.26-42.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd22-debuginfo-2.2.26-42.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd22-devel-2.2.26-42.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd22-manual-2.2.26-42.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd22-tools-2.2.26-42.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_cluster-native-1.2.9-6.Final_redhat_2.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_cluster-native-debuginfo-1.2.9-6.Final_redhat_2.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_ssl22-2.2.26-42.ep6.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-07T14:16:16", "description": "The Apache2 webserver was updated to fix various issues.\n\nThe following feature was added :\n\n - Provide support for the tunneling of web socket\n connections to a backend websockets server.\n (FATE#316880) The following security issues have been\n fixed :\n\n - The mod_headers module in the Apache HTTP Server 2.2.22\n allowed remote attackers to bypass 'RequestHeader unset'\n directives by placing a header in the trailer portion of\n data sent with chunked transfer coding. The fix also\n adds a 'MergeTrailers' directive to restore legacy\n behavior. (CVE-2013-5704)\n\n - The cache_merge_headers_out function in\n modules/cache/cache_util.c in the mod_cache module in\n the Apache HTTP Server allowed remote attackers to cause\n a denial of service (NULL pointer dereference and\n application crash) via an empty HTTP Content-Type\n header. (CVE-2014-3581)\n\n - Apache HTTP Server allowed remote attackers to obtain\n sensitive information via (1) the ETag header, which\n reveals the inode number, or (2) multipart MIME\n boundary, which reveals child process IDs (PID). We so\n far assumed that this not useful to attackers, the fix\n is basically just reducing potential information leaks.\n (CVE-2003-1418)\n\nThe following bugs have been fixed :\n\n - Treat the 'server unavailable' condition as a transient\n error with all LDAP SDKs. (bsc#904427)\n\n - Fixed a segmentation fault at startup if the certs are\n shared across > 1 server_rec. (bsc#907339)", "edition": 24, "published": "2015-04-09T00:00:00", "title": "SuSE 11.3 Security Update : apache2 (SAT Patch Number 10533)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5704", "CVE-2014-3581", "CVE-2003-1418"], "modified": "2015-04-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:apache2-prefork", "p-cpe:/a:novell:suse_linux:11:apache2-utils", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:apache2", "p-cpe:/a:novell:suse_linux:11:apache2-example-pages", "p-cpe:/a:novell:suse_linux:11:apache2-doc", "p-cpe:/a:novell:suse_linux:11:apache2-worker"], "id": "SUSE_11_APACHE2-150325.NASL", "href": "https://www.tenable.com/plugins/nessus/82657", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82657);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2003-1418\", \"CVE-2013-5704\", \"CVE-2014-3581\");\n\n script_name(english:\"SuSE 11.3 Security Update : apache2 (SAT Patch Number 10533)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Apache2 webserver was updated to fix various issues.\n\nThe following feature was added :\n\n - Provide support for the tunneling of web socket\n connections to a backend websockets server.\n (FATE#316880) The following security issues have been\n fixed :\n\n - The mod_headers module in the Apache HTTP Server 2.2.22\n allowed remote attackers to bypass 'RequestHeader unset'\n directives by placing a header in the trailer portion of\n data sent with chunked transfer coding. The fix also\n adds a 'MergeTrailers' directive to restore legacy\n behavior. (CVE-2013-5704)\n\n - The cache_merge_headers_out function in\n modules/cache/cache_util.c in the mod_cache module in\n the Apache HTTP Server allowed remote attackers to cause\n a denial of service (NULL pointer dereference and\n application crash) via an empty HTTP Content-Type\n header. (CVE-2014-3581)\n\n - Apache HTTP Server allowed remote attackers to obtain\n sensitive information via (1) the ETag header, which\n reveals the inode number, or (2) multipart MIME\n boundary, which reveals child process IDs (PID). We so\n far assumed that this not useful to attackers, the fix\n is basically just reducing potential information leaks.\n (CVE-2003-1418)\n\nThe following bugs have been fixed :\n\n - Treat the 'server unavailable' condition as a transient\n error with all LDAP SDKs. (bsc#904427)\n\n - Fixed a segmentation fault at startup if the certs are\n shared across > 1 server_rec. (bsc#907339)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=713970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=871310\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=899836\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=904427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=907339\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=907477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2003-1418.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5704.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-3581.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 10533.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"apache2-2.2.12-1.51.52.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"apache2-doc-2.2.12-1.51.52.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"apache2-example-pages-2.2.12-1.51.52.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"apache2-prefork-2.2.12-1.51.52.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"apache2-utils-2.2.12-1.51.52.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"apache2-worker-2.2.12-1.51.52.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-05-31T22:33:55", "description": "mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and\n2.4.x through 2.4.10 does not support an httpd configuration in which\nthe same Lua authorization provider is used with different arguments\nwithin different contexts, which allows remote attackers to bypass\nintended access restrictions in opportunistic circumstances by\nleveraging multiple Require directives, as demonstrated by a\nconfiguration that specifies authorization for one group to access a\ncertain directory, and authorization for a second group to access a\nsecond directory. (CVE-2014-8109)\n\nA flaw was found in the way httpd handled HTTP Trailer headers when\nprocessing requests using chunked encoding. A malicious client could\nuse Trailer headers to set additional HTTP headers after header\nprocessing was performed by other modules. This could, for example,\nlead to a bypass of header restrictions defined with mod_headers.\n(CVE-2013-5704)\n\nA NULL pointer dereference flaw was found in the way the mod_cache\nhttpd module handled Content-Type headers. A malicious HTTP server\ncould cause the httpd child process to crash when the Apache HTTP\nserver was configured to proxy to a server with caching enabled.\n(CVE-2014-3581)\n\nThe handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi\nmodule in the Apache HTTP Server 2.4.10 allows remote FastCGI servers\nto cause a denial of service (buffer over-read and daemon crash) via\nlong response headers. (CVE-2014-3583)", "edition": 28, "published": "2015-02-13T00:00:00", "title": "Amazon Linux AMI : httpd24 (ALAS-2015-483)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3583", "CVE-2013-5704", "CVE-2014-3581", "CVE-2014-8109"], "modified": "2021-06-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:mod24_ssl", "p-cpe:/a:amazon:linux:httpd24-manual", "p-cpe:/a:amazon:linux:mod24_ldap", "p-cpe:/a:amazon:linux:mod24_proxy_html", "p-cpe:/a:amazon:linux:httpd24-tools", "p-cpe:/a:amazon:linux:httpd24-debuginfo", "p-cpe:/a:amazon:linux:mod24_session", "p-cpe:/a:amazon:linux:httpd24-devel", "p-cpe:/a:amazon:linux:httpd24", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-483.NASL", "href": "https://www.tenable.com/plugins/nessus/81329", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-483.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81329);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2013-5704\", \"CVE-2014-3581\", \"CVE-2014-3583\", \"CVE-2014-8109\");\n script_xref(name:\"ALAS\", value:\"2015-483\");\n\n script_name(english:\"Amazon Linux AMI : httpd24 (ALAS-2015-483)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and\n2.4.x through 2.4.10 does not support an httpd configuration in which\nthe same Lua authorization provider is used with different arguments\nwithin different contexts, which allows remote attackers to bypass\nintended access restrictions in opportunistic circumstances by\nleveraging multiple Require directives, as demonstrated by a\nconfiguration that specifies authorization for one group to access a\ncertain directory, and authorization for a second group to access a\nsecond directory. (CVE-2014-8109)\n\nA flaw was found in the way httpd handled HTTP Trailer headers when\nprocessing requests using chunked encoding. A malicious client could\nuse Trailer headers to set additional HTTP headers after header\nprocessing was performed by other modules. This could, for example,\nlead to a bypass of header restrictions defined with mod_headers.\n(CVE-2013-5704)\n\nA NULL pointer dereference flaw was found in the way the mod_cache\nhttpd module handled Content-Type headers. A malicious HTTP server\ncould cause the httpd child process to crash when the Apache HTTP\nserver was configured to proxy to a server with caching enabled.\n(CVE-2014-3581)\n\nThe handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi\nmodule in the Apache HTTP Server 2.4.10 allows remote FastCGI servers\nto cause a denial of service (buffer over-read and daemon crash) via\nlong response headers. (CVE-2014-3583)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-483.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update httpd24' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-2.4.10-15.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-debuginfo-2.4.10-15.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-devel-2.4.10-15.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-manual-2.4.10-15.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-tools-2.4.10-15.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_ldap-2.4.10-15.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_proxy_html-2.4.10-15.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_session-2.4.10-15.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_ssl-2.4.10-15.58.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd24 / httpd24-debuginfo / httpd24-devel / httpd24-manual / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "redhat": [{"lastseen": "2019-12-11T13:32:00", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5704", "CVE-2014-0230", "CVE-2014-3581", "CVE-2015-3183", "CVE-2015-5174"], "description": "Red Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the\nApache HTTP Server, the Apache Tomcat Servlet container, Apache\nTomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster),\nHibernate, and the Tomcat Native library.\n\nIt was found that Tomcat would keep connections open after processing\nrequests with a large enough request body. A remote attacker could\npotentially use this flaw to exhaust the pool of available connections\nand prevent further, legitimate connections to the Tomcat server.\n(CVE-2014-0230)\n\nA flaw was found in the way httpd handled HTTP Trailer headers when\nprocessing requests using chunked encoding. A malicious client could\nuse Trailer headers to set additional HTTP headers after header\nprocessing was performed by other modules. This could, for example,\nlead to a bypass of header restrictions defined with mod_headers.\n(CVE-2013-5704)\n\nMultiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could\nuse these flaws to create a specially crafted request, which httpd\nwould decode differently from an HTTP proxy software in front of it,\npossibly leading to HTTP request smuggling attacks. (CVE-2015-3183)\n\n* This enhancement update adds the Red Hat JBoss Web Server 3.0.2\npackages to Red Hat Enterprise Linux 7. These packages provide a\nnumber of enhancements over the previous version of Red Hat JBoss Web\nServer. (JIRA#JWS-229)\n\nUsers of Red Hat JBoss Web Server are advised to upgrade to these\nupdated packages, which add this enhancement.", "modified": "2018-03-19T16:14:02", "published": "2015-12-16T23:09:36", "id": "RHSA-2015:2660", "href": "https://access.redhat.com/errata/RHSA-2015:2660", "type": "redhat", "title": "(RHSA-2015:2660) Moderate: Red Hat JBoss Web Server 3.0.2 security update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:46:03", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5704", "CVE-2014-3581"], "description": "The httpd packages provide the Apache HTTP Server, a powerful, efficient,\nand extensible web server.\n\nA NULL pointer dereference flaw was found in the way the mod_cache httpd\nmodule handled Content-Type headers. A malicious HTTP server could cause\nthe httpd child process to crash when the Apache HTTP server was configured\nto proxy to a server with caching enabled. (CVE-2014-3581)\n\nA flaw was found in the way httpd handled HTTP Trailer headers when\nprocessing requests using chunked encoding. A malicious client could use\nTrailer headers to set additional HTTP headers after header processing was\nperformed by other modules. This could, for example, lead to a bypass of\nheader restrictions defined with mod_headers. (CVE-2013-5704)\n\nNote: With this update, httpd has been modified to not merge HTTP Trailer\nheaders with other HTTP request headers. A newly introduced configuration\ndirective MergeTrailers can be used to re-enable the old method of\nprocessing Trailer headers, which also re-introduces the aforementioned\nflaw.\n\nThis update also fixes the following bug:\n\n* Prior to this update, the mod_proxy_wstunnel module failed to set up an\nSSL connection when configured to use a back end server using the \"wss:\"\nURL scheme, causing proxied connections to fail. In these updated packages,\nSSL is used when proxying to \"wss:\" back end servers. (BZ#1141950)\n\nAll httpd24-httpd users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After installing\nthe updated packages, the httpd24-httpd service will be restarted\nautomatically.\n", "modified": "2018-06-13T01:28:16", "published": "2014-12-09T05:00:00", "id": "RHSA-2014:1972", "href": "https://access.redhat.com/errata/RHSA-2014:1972", "type": "redhat", "title": "(RHSA-2014:1972) Low: httpd24-httpd security and bug fix update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-08-13T18:46:44", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5704", "CVE-2014-3581"], "description": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and\nextensible web server.\n\nA flaw was found in the way httpd handled HTTP Trailer headers when processing\nrequests using chunked encoding. A malicious client could use Trailer headers to\nset additional HTTP headers after header processing was performed by other\nmodules. This could, for example, lead to a bypass of header restrictions\ndefined with mod_headers. (CVE-2013-5704)\n\nA NULL pointer dereference flaw was found in the way the mod_cache httpd module\nhandled Content-Type headers. A malicious HTTP server could cause the httpd\nchild process to crash when the Apache HTTP server was configured to proxy to a\nserver with caching enabled. (CVE-2014-3581)\n\nThis update also fixes the following bugs:\n\n* Previously, the mod_proxy_fcgi Apache module always kept the back-end\nconnections open even when they should have been closed. As a consequence, the\nnumber of open file descriptors was increasing over the time. With this update,\nmod_proxy_fcgi has been fixed to check the state of the back-end connections,\nand it closes the idle back-end connections as expected. (BZ#1168050)\n\n* An integer overflow occurred in the ab utility when a large request count was\nused. Consequently, ab terminated unexpectedly with a segmentation fault while\nprinting statistics after the benchmark. This bug has been fixed, and ab no\nlonger crashes in this scenario. (BZ#1092420)\n\n* Previously, when httpd was running in the foreground and the user pressed\nCtrl+C to interrupt the httpd processes, a race condition in signal handling\noccurred. The SIGINT signal was sent to all children followed by SIGTERM from\nthe main process, which interrupted the SIGINT handler. Consequently, the\naffected processes became unresponsive or terminated unexpectedly. With this\nupdate, the SIGINT signals in the child processes are ignored, and httpd no\nlonger hangs or crashes in this scenario. (BZ#1131006)\n\nIn addition, this update adds the following enhancements:\n\n* With this update, the mod_proxy module of the Apache HTTP Server supports the\nUnix Domain Sockets (UDS). This allows mod_proxy back ends to listen on UDS\nsockets instead of TCP sockets, and as a result, mod_proxy can be used to\nconnect UDS back ends. (BZ#1168081)\n\n* This update adds support for using the SetHandler directive together with the\nmod_proxy module. As a result, it is possible to configure SetHandler to use\nproxy for incoming requests, for example, in the following format: SetHandler\n\"proxy:fcgi://127.0.0.1:9000\". (BZ#1136290)\n\n* The htaccess API changes introduced in httpd 2.4.7 have been backported to\nhttpd shipped with Red Hat Enterprise Linux 7.1. These changes allow for the\nMPM-ITK module to be compiled as an httpd module. (BZ#1059143)\n\nAll httpd users are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues and add these enhancements. After\ninstalling the updated packages, the httpd daemon will be restarted\nautomatically.\n", "modified": "2018-04-12T03:32:46", "published": "2015-03-05T05:00:00", "id": "RHSA-2015:0325", "href": "https://access.redhat.com/errata/RHSA-2015:0325", "type": "redhat", "title": "(RHSA-2015:0325) Low: httpd security, bug fix, and enhancement update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-08-13T18:44:43", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5704", "CVE-2015-3183"], "description": "Red Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library.\n\nMultiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would decode\ndifferently from an HTTP proxy software in front of it, possibly leading to\nHTTP request smuggling attacks. (CVE-2015-3183)\n\nA flaw was found in the way httpd handled HTTP Trailer headers when\nprocessing requests using chunked encoding. A malicious client could use\nTrailer headers to set additional HTTP headers after header processing was\nperformed by other modules. This could, for example, lead to a bypass of\nheader restrictions defined with mod_headers. (CVE-2013-5704)\n\nUsers of httpd or httpd22 are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After installing\nthe updated packages, the httpd or httpd22 service must be restarted\nmanually for this update to take effect.", "modified": "2018-08-09T19:46:59", "published": "2016-01-21T20:44:55", "id": "RHSA-2016:0061", "href": "https://access.redhat.com/errata/RHSA-2016:0061", "type": "redhat", "title": "(RHSA-2016:0061) Moderate: httpd and httpd22 security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T14:35:31", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0876", "CVE-2013-5704", "CVE-2015-3183"], "description": "Red Hat JBoss Web Server is a fully integrated and certified set of \ncomponents for hosting Java web applications. It is comprised of the Apache \nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector \n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat \nNative library.\n\nMultiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would decode \ndifferently from an HTTP proxy software in front of it, possibly leading to \nHTTP request smuggling attacks. (CVE-2015-3183)\n\nA denial of service flaw was found in the implementation of hash arrays in \nExpat. An attacker could use this flaw to make an application using Expat \nconsume an excessive amount of CPU time by providing a specially-crafted\nXML file that triggers multiple hash function collisions. To mitigate this\nissue, randomization has been added to the hash function to reduce the\nchance of an attacker successfully causing intentional collisions.\n(CVE-2012-0876)\n\nA flaw was found in the way httpd handled HTTP Trailer headers when \nprocessing requests using chunked encoding. A malicious client could use \nTrailer headers to set additional HTTP headers after header processing was \nperformed by other modules. This could, for example, lead to a bypass of \nheader restrictions defined with mod_headers. (CVE-2013-5704)\n\nAll users of Red Hat JBoss Web Server 2.1.0 as provided from the Red Hat \nCustomer Portal are advised to apply this update. The Red Hat JBoss Web \nServer process must be restarted for the update to take effect.", "modified": "2018-02-15T23:12:14", "published": "2016-01-21T20:45:11", "id": "RHSA-2016:0062", "href": "https://access.redhat.com/errata/RHSA-2016:0062", "type": "redhat", "title": "(RHSA-2016:0062) Moderate: Red Hat JBoss Web Server 2.1.0 security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-08-13T18:45:25", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5704"], "description": "The httpd packages provide the Apache HTTP Server, a powerful, efficient,\nand extensible web server.\n\nA flaw was found in the way httpd handled HTTP Trailer headers when\nprocessing requests using chunked encoding. A malicious client could use\nTrailer headers to set additional HTTP headers after header processing was\nperformed by other modules. This could, for example, lead to a bypass of\nheader restrictions defined with mod_headers. (CVE-2013-5704)\n\nThis update also fixes the following bugs:\n\n* The order of mod_proxy workers was not checked when httpd configuration\nwas reloaded. When mod_proxy workers were removed, added, or their order\nwas changed, their parameters and scores could become mixed. The order of\nmod_proxy workers has been made internally consistent during configuration\nreload. (BZ#1149906)\n\n* The local host certificate created during firstboot contained CA\nextensions, which caused the httpd service to return warning messages.\nThis has been addressed by local host certificates being generated with the\n\"-extensions v3_req\" option. (BZ#906476)\n\n* The default mod_ssl configuration no longer enables support for SSL\ncipher suites using the single DES, IDEA, or SEED encryption algorithms.\n(BZ#1086771)\n\n* The apachectl script did not take into account the HTTPD_LANG variable\nset in the /etc/sysconfig/httpd file during graceful restarts.\nConsequently, httpd did not use a changed value of HTTPD_LANG when the\ndaemon was restarted gracefully. The script has been fixed to handle the\nHTTPD_LANG variable correctly. (BZ#963146)\n\n* The mod_deflate module failed to check the original file size while\nextracting files larger than 4 GB, making it impossible to extract large\nfiles. Now, mod_deflate checks the original file size properly according to\nRFC1952, and it is able to decompress files larger than 4 GB. (BZ#1057695)\n\n* The httpd service did not check configuration before restart. When a\nconfiguration contained an error, an attempt to restart httpd gracefully\nfailed. Now, httpd checks configuration before restart and if the\nconfiguration is in an inconsistent state, an error message is printed,\nhttpd is not stopped and a restart is not performed. (BZ#1146194)\n\n* The SSL_CLIENT_VERIFY environment variable was incorrectly handled when\nthe \"SSLVerifyClient optional_no_ca\" and \"SSLSessionCache\" options were\nused. When an SSL session was resumed, the SSL_CLIENT_VERIFY value was set\nto \"SUCCESS\" instead of the previously set \"GENEROUS\". SSL_CLIENT_VERIFY is\nnow correctly set to GENEROUS in this scenario. (BZ#1149703)\n\n* The ab utility did not correctly handle situations when an SSL connection\nwas closed after some data had already been read. As a consequence, ab did\nnot work correctly with SSL servers and printed \"SSL read failed\" error\nmessages. With this update, ab works as expected with HTTPS servers.\n(BZ#1045477)\n\n* When a client presented a revoked certificate, log entries were created\nonly at the debug level. The log level of messages regarding a revoked\ncertificate has been increased to INFO, and administrators are now properly\ninformed of this situation. (BZ#1161328)\n\nIn addition, this update adds the following enhancement:\n\n* A mod_proxy worker can now be set into drain mode (N) using the\nbalancer-manager web interface or using the httpd configuration file.\nA worker in drain mode accepts only existing sticky sessions destined for\nitself and ignores all other requests. The worker waits until all clients\ncurrently connected to this worker complete their work before the worker is\nstopped. As a result, drain mode enables to perform maintenance on a worker\nwithout affecting clients. (BZ#767130)\n\nUsers of httpd are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add this\nenhancement. After installing the updated packages, the httpd service will\nbe restarted automatically.\n", "modified": "2018-06-06T20:24:34", "published": "2015-07-22T09:29:38", "id": "RHSA-2015:1249", "href": "https://access.redhat.com/errata/RHSA-2015:1249", "type": "redhat", "title": "(RHSA-2015:1249) Low: httpd security, bug fix, and enhancement update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-08-13T18:45:00", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3183"], "description": "The httpd packages provide the Apache HTTP Server, a powerful, efficient,\nand extensible web server.\n\nMultiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would decode\ndifferently from an HTTP proxy software in front of it, possibly leading to\nHTTP request smuggling attacks. (CVE-2015-3183)\n\nAll httpd users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdated packages, the httpd service will be restarted automatically.\n", "modified": "2018-06-06T20:24:10", "published": "2015-08-24T04:00:00", "id": "RHSA-2015:1668", "href": "https://access.redhat.com/errata/RHSA-2015:1668", "type": "redhat", "title": "(RHSA-2015:1668) Moderate: httpd security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2021-06-07T09:02:05", "description": "The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass \"RequestHeader unset\" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states \"this is not a security issue in httpd as such.\"", "edition": 9, "cvss3": {}, "published": "2014-04-15T10:55:00", "title": "CVE-2013-5704", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5704"], "modified": "2021-06-06T11:15:00", "cpe": ["cpe:/a:apache:http_server:2.2.22"], "id": "CVE-2013-5704", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5704", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:apache:http_server:2.2.22:*:*:*:*:*:*:*"]}, {"lastseen": "2021-06-07T09:04:20", "description": "The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.", "edition": 12, "cvss3": {}, "published": "2014-10-10T10:55:00", "title": "CVE-2014-3581", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3581"], "modified": "2021-06-06T11:15:00", "cpe": ["cpe:/a:apache:apache_http_server:2.4.0", "cpe:/a:apache:apache_http_server:2.4.2", "cpe:/a:apache:apache_http_server:2.4.10", "cpe:/a:apache:apache_http_server:2.4.8", "cpe:/a:apache:apache_http_server:2.4.5", "cpe:/a:apache:apache_http_server:2.4.9", "cpe:/a:apache:apache_http_server:2.4.6", "cpe:/a:apache:apache_http_server:2.4.4", "cpe:/a:apache:apache_http_server:2.4.7", "cpe:/a:apache:apache_http_server:2.4.1", "cpe:/a:apache:apache_http_server:2.4.3"], "id": "CVE-2014-3581", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3581", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:apache:apache_http_server:2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apache_http_server:2.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apache_http_server:2.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apache_http_server:2.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apache_http_server:2.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apache_http_server:2.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apache_http_server:2.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apache_http_server:2.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apache_http_server:2.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apache_http_server:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apache_http_server:2.4.10:*:*:*:*:*:*:*"]}, {"lastseen": "2021-04-22T23:51:44", "description": "Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.", "edition": 10, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2016-02-25T01:59:00", "title": "CVE-2015-5174", "type": "cve", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5174"], "modified": "2019-04-15T16:30:00", "cpe": ["cpe:/a:apache:tomcat:6.0.16", "cpe:/a:apache:tomcat:7.0.11", "cpe:/a:apache:tomcat:8.0.26", "cpe:/a:apache:tomcat:7.0.50", "cpe:/a:apache:tomcat:6.0.32", "cpe:/a:apache:tomcat:8.0.17", "cpe:/a:apache:tomcat:7.0.63", "cpe:/a:apache:tomcat:6.0.33", "cpe:/a:apache:tomcat:7.0.40", "cpe:/a:apache:tomcat:6.0.0", "cpe:/a:apache:tomcat:6.0.4", "cpe:/a:apache:tomcat:7.0.35", "cpe:/a:apache:tomcat:6.0.10", "cpe:/a:apache:tomcat:7.0.29", "cpe:/a:apache:tomcat:7.0.54", "cpe:/a:apache:tomcat:7.0.52", "cpe:/a:apache:tomcat:6.0.20", "cpe:/a:apache:tomcat:7.0.42", "cpe:/a:apache:tomcat:7.0.16", "cpe:/a:apache:tomcat:7.0.32", "cpe:/a:apache:tomcat:7.0.41", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:apache:tomcat:6.0.28", "cpe:/a:apache:tomcat:7.0.4", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/a:apache:tomcat:8.0.0", "cpe:/a:apache:tomcat:6.0.13", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:apache:tomcat:7.0.23", "cpe:/a:apache:tomcat:6.0.14", "cpe:/a:apache:tomcat:7.0.37", "cpe:/a:apache:tomcat:6.0.41", "cpe:/a:apache:tomcat:7.0.20", "cpe:/a:apache:tomcat:6.0.29", "cpe:/a:apache:tomcat:8.0.12", "cpe:/a:apache:tomcat:7.0.28", "cpe:/a:apache:tomcat:7.0.27", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/a:apache:tomcat:8.0.18", "cpe:/a:apache:tomcat:7.0.0", "cpe:/a:apache:tomcat:6.0.11", "cpe:/a:apache:tomcat:6.0.37", "cpe:/a:apache:tomcat:7.0.2", "cpe:/a:apache:tomcat:7.0.25", "cpe:/a:apache:tomcat:7.0.61", "cpe:/a:apache:tomcat:6.0.43", "cpe:/a:apache:tomcat:7.0.12", "cpe:/a:apache:tomcat:6.0.44", "cpe:/a:apache:tomcat:7.0.59", "cpe:/a:apache:tomcat:6.0.26", "cpe:/a:apache:tomcat:7.0.30", "cpe:/a:apache:tomcat:7.0.22", "cpe:/a:apache:tomcat:7.0.26", "cpe:/a:apache:tomcat:7.0.56", "cpe:/a:apache:tomcat:6.0.2", "cpe:/a:apache:tomcat:6.0.1", "cpe:/a:apache:tomcat:7.0.19", "cpe:/a:apache:tomcat:7.0.33", "cpe:/a:apache:tomcat:8.0.15", "cpe:/a:apache:tomcat:7.0.55", "cpe:/a:apache:tomcat:7.0.5", "cpe:/a:apache:tomcat:8.0.14", "cpe:/a:apache:tomcat:7.0.53", "cpe:/a:apache:tomcat:8.0.11", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:apache:tomcat:7.0.39", "cpe:/a:apache:tomcat:6.0.24", "cpe:/a:apache:tomcat:6.0.39", "cpe:/a:apache:tomcat:7.0.64", "cpe:/a:apache:tomcat:7.0.47", "cpe:/a:apache:tomcat:7.0.34", "cpe:/a:apache:tomcat:6.0.36", "cpe:/a:apache:tomcat:8.0.20", "cpe:/a:apache:tomcat:7.0.62", "cpe:/a:apache:tomcat:7.0.6", "cpe:/a:apache:tomcat:7.0.14", "cpe:/a:apache:tomcat:6.0.35", "cpe:/a:apache:tomcat:7.0.21", "cpe:/a:apache:tomcat:8.0.24", "cpe:/a:apache:tomcat:6.0.18", "cpe:/a:apache:tomcat:8.0.23", "cpe:/a:apache:tomcat:7.0.57", "cpe:/a:apache:tomcat:7.0.10", "cpe:/a:apache:tomcat:8.0.1", "cpe:/a:apache:tomcat:6.0.30", "cpe:/a:apache:tomcat:8.0.21", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/a:apache:tomcat:8.0.22"], "id": "CVE-2015-5174", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5174", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.5:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.61:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.43:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.53:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.36:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.44:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.59:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.62:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.39:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.17:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.63:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.41:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.64:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.21:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*"]}, {"lastseen": "2021-04-22T23:44:02", "description": "Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.", "edition": 7, "cvss3": {}, "published": "2015-06-07T23:59:00", "title": "CVE-2014-0230", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0230"], "modified": "2019-04-15T16:30:00", "cpe": ["cpe:/a:apache:tomcat:6.0.16", "cpe:/a:apache:tomcat:7.0.11", "cpe:/a:oracle:virtualization:4.63", "cpe:/a:apache:tomcat:7.0.50", "cpe:/a:apache:tomcat:6.0.32", "cpe:/a:apache:tomcat:6.0.7", "cpe:/a:apache:tomcat:6.0.33", "cpe:/a:apache:tomcat:7.0.40", "cpe:/a:apache:tomcat:6.0.0", "cpe:/a:apache:tomcat:6.0.4", "cpe:/a:apache:tomcat:7.0.35", "cpe:/a:apache:tomcat:6.0.10", "cpe:/a:apache:tomcat:7.0.29", "cpe:/a:apache:tomcat:6.0.5", "cpe:/a:apache:tomcat:7.0.54", "cpe:/a:apache:tomcat:7.0.52", "cpe:/a:apache:tomcat:6.0.20", "cpe:/a:apache:tomcat:6.0.6", "cpe:/a:apache:tomcat:7.0.42", "cpe:/a:apache:tomcat:7.0.16", "cpe:/a:apache:tomcat:7.0.32", "cpe:/a:oracle:virtualization:4.71", "cpe:/a:apache:tomcat:7.0.41", "cpe:/a:apache:tomcat:7.0.49", "cpe:/a:oracle:virtualization:5.1", "cpe:/a:apache:tomcat:6.0.28", "cpe:/a:apache:tomcat:7.0.4", "cpe:/a:apache:tomcat:7.0.36", "cpe:/a:apache:tomcat:8.0.3", "cpe:/a:apache:tomcat:8.0.0", "cpe:/a:apache:tomcat:6.0.13", "cpe:/a:apache:tomcat:7.0.23", "cpe:/a:apache:tomcat:6.0.14", "cpe:/a:apache:tomcat:7.0.37", "cpe:/a:apache:tomcat:7.0.46", "cpe:/a:apache:tomcat:6.0.41", "cpe:/a:apache:tomcat:7.0.20", "cpe:/a:apache:tomcat:7.0.3", "cpe:/a:apache:tomcat:7.0.48", "cpe:/a:apache:tomcat:7.0.7", "cpe:/a:apache:tomcat:6.0.29", "cpe:/a:apache:tomcat:7.0.24", "cpe:/a:apache:tomcat:7.0.28", "cpe:/a:apache:tomcat:7.0.44", "cpe:/a:apache:tomcat:7.0.27", "cpe:/a:apache:tomcat:6.0.19", "cpe:/a:apache:tomcat:6.0.12", "cpe:/a:apache:tomcat:7.0.45", "cpe:/a:apache:tomcat:7.0.13", "cpe:/a:apache:tomcat:8.0.8", "cpe:/a:apache:tomcat:7.0.0", "cpe:/a:apache:tomcat:6.0.11", "cpe:/a:apache:tomcat:6.0.37", "cpe:/a:apache:tomcat:7.0.15", "cpe:/a:apache:tomcat:7.0.2", "cpe:/a:apache:tomcat:7.0.25", "cpe:/a:apache:tomcat:8.0.5", "cpe:/a:apache:tomcat:6.0.43", "cpe:/a:apache:tomcat:7.0.12", "cpe:/a:apache:tomcat:6.0.8", "cpe:/a:apache:tomcat:7.0.38", "cpe:/a:apache:tomcat:7.0.18", "cpe:/a:apache:tomcat:6.0.26", "cpe:/a:apache:tomcat:7.0.30", "cpe:/a:apache:tomcat:7.0.22", "cpe:/a:apache:tomcat:7.0.26", "cpe:/a:apache:tomcat:6.0.2", "cpe:/a:apache:tomcat:6.0.1", "cpe:/a:apache:tomcat:7.0.19", "cpe:/a:apache:tomcat:7.0.33", "cpe:/a:apache:tomcat:7.0.17", "cpe:/a:apache:tomcat:7.0.5", "cpe:/a:apache:tomcat:7.0.53", "cpe:/a:apache:tomcat:7.0.39", "cpe:/a:apache:tomcat:7.0.9", "cpe:/a:apache:tomcat:6.0.31", "cpe:/a:apache:tomcat:7.0.1", "cpe:/a:apache:tomcat:6.0.24", "cpe:/a:apache:tomcat:6.0.39", "cpe:/a:apache:tomcat:7.0.8", "cpe:/a:apache:tomcat:7.0.47", "cpe:/a:apache:tomcat:7.0.34", "cpe:/a:apache:tomcat:6.0.36", "cpe:/a:apache:tomcat:7.0.6", "cpe:/a:apache:tomcat:7.0.14", "cpe:/a:apache:tomcat:6.0.35", "cpe:/a:apache:tomcat:6.0.17", "cpe:/a:apache:tomcat:6.0.27", "cpe:/a:apache:tomcat:7.0.21", "cpe:/a:apache:tomcat:6.0.3", "cpe:/a:apache:tomcat:6.0.15", "cpe:/a:apache:tomcat:6.0.18", "cpe:/a:apache:tomcat:7.0.10", "cpe:/a:apache:tomcat:7.0.31", "cpe:/a:apache:tomcat:8.0.1", "cpe:/a:apache:tomcat:6.0.30", "cpe:/a:apache:tomcat:6.0.9", "cpe:/a:apache:tomcat:7.0.43"], "id": "CVE-2014-0230", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0230", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:virtualization:4.71:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.43:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.53:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:virtualization:4.63:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.36:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.39:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.41:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:oracle:virtualization:5.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*"]}, {"lastseen": "2021-06-07T09:01:25", "description": "The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.", "edition": 12, "cvss3": {}, "published": "2015-07-20T23:59:00", "title": "CVE-2015-3183", "type": "cve", "cwe": ["CWE-20", "CWE-17"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3183"], "modified": "2021-06-06T11:15:00", "cpe": ["cpe:/a:apache:http_server:2.4.13"], "id": "CVE-2015-3183", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3183", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:apache:http_server:2.4.13:*:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2019-03-12T18:18:16", "bulletinFamily": "software", "cvelist": ["CVE-2013-5704"], "description": "\nF5 Product Development has assigned ID 519943 (BIG-IP), ID 521050 (BIG-IQ), and ID 521051 (Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low| Configuration utility \nBIG-IP AAM| 12.0.0 \n11.4.0 - 11.6.1| 12.1.0| Low| Configuration utility \nBIG-IP AFM| 12.0.0 \n11.3.0 - 11.6.1| 12.1.0| Low| Configuration utility \nBIG-IP Analytics| 12.0.0 \n11.0.0 - 11.6.1| 12.1.0| Low| Configuration utility \nBIG-IP APM| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low| Configuration utility \nBIG-IP ASM| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low| Configuration utility \nBIG-IP DNS| 12.0.0| 12.1.0| Low| Configuration utility \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| Configuration utility \nBIG-IP GTM| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| None| Low| Configuration utility \nBIG-IP Link Controller| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low| Configuration utility \nBIG-IP PEM| 12.0.0 \n11.3.0 - 11.6.1| 12.1.0| Low| Configuration utility \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| Low| Configuration utility \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| Configuration utility \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| Configuration utility \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.0.0 - 3.1.1| None| Low| Configuration utility \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Low| Configuration utility \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Low| Configuration utility \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Low| Configuration utility \nBIG-IQ ADC| 4.5.0| None| Low| Configuration utility \nLineRate| None| 2.5.0 - 2.6.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the** Severity **value. Security Advisory articles published before this date do not list a **Severity** value.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nTo mitigate this vulnerability for BIG-IP and Enterprise Manager, you should only permit management access to F5 products over a secure network and limit shell access to trusted users. For more information, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "edition": 1, "modified": "2017-04-06T16:51:00", "published": "2015-07-07T21:58:00", "id": "F5:K16863", "href": "https://support.f5.com/csp/article/K16863", "title": "Apache vulnerability CVE-2013-5704", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2021-06-08T18:49:04", "bulletinFamily": "software", "cvelist": ["CVE-2013-5704"], "edition": 2, "description": "Vulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability for BIG-IP and Enterprise Manager, you should only permit management access to F5 products over a secure network and limit shell access to trusted users. For more information, refer to SOL13309: Restricting access to the Configuration utility by source IP address (11.x) and SOL13092: Overview of securing access to the BIG-IP system.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2016-05-28T00:00:00", "published": "2015-07-07T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/800/sol16863.html", "id": "SOL16863", "type": "f5", "title": "SOL16863 - Apache vulnerability CVE-2013-5704", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-06-08T00:16:20", "bulletinFamily": "software", "cvelist": ["CVE-2015-3183"], "edition": 1, "description": "\nF5 Product Development has assigned ID 537255 (BIG-IP), ID 538018 (BIG-IQ), ID 538016 (Enterprise Manager), and ID 431234 (ARX) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low| Apache \nBIG-IP AAM| 12.0.0 \n11.4.0 - 11.6.1| 12.1.0| Low| Apache \nBIG-IP AFM| 12.0.0 \n11.3.0 - 11.6.1| 12.1.0| Low| Apache \nBIG-IP Analytics| 12.0.0 \n11.0.0 - 11.6.1| 12.1.0| Low| Apache \nBIG-IP APM| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low| Apache \nBIG-IP ASM| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low| Apache \nBIG-IP DNS| 12.0.0| 12.1.0| Low| Apache \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| Apache \nBIG-IP GTM| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| None| Low| Apache \nBIG-IP Link Controller| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low| Apache \nBIG-IP PEM| 12.0.0 \n11.3.0 - 11.6.1| 12.1.0| Low| Apache \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| Low| Apache \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| Apache \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| Apache \nARX| 6.0.0 - 6.4.0| None| Low| Apache \nEnterprise Manager| 3.0.0 - 3.1.1| None| Low| Apache \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Low| Apache \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Low| Apache \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Low| Apache \nBIG-IQ ADC| 4.5.0| None| Low| Apache \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nTo mitigate this vulnerability, you should permit management access to F5 products only over a secure network and limit shell access to trusted users. For more information about securing access to BIG-IP and Enterprise Manager systems, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13902>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 12.x)](<https://support.f5.com/csp/article/K13123>)\n * [K10025: Managing BIG-IP product hotfixes (10.x)](<https://support.f5.com/csp/article/K10025>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n", "modified": "2017-03-13T23:05:00", "published": "2015-09-10T05:07:00", "href": "https://support.f5.com/csp/article/K17251", "id": "F5:K17251", "title": "Apache vulnerability CVE-2015-3183", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-06-08T00:16:03", "bulletinFamily": "software", "cvelist": ["CVE-2014-0230"], "edition": 1, "description": "\nF5 Product Development has assigned ID 529405 (BIG-IP and Enterprise Manager), ID 466436 (ARX), and ID CPF-12794 (Traffix SDC) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low| Configuration utility \nBIG-IP AAM| 12.0.0 \n11.4.0 - 11.6.1| 12.1.0| Low| Configuration utility \nBIG-IP AFM| 12.0.0 \n11.3.0 - 11.6.1| 12.1.0| Low| Configuration utility \nBIG-IP Analytics| 12.0.0 \n11.0.0 - 11.6.1| 12.1.0| Low| Configuration utility \nBIG-IP APM| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low| Configuration utility \nBIG-IP ASM| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low| Configuration utility \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| Configuration utility \nBIG-IP GTM| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| None| Low| Configuration utility \nBIG-IP Link Controller| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low| Configuration utility \nBIG-IP PEM| 12.0.0 \n11.3.0 - 11.6.1| 12.1.0| Low| Configuration utility \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| Low| Configuration utility \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| Configuration utility \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| Configuration utility \nARX| 6.0.0 - 6.4.0| None| Medium| ARX GUI \nEnterprise Manager| 3.0.0 - 3.1.1| None| Low| Configuration utility \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| None| Low| WebUI\n\nIf you are running a version listed in the **Versions known to be vulnerable column**, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable column**. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nTo mitigate this vulnerability for BIG-IP, Enterprise Manager, and BIG-IQ, you should permit access to the Configuration utility only over a secure network and limit login access to trusted users. For more information, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13309>).\n\nTo mitigate this vulnerability for ARX, you should permit access to the ARX GUI only over a secure network, and limit login access to trusted users.\n\nTo mitigate this vulnerability for Traffix, you should permit access to the WebUI only over a secure network, and limit login access to trusted users.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2017-03-13T23:05:00", "published": "2015-08-13T06:33:00", "id": "F5:K17123", "href": "https://support.f5.com/csp/article/K17123", "title": "Apache Tomcat vulnerability CVE-2014-0230", "type": "f5", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2020-04-06T22:40:13", "bulletinFamily": "software", "cvelist": ["CVE-2015-5174"], "description": "\nF5 Product Development has assigned ID 576878 (BIG-IP), ID 578582 (Enterprise Manager), ID 466436 (ARX), and INSTALLER-2266 (Traffix SDC) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H30971148 on the **Diagnostics** > **Identified** > **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 12.0.0 - 12.1.5 \n11.0.0 - 11.6.5 \n10.1.0 - 10.2.4 | 13.0.0 | Low | Tomcat \nBIG-IP AAM | 12.0.0 - 12.1.5 \n11.4.0 - 11.6.5 | 13.0.0 | Low | Tomcat \nBIG-IP AFM | 12.0.0 - 12.1.5 \n11.3.0 - 11.6.5 | 13.0.0 | Low | Tomcat \nBIG-IP Analytics | 12.0.0- 12.1.5 \n11.0.0 - 11.6.5 | 13.0.0 | Low | Tomcat \nBIG-IP APM | 12.0.0- 12.1.5 \n11.0.0 - 11.6.5 \n10.1.0 - 10.2.4 | 13.0.0 | Low | Tomcat \nBIG-IP ASM | 12.0.0- 12.1.5 \n11.0.0 - 11.6.5 \n10.1.0 - 10.2.4 | 13.0.0 | Low | Tomcat \nBIG-IP DNS | 12.0.0- 12.1.5 | 13.0.0 | Low | Tomcat \nBIG-IP Edge Gateway | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None | Low | Tomcat \nBIG-IP GTM | 11.0.0 - 11.6.5 \n10.1.0 - 10.2.4 | None | Low | Tomcat \nBIG-IP Link Controller | 12.0.0- 12.1.5 \n11.0.0 - 11.6.5 \n10.1.0 - 10.2.4 | 13.0.0 | Low | Tomcat \nBIG-IP PEM | 12.0.0- 12.1.5 \n11.3.0 - 11.6.5 | 13.0.0 | Low | Tomcat \nBIG-IP PSM | 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 | None | Low | Tomcat \nBIG-IP WebAccelerator | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None | Low | Tomcat \nBIG-IP WOM | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None | Low | Tomcat \nARX | 6.0.0 - 6.4.0 | None | Low | GUI \nEnterprise Manager | 3.0.0 - 3.1.1 | None | Low | Tomcat \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 | Not vulnerable | None \nBIG-IQ Cloud | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.2.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nBIG-IQ Centralized Management | None | 4.6.0 | Not vulnerable | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 | None | Low | Tomcat\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K10025: Managing BIG-IP product hotfixes (10.x)](<https://support.f5.com/csp/article/K10025>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n", "edition": 1, "modified": "2020-03-16T12:21:00", "published": "2016-03-23T03:55:00", "id": "F5:K30971148", "href": "https://support.f5.com/csp/article/K30971148", "title": "Apache Tomcat 6.x vulnerability CVE-2015-5174", "type": "f5", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2021-06-08T18:45:09", "bulletinFamily": "software", "cvelist": ["CVE-2015-3183"], "edition": 2, "description": "Vulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability, you should permit management access to F5 products only over a secure network and limit shell access to trusted users. For more information about securing access to BIG-IP and Enterprise Manager systems, refer to SOL13309: Restricting access to the Configuration utility by source IP address (11.x) and SOL13092: Overview of securing access to the BIG-IP system.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n", "modified": "2016-05-25T00:00:00", "published": "2015-09-09T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/200/sol17251.html", "id": "SOL17251", "title": "SOL17251 - Apache vulnerability CVE-2015-3183", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2021-06-08T18:45:09", "bulletinFamily": "software", "cvelist": ["CVE-2014-0230"], "edition": 2, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable column**, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable column**. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability for BIG-IP, Enterprise Manager, and BIG-IQ, you should permit access to the Configuration utility only over a secure network and limit login access to trusted users. For more information, refer to SOL13309: Restricting access to the Configuration utility by source IP address (11.x) and SOL13092: Overview of securing access to the BIG-IP system.\n\nTo mitigate this vulnerability for ARX, you should permit access to the ARX GUI only over a secure network, and limit login access to trusted users.\n\nTo mitigate this vulnerability for Traffix, you should permit access to the WebUI only over a secure network, and limit login access to trusted users.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2016-05-23T00:00:00", "published": "2015-08-12T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/100/sol17123.html", "id": "SOL17123", "title": "SOL17123 - Apache Tomcat vulnerability CVE-2014-0230", "type": "f5", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-10-12T02:11:18", "bulletinFamily": "software", "cvelist": ["CVE-2014-3583", "CVE-2014-3581", "CVE-2014-8109"], "edition": 1, "description": "Description \n\n\n * [CVE-2014-8109](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8109>) \n \nmod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory. \n \n\n * [CVE-2014-3581](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3581>) \n \nThe cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header. \n \n\n * [CVE-2014-3583](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3583>) \n \nThe handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers. \n\n\nImpact \n\n\nThere is no impact; F5 products are not affected by these vulnerabilities.\n\nStatus\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | None \n| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP AAM | None | 11.4.0 - 11.6.0 | Not vulnerable | None \nBIG-IP AFM | None | 11.3.0 - 11.6.0 | Not vulnerable | None \nBIG-IP Analytics | None | 11.0.0 - 11.6.0 | Not vulnerable | None \nBIG-IP APM | None | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP ASM | None | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP Edge Gateway \n| None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP GTM | None | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP Link Controller | None | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP PEM | None | 11.3.0 - 11.6.0 | Not vulnerable | None \nBIG-IP PSM | None | 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP WebAccelerator | None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP WOM | None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | Not vulnerable | None \nARX | None \n| 6.0.0 - 6.4.0 \n| Not vulnerable | None \n \nEnterprise Manager | None \n| 3.0.0 - 3.1.1 | Not vulnerable | None \nFirePass | None \n| 7.0.0 \n6.0.0 - 6.1.0 \n| Not vulnerable | None \n \nBIG-IQ Cloud | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.2.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nLineRate | None \n| 2.5.0 - 2.6.0 \n| Not vulnerable | None \n \nF5 WebSafe | None \n| 1.0.0 \n| Not vulnerable | None \n \nTraffix SDC | None \n| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 \n| Not vulnerable | None \n \n \nRecommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nSupplemental Information\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x)](<https://support.f5.com/csp/article/K13123>)\n", "modified": "2016-01-09T02:23:00", "published": "2015-07-03T00:14:00", "id": "F5:K16847", "href": "https://support.f5.com/csp/article/K16847", "title": "Apache vulnerabilities CVE-2014-8109, CVE-2014-3581, CVE-2014-3583", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:30", "bulletinFamily": "software", "cvelist": ["CVE-2014-3583", "CVE-2014-3581", "CVE-2014-8109"], "edition": 1, "description": "Recommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x)\n", "modified": "2015-07-02T00:00:00", "published": "2015-07-02T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/800/sol16847.html", "id": "SOL16847", "title": "SOL16847 - Apache vulnerabilities CVE-2014-8109, CVE-2014-3581, CVE-2014-3583", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2021-06-08T18:45:11", "bulletinFamily": "software", "cvelist": ["CVE-2016-0714", "CVE-2015-5345", "CVE-2015-5174", "CVE-2016-0706"], "edition": 2, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n", "modified": "2016-11-14T00:00:00", "published": "2016-03-22T00:00:00", "id": "SOL30971148", "href": "http://support.f5.com/kb/en-us/solutions/public/k/30/sol30971148.html", "type": "f5", "title": "SOL30971148 - Apache Tomcat 6.x vulnerabilities CVE-2015-5174, CVE-2015-5345, CVE-2016-0706, and CVE-2016-0714", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:58", "bulletinFamily": "software", "cvelist": ["CVE-2014-0230"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA256\r\n\r\nCVE-2014-0230 Denial of Service\r\n\r\nSeverity: Low\r\n\r\nVendor: The Apache Software Foundation\r\n\r\nVersions Affected:\r\n- - Apache Tomcat 8.0.0-RC1 to 8.0.8\r\n- - Apache Tomcat 7.0.0 to 7.0.54\r\n- - Apache Tomcat 6.0.0 to 6.0.43\r\n\r\nDescription:\r\nWhen a response for a request with a request body is returned to the\r\nuser agent before the request body is fully read, by default Tomcat\r\nswallows the remaining request body so that the next request on the\r\nconnection may be processed. There was no limit to the size of request\r\nbody that Tomcat would swallow. This permitted a limited Denial of\r\nService as Tomcat would never close the connection and a processing\r\nthread would remain allocated to the connection.\r\n\r\nNote that this issue was accidentally disclosed by Red Hat Product\r\nSecurity on 9 April 2015 [4]. The Tomcat security team was made aware\r\nof this disclosure today (5 May 2015). The information released on 9\r\nApril 2015 contained a number of errors. For the sake of clarity:\r\n- - This issue is not limited to file upload. Any request with a body may\r\n be affected.\r\n- - This issue cannot be used to trigger excessive memory usage on the\r\n server. The additional data read from the response body is not\r\n retained - it is simply ignored.\r\n\r\nThe intention was to embargo this issue until after the 6.0.44\r\nrelease. Unfortunately that is no longer possible. The Tomcat team is\r\nworking on a 6.0.44 release now and we hope to have one available by\r\nearly next week.\r\n\r\nMitigation:\r\nUsers of affected versions should apply one of the following mitigations\r\n- - Upgrade to Apache Tomcat 8.0.9 or later\r\n- - Upgrade to Apache Tomcat 7.0.55 or later\r\n- - Upgrade to Apache Tomcat 6.0.44 or later once released\r\n\r\n\r\nCredit:\r\nThis issue was discovered by AntBean@secdig from the Baidu Security Team\r\nand was reported responsibly to the Apache Tomcat security team.\r\n\r\nReferences:\r\n[1] http://tomcat.apache.org/security-8.html\r\n[2] http://tomcat.apache.org/security-7.html\r\n[3] http://tomcat.apache.org/security-6.html\r\n[4] http://www.openwall.com/lists/oss-security/2015/04/10/1\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2\r\n\r\niQIcBAEBCAAGBQJVSUnRAAoJEBDAHFovYFnnxFgP/38LAZosd36MzvWvBNQSeJmi\r\nQRIm432bbUwVevjVXKKO27oxrL+DUBkesCc0XslGVu0N3gTqzhce2DJXIetpnl04\r\nwV2S88F29jAfRatz65WEbj17gdlP6IobTWzFIyQlfjRxmY97AQQOwRdd/j6P2LMR\r\nvD+thwLccbs9kxTn+MVyQu6W9a1R1Hy3fARdMlfZVchj32jCn3kD37IXF/JLPFso\r\nbtBZBt/jEqIb8uq0ZiVUDx5ErvVH5O/AAfxCEh9pfZdl4vIG7SU1KB2iTnyzdat9\r\nHz0jXc8WFIu3BKY9t2VI/1wUJzGHy8Xzxt4IGjTzy0EQKTI96pXAi6XsQ9AiaHVP\r\nIAtgnEtpjk89qi8YWYoeyLsmpdeUSkCqOTYImn8/2gnrJAtS96SzvE1nBdxpI4O4\r\nf7s2cU4PAnvf9rRvO1SBIb67VYdwB3coAMMtuOodXmjES2xK2xniGVXpIB0RjAyf\r\n/ds/syVsbVZ2LK+LGOsxGR3Rz1dBIanlJ5Tm3fudp9XlfkLhr7Lo04iSRXKDjeIo\r\nERXDu0zblaMs8KOfP4vg+kAz4Ih86R+vG7xVwQ9Zjoae/t/lAWqwqQeOewC2+esL\r\nqeyZc4J+TO6rcANQ099Iu1iBUN2T3Vd5t7ZPIFDtLSrDVSjnLz6hkltBHBD1lVOl\r\n7nKmBsFyuQyGSHHZ4dN9\r\n=AfA+\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2015-05-11T00:00:00", "published": "2015-05-11T00:00:00", "id": "SECURITYVULNS:DOC:32025", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32025", "title": "[SECURITY] CVE-2014-0230: Apache Tomcat DoS", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:57", "bulletinFamily": "software", "cvelist": ["CVE-2014-3583", "CVE-2013-5704", "CVE-2015-0228", "CVE-2014-3581", "CVE-2014-8109"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2523-1\r\nMarch 10, 2015\r\n\r\napache2 vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 14.10\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n- Ubuntu 10.04 LTS\r\n\r\nSummary:\r\n\r\nSeveral security issues were fixed in the Apache HTTP Server.\r\n\r\nSoftware Description:\r\n- apache2: Apache HTTP server\r\n\r\nDetails:\r\n\r\nMartin Holst Swende discovered that the mod_headers module allowed HTTP\r\ntrailers to replace HTTP headers during request processing. A remote\r\nattacker could possibly use this issue to bypass RequestHeaders directives.\r\n(CVE-2013-5704)\r\n\r\nMark Montague discovered that the mod_cache module incorrectly handled\r\nempty HTTP Content-Type headers. A remote attacker could use this issue to\r\ncause the server to stop responding, leading to a denial of service. This\r\nissue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2014-3581)\r\n\r\nTeguh P. Alko discovered that the mod_proxy_fcgi module incorrectly\r\nhandled long response headers. A remote attacker could use this issue to\r\ncause the server to stop responding, leading to a denial of service. This\r\nissue only affected Ubuntu 14.10. (CVE-2014-3583)\r\n\r\nIt was discovered that the mod_lua module incorrectly handled different\r\narguments within different contexts. A remote attacker could possibly use\r\nthis issue to bypass intended access restrictions. This issue only affected\r\nUbuntu 14.10. (CVE-2014-8109)\r\n\r\nGuido Vranken discovered that the mod_lua module incorrectly handled a\r\nspecially crafted websocket PING in certain circumstances. A remote\r\nattacker could possibly use this issue to cause the server to stop\r\nresponding, leading to a denial of service. This issue only affected\r\nUbuntu 14.10. (CVE-2015-0228)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 14.10:\r\n apache2.2-bin 2.4.10-1ubuntu1.1\r\n\r\nUbuntu 14.04 LTS:\r\n apache2.2-bin 2.4.7-1ubuntu4.4\r\n\r\nUbuntu 12.04 LTS:\r\n apache2.2-bin 2.2.22-1ubuntu1.8\r\n\r\nUbuntu 10.04 LTS:\r\n apache2.2-bin 2.2.14-5ubuntu8.15\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2523-1\r\n CVE-2013-5704, CVE-2014-3581, CVE-2014-3583, CVE-2014-8109,\r\n CVE-2015-0228\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/apache2/2.4.10-1ubuntu1.1\r\n https://launchpad.net/ubuntu/+source/apache2/2.4.7-1ubuntu4.4\r\n https://launchpad.net/ubuntu/+source/apache2/2.2.22-1ubuntu1.8\r\n https://launchpad.net/ubuntu/+source/apache2/2.2.14-5ubuntu8.15\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "modified": "2015-03-15T00:00:00", "published": "2015-03-15T00:00:00", "id": "SECURITYVULNS:DOC:31783", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31783", "title": "[USN-2523-1] Apache HTTP Server vulnerabilities", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2021-06-08T18:46:48", "bulletinFamily": "software", "cvelist": ["CVE-2014-3583", "CVE-2015-2091", "CVE-2013-5704", "CVE-2015-0228", "CVE-2014-3581", "CVE-2014-8109"], "description": "mod_headers restrictions bypass, mod_cache DoS, mod_lua restrictions bypass and DoS, mod_proxy_fcgi DoS, mod_gnutls restrictions bypass.", "edition": 2, "modified": "2015-04-16T00:00:00", "published": "2015-04-16T00:00:00", "id": "SECURITYVULNS:VULN:14306", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14306", "title": "Apache multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2019-05-29T18:35:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5704", "CVE-2014-3581"], "description": "Oracle Linux Local Security Checks ELSA-2014-1972", "modified": "2019-03-14T00:00:00", "published": "2016-02-05T00:00:00", "id": "OPENVAS:1361412562310122868", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122868", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-1972", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-1972.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122868\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-02-05 14:01:37 +0200 (Fri, 05 Feb 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-1972\");\n script_tag(name:\"insight\", value:\"ELSA-2014-1972 - httpd24-httpd security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-1972\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-1972.html\");\n script_cve_id(\"CVE-2013-5704\", \"CVE-2014-3581\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"httpd24-httpd\", rpm:\"httpd24-httpd~2.4.6~22.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd24-httpd-devel\", rpm:\"httpd24-httpd-devel~2.4.6~22.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd24-httpd-manual\", rpm:\"httpd24-httpd-manual~2.4.6~22.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd24-httpd-tools\", rpm:\"httpd24-httpd-tools~2.4.6~22.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd24-mod_ldap\", rpm:\"httpd24-mod_ldap~2.4.6~22.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd24-mod_proxy_html\", rpm:\"httpd24-mod_proxy_html~2.4.6~22.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd24-mod_session\", rpm:\"httpd24-mod_session~2.4.6~22.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd24-mod_ssl\", rpm:\"httpd24-mod_ssl~2.4.6~22.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:36:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5704", "CVE-2014-3581"], "description": "Oracle Linux Local Security Checks ELSA-2015-0325", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123169", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123169", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-0325", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-0325.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123169\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:00:15 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-0325\");\n script_tag(name:\"insight\", value:\"ELSA-2015-0325 - httpd security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-0325\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-0325.html\");\n script_cve_id(\"CVE-2013-5704\", \"CVE-2014-3581\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.4.6~31.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.4.6~31.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.4.6~31.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.4.6~31.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mod_ldap\", rpm:\"mod_ldap~2.4.6~31.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mod_proxy_html\", rpm:\"mod_proxy_html~2.4.6~31.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mod_session\", rpm:\"mod_session~2.4.6~31.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.4.6~31.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:36:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5704", "CVE-2014-3581"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-03-06T00:00:00", "id": "OPENVAS:1361412562310871326", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871326", "type": "openvas", "title": "RedHat Update for httpd RHSA-2015:0325-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for httpd RHSA-2015:0325-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871326\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-06 06:50:03 +0100 (Fri, 06 Mar 2015)\");\n script_cve_id(\"CVE-2013-5704\", \"CVE-2014-3581\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for httpd RHSA-2015:0325-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The httpd packages provide the Apache HTTP Server, a powerful, efficient,\nand extensible web server.\n\nA flaw was found in the way httpd handled HTTP Trailer headers when\nprocessing requests using chunked encoding. A malicious client could use\nTrailer headers to set additional HTTP headers after header processing was\nperformed by other modules. This could, for example, lead to a bypass of\nheader restrictions defined with mod_headers. (CVE-2013-5704)\n\nA NULL pointer dereference flaw was found in the way the mod_cache httpd\nmodule handled Content-Type headers. A malicious HTTP server could cause\nthe httpd child process to crash when the Apache HTTP server was configured\nto proxy to a server with caching enabled. (CVE-2014-3581)\n\nThis update also fixes the following bugs:\n\n * Previously, the mod_proxy_fcgi Apache module always kept the back-end\nconnections open even when they should have been closed. As a consequence,\nthe number of open file descriptors was increasing over the time. With this\nupdate, mod_proxy_fcgi has been fixed to check the state of the back-end\nconnections, and it closes the idle back-end connections as expected.\n(BZ#1168050)\n\n * An integer overflow occurred in the ab utility when a large request count\nwas used. Consequently, ab terminated unexpectedly with a segmentation\nfault while printing statistics after the benchmark. This bug has been\nfixed, and ab no longer crashes in this scenario. (BZ#1092420)\n\n * Previously, when httpd was running in the foreground and the user pressed\nCtrl+C to interrupt the httpd processes, a race condition in signal\nhandling occurred. The SIGINT signal was sent to all children followed by\nSIGTERM from the main process, which interrupted the SIGINT handler.\nConsequently, the affected processes became unresponsive or terminated\nunexpectedly. With this update, the SIGINT signals in the child processes\nare ignored, and httpd no longer hangs or crashes in this scenario.\n(BZ#1131006)\n\nIn addition, this update adds the following enhancements:\n\n * With this update, the mod_proxy module of the Apache HTTP Server supports\nthe Unix Domain Sockets (UDS). This allows mod_proxy back ends to listen on\nUDS sockets instead of TCP sockets, and as a result, mod_proxy can be used\nto connect UDS back ends. (BZ#1168081)\n\n * This update adds support for using the SetHandler directive together with\nthe mod_proxy module. As a result, it is possible to configure SetHandler\nto use proxy for incoming requests, for example, in the following format:\nSetHandler 'proxy:fcgi://127.0.0.1:9000'. (BZ#1136290)\n\n * The htaccess API changes introduced in httpd 2.4.7 ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"httpd on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:0325-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-March/msg00022.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.4.6~31.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.4.6~31.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-debuginfo\", rpm:\"httpd-debuginfo~2.4.6~31.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.4.6~31.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.4.6~31.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.4.6~31.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:36:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3583", "CVE-2013-5704", "CVE-2014-3581", "CVE-2014-8109"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-03-16T00:00:00", "id": "OPENVAS:1361412562310869097", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869097", "type": "openvas", "title": "Fedora Update for httpd FEDORA-2014-17195", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for httpd FEDORA-2014-17195\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869097\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-16 06:42:19 +0100 (Mon, 16 Mar 2015)\");\n script_cve_id(\"CVE-2013-5704\", \"CVE-2014-3581\", \"CVE-2014-3583\", \"CVE-2014-8109\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for httpd FEDORA-2014-17195\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"httpd on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2014-17195\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-March/151990.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.4.10~15.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:36:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3583", "CVE-2013-5704", "CVE-2014-3581", "CVE-2014-8109"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-06-09T00:00:00", "id": "OPENVAS:1361412562310869406", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869406", "type": "openvas", "title": "Fedora Update for httpd FEDORA-2015-9216", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for httpd FEDORA-2015-9216\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869406\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-09 10:53:32 +0200 (Tue, 09 Jun 2015)\");\n script_cve_id(\"CVE-2013-5704\", \"CVE-2014-3581\", \"CVE-2014-3583\", \"CVE-2014-8109\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for httpd FEDORA-2015-9216\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"httpd on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-9216\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-June/159352.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.4.12~1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-03-17T22:59:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3583", "CVE-2013-5704", "CVE-2014-3581", "CVE-2014-8109"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120323", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120323", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-483)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120323\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:23:32 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-483)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in the Apache HTTP server. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update httpd24 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-483.html\");\n script_cve_id(\"CVE-2014-8109\", \"CVE-2013-5704\", \"CVE-2014-3581\", \"CVE-2014-3583\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"mod24_proxy_html\", rpm:\"mod24_proxy_html~2.4.10~15.58.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd24-tools\", rpm:\"httpd24-tools~2.4.10~15.58.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd24-devel\", rpm:\"httpd24-devel~2.4.10~15.58.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mod24_ssl\", rpm:\"mod24_ssl~2.4.10~15.58.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mod24_ldap\", rpm:\"mod24_ldap~2.4.10~15.58.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mod24_session\", rpm:\"mod24_session~2.4.10~15.58.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd24\", rpm:\"httpd24~2.4.10~15.58.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd24-manual\", rpm:\"httpd24-manual~2.4.10~15.58.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:36:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3583", "CVE-2013-5704", "CVE-2014-3581", "CVE-2014-8109"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-03-01T00:00:00", "id": "OPENVAS:1361412562310869049", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869049", "type": "openvas", "title": "Fedora Update for httpd FEDORA-2014-17153", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for httpd FEDORA-2014-17153\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869049\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-01 05:42:24 +0100 (Sun, 01 Mar 2015)\");\n script_cve_id(\"CVE-2013-5704\", \"CVE-2014-3581\", \"CVE-2014-3583\", \"CVE-2014-8109\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for httpd FEDORA-2014-17153\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"httpd on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2014-17153\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150530.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.4.10~2.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:36:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3185", "CVE-2014-3583", "CVE-2013-5704", "CVE-2015-0253", "CVE-2015-0228", "CVE-2015-3183", "CVE-2014-3581", "CVE-2014-8109"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-07-30T00:00:00", "id": "OPENVAS:1361412562310869816", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869816", "type": "openvas", "title": "Fedora Update for httpd FEDORA-2015-11792", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for httpd FEDORA-2015-11792\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869816\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-30 05:06:39 +0200 (Thu, 30 Jul 2015)\");\n script_cve_id(\"CVE-2013-5704\", \"CVE-2014-3581\", \"CVE-2014-3583\", \"CVE-2014-8109\",\n \"CVE-2015-3183\", \"CVE-2015-3185\", \"CVE-2015-0253\", \"CVE-2015-0228\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for httpd FEDORA-2015-11792\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"httpd on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-11792\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-July/162708.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.4.16~1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:37:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3583", "CVE-2013-5704", "CVE-2015-0228", "CVE-2014-3581", "CVE-2014-8109"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-03-11T00:00:00", "id": "OPENVAS:1361412562310842123", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842123", "type": "openvas", "title": "Ubuntu Update for apache2 USN-2523-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for apache2 USN-2523-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842123\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-11 06:40:48 +0100 (Wed, 11 Mar 2015)\");\n script_cve_id(\"CVE-2013-5704\", \"CVE-2014-3581\", \"CVE-2014-3583\", \"CVE-2014-8109\",\n \"CVE-2015-0228\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for apache2 USN-2523-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'apache2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Martin Holst Swende discovered that the\nmod_headers module allowed HTTP trailers to replace HTTP headers during request\nprocessing. A remote attacker could possibly use this issue to bypass\nRequestHeaders directives. (CVE-2013-5704)\n\nMark Montague discovered that the mod_cache module incorrectly handled\nempty HTTP Content-Type headers. A remote attacker could use this issue to\ncause the server to stop responding, leading to a denial of service. This\nissue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2014-3581)\n\nTeguh P. Alko discovered that the mod_proxy_fcgi module incorrectly\nhandled long response headers. A remote attacker could use this issue to\ncause the server to stop responding, leading to a denial of service. This\nissue only affected Ubuntu 14.10. (CVE-2014-3583)\n\nIt was discovered that the mod_lua module incorrectly handled different\narguments within different contexts. A remote attacker could possibly use\nthis issue to bypass intended access restrictions. This issue only affected\nUbuntu 14.10. (CVE-2014-8109)\n\nGuido Vranken discovered that the mod_lua module incorrectly handled a\nspecially crafted websocket PING in certain circumstances. A remote\nattacker could possibly use this issue to cause the server to stop\nresponding, leading to a denial of service. This issue only affected\nUbuntu 14.10. (CVE-2015-0228)\");\n script_tag(name:\"affected\", value:\"apache2 on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2523-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2523-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS|10\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"apache2.2-bin\", ver:\"2.4.10-1ubuntu1.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"apache2.2-bin\", ver:\"2.4.7-1ubuntu4.4\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"apache2.2-bin\", ver:\"2.2.22-1ubuntu1.8\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"apache2.2-bin\", ver:\"2.2.14-5ubuntu8.15\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:36:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5704"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-07-23T00:00:00", "id": "OPENVAS:1361412562310871402", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871402", "type": "openvas", "title": "RedHat Update for httpd RHSA-2015:1249-02", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for httpd RHSA-2015:1249-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871402\");\n script_version(\"$Revision: 12497 $\");\n script_cve_id(\"CVE-2013-5704\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"creation_date\", value:\"2015-07-23 06:25:38 +0200 (Thu, 23 Jul 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for httpd RHSA-2015:1249-02\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The httpd packages provide the Apache HTTP Server, a powerful, efficient,\nand extensible web server.\n\nA flaw was found in the way httpd handled HTTP Trailer headers when\nprocessing requests using chunked encoding. A malicious client could use\nTrailer headers to set additional HTTP headers after header processing was\nperformed by other modules. This could, for example, lead to a bypass of\nheader restrictions defined with mod_headers. (CVE-2013-5704)\n\nThis update also fixes the following bugs:\n\n * The order of mod_proxy workers was not checked when httpd configuration\nwas reloaded. When mod_proxy workers were removed, added, or their order\nwas changed, their parameters and scores could become mixed. The order of\nmod_proxy workers has been made internally consistent during configuration\nreload. (BZ#1149906)\n\n * The local host certificate created during firstboot contained CA\nextensions, which caused the httpd service to return warning messages.\nThis has been addressed by local host certificates being generated with the\n'-extensions v3_req' option. (BZ#906476)\n\n * The default mod_ssl configuration no longer enables support for SSL\ncipher suites using the single DES, IDEA, or SEED encryption algorithms.\n(BZ#1086771)\n\n * The apachectl script did not take into account the HTTPD_LANG variable\nset in the /etc/sysconfig/httpd file during graceful restarts.\nConsequently, httpd did not use a changed value of HTTPD_LANG when the\ndaemon was restarted gracefully. The script has been fixed to handle the\nHTTPD_LANG variable correctly. (BZ#963146)\n\n * The mod_deflate module failed to check the original file size while\nextracting files larger than 4 GB, making it impossible to extract large\nfiles. Now, mod_deflate checks the original file size properly according to\nRFC1952, and it is able to decompress files larger than 4 GB. (BZ#1057695)\n\n * The httpd service did not check configuration before restart. When a\nconfiguration contained an error, an attempt to restart httpd gracefully\nfailed. Now, httpd checks configuration before restart and if the\nconfiguration is in an inconsistent state, an error message is printed,\nhttpd is not stopped and a restart is not performed. (BZ#1146194)\n\n * The SSL_CLIENT_VERIFY environment variable was incorrectly handled when\nthe 'SSLVerifyClient optional_no_ca' and 'SSLSessionCache' options were\nused. When an SSL session was resumed, the SSL_CLIENT_VERIFY value was set\nto 'SUCCESS' instead of the previously set 'GENEROUS'. SSL_CLIENT_VERIFY is\nnow correctly set to GENEROUS i ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"httpd on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:1249-02\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-July/msg00018.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.15~45.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-debuginfo\", rpm:\"httpd-debuginfo~2.2.15~45.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.15~45.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.2.15~45.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.15~45.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.15~45.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "centos": [{"lastseen": "2019-12-20T18:28:43", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5704", "CVE-2014-3581"], "description": "**CentOS Errata and Security Advisory** CESA-2015:0325\n\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and\nextensible web server.\n\nA flaw was found in the way httpd handled HTTP Trailer headers when processing\nrequests using chunked encoding. A malicious client could use Trailer headers to\nset additional HTTP headers after header processing was performed by other\nmodules. This could, for example, lead to a bypass of header restrictions\ndefined with mod_headers. (CVE-2013-5704)\n\nA NULL pointer dereference flaw was found in the way the mod_cache httpd module\nhandled Content-Type headers. A malicious HTTP server could cause the httpd\nchild process to crash when the Apache HTTP server was configured to proxy to a\nserver with caching enabled. (CVE-2014-3581)\n\nThis update also fixes the following bugs:\n\n* Previously, the mod_proxy_fcgi Apache module always kept the back-end\nconnections open even when they should have been closed. As a consequence, the\nnumber of open file descriptors was increasing over the time. With this update,\nmod_proxy_fcgi has been fixed to check the state of the back-end connections,\nand it closes the idle back-end connections as expected. (BZ#1168050)\n\n* An integer overflow occurred in the ab utility when a large request count was\nused. Consequently, ab terminated unexpectedly with a segmentation fault while\nprinting statistics after the benchmark. This bug has been fixed, and ab no\nlonger crashes in this scenario. (BZ#1092420)\n\n* Previously, when httpd was running in the foreground and the user pressed\nCtrl+C to interrupt the httpd processes, a race condition in signal handling\noccurred. The SIGINT signal was sent to all children followed by SIGTERM from\nthe main process, which interrupted the SIGINT handler. Consequently, the\naffected processes became unresponsive or terminated unexpectedly. With this\nupdate, the SIGINT signals in the child processes are ignored, and httpd no\nlonger hangs or crashes in this scenario. (BZ#1131006)\n\nIn addition, this update adds the following enhancements:\n\n* With this update, the mod_proxy module of the Apache HTTP Server supports the\nUnix Domain Sockets (UDS). This allows mod_proxy back ends to listen on UDS\nsockets instead of TCP sockets, and as a result, mod_proxy can be used to\nconnect UDS back ends. (BZ#1168081)\n\n* This update adds support for using the SetHandler directive together with the\nmod_proxy module. As a result, it is possible to configure SetHandler to use\nproxy for incoming requests, for example, in the following format: SetHandler\n\"proxy:fcgi://127.0.0.1:9000\". (BZ#1136290)\n\n* The htaccess API changes introduced in httpd 2.4.7 have been backported to\nhttpd shipped with Red Hat Enterprise Linux 7.1. These changes allow for the\nMPM-ITK module to be compiled as an httpd module. (BZ#1059143)\n\nAll httpd users are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues and add these enhancements. After\ninstalling the updated packages, the httpd daemon will be restarted\nautomatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-March/007784.html\n\n**Affected packages:**\nhttpd\nhttpd-devel\nhttpd-manual\nhttpd-tools\nmod_ldap\nmod_proxy_html\nmod_session\nmod_ssl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0325.html", "edition": 3, "modified": "2015-03-17T13:28:17", "published": "2015-03-17T13:28:17", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2015-March/007784.html", "id": "CESA-2015:0325", "title": "httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-12-20T18:26:32", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5704"], "description": "**CentOS Errata and Security Advisory** CESA-2015:1249\n\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient,\nand extensible web server.\n\nA flaw was found in the way httpd handled HTTP Trailer headers when\nprocessing requests using chunked encoding. A malicious client could use\nTrailer headers to set additional HTTP headers after header processing was\nperformed by other modules. This could, for example, lead to a bypass of\nheader restrictions defined with mod_headers. (CVE-2013-5704)\n\nThis update also fixes the following bugs:\n\n* The order of mod_proxy workers was not checked when httpd configuration\nwas reloaded. When mod_proxy workers were removed, added, or their order\nwas changed, their parameters and scores could become mixed. The order of\nmod_proxy workers has been made internally consistent during configuration\nreload. (BZ#1149906)\n\n* The local host certificate created during firstboot contained CA\nextensions, which caused the httpd service to return warning messages.\nThis has been addressed by local host certificates being generated with the\n\"-extensions v3_req\" option. (BZ#906476)\n\n* The default mod_ssl configuration no longer enables support for SSL\ncipher suites using the single DES, IDEA, or SEED encryption algorithms.\n(BZ#1086771)\n\n* The apachectl script did not take into account the HTTPD_LANG variable\nset in the /etc/sysconfig/httpd file during graceful restarts.\nConsequently, httpd did not use a changed value of HTTPD_LANG when the\ndaemon was restarted gracefully. The script has been fixed to handle the\nHTTPD_LANG variable correctly. (BZ#963146)\n\n* The mod_deflate module failed to check the original file size while\nextracting files larger than 4 GB, making it impossible to extract large\nfiles. Now, mod_deflate checks the original file size properly according to\nRFC1952, and it is able to decompress files larger than 4 GB. (BZ#1057695)\n\n* The httpd service did not check configuration before restart. When a\nconfiguration contained an error, an attempt to restart httpd gracefully\nfailed. Now, httpd checks configuration before restart and if the\nconfiguration is in an inconsistent state, an error message is printed,\nhttpd is not stopped and a restart is not performed. (BZ#1146194)\n\n* The SSL_CLIENT_VERIFY environment variable was incorrectly handled when\nthe \"SSLVerifyClient optional_no_ca\" and \"SSLSessionCache\" options were\nused. When an SSL session was resumed, the SSL_CLIENT_VERIFY value was set\nto \"SUCCESS\" instead of the previously set \"GENEROUS\". SSL_CLIENT_VERIFY is\nnow correctly set to GENEROUS in this scenario. (BZ#1149703)\n\n* The ab utility did not correctly handle situations when an SSL connection\nwas closed after some data had already been read. As a consequence, ab did\nnot work correctly with SSL servers and printed \"SSL read failed\" error\nmessages. With this update, ab works as expected with HTTPS servers.\n(BZ#1045477)\n\n* When a client presented a revoked certificate, log entries were created\nonly at the debug level. The log level of messages regarding a revoked\ncertificate has been increased to INFO, and administrators are now properly\ninformed of this situation. (BZ#1161328)\n\nIn addition, this update adds the following enhancement:\n\n* A mod_proxy worker can now be set into drain mode (N) using the\nbalancer-manager web interface or using the httpd configuration file.\nA worker in drain mode accepts only existing sticky sessions destined for\nitself and ignores all other requests. The worker waits until all clients\ncurrently connected to this worker complete their work before the worker is\nstopped. As a result, drain mode enables to perform maintenance on a worker\nwithout affecting clients. (BZ#767130)\n\nUsers of httpd are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add this\nenhancement. After installing the updated packages, the httpd service will\nbe restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-July/008281.html\n\n**Affected packages:**\nhttpd\nhttpd-devel\nhttpd-manual\nhttpd-tools\nmod_ssl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1249.html", "edition": 3, "modified": "2015-07-26T14:13:10", "published": "2015-07-26T14:13:10", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2015-July/008281.html", "id": "CESA-2015:1249", "title": "httpd, mod_ssl security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-12-20T18:28:51", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3183"], "description": "**CentOS Errata and Security Advisory** CESA-2015:1668\n\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient,\nand extensible web server.\n\nMultiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would decode\ndifferently from an HTTP proxy software in front of it, possibly leading to\nHTTP request smuggling attacks. (CVE-2015-3183)\n\nAll httpd users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdated packages, the httpd service will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-August/033382.html\n\n**Affected packages:**\nhttpd\nhttpd-devel\nhttpd-manual\nhttpd-tools\nmod_ssl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1668.html", "edition": 3, "modified": "2015-08-24T18:23:20", "published": "2015-08-24T18:23:20", "href": "http://lists.centos.org/pipermail/centos-announce/2015-August/033382.html", "id": "CESA-2015:1668", "title": "httpd, mod_ssl security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "oraclelinux": [{"lastseen": "2021-05-13T09:24:04", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5704", "CVE-2014-3581"], "description": "[2.4.6-31.0.1]\n- replace index.html with Oracle's index page oracle_index.html\n[2.4.6-31]\n- mod_proxy_fcgi: determine if FCGI_CONN_CLOSE should be enabled\n instead of hardcoding it (#1168050)\n- mod_proxy: support Unix Domain Sockets (#1168081)\n[2.4.6-30]\n- core: fix bypassing of mod_headers rules via chunked requests (CVE-2013-5704)\n- mod_cache: fix NULL pointer dereference on empty Content-Type (CVE-2014-3581)\n[2.4.6-29]\n- rebuild against proper version of OpenSSL (#1080125)\n[2.4.6-28]\n- set vstring based on /etc/os-release (#1114123)\n[2.4.6-27]\n- fix the dependency on openssl-libs to match the fix for #1080125\n[2.4.6-26]\n- allow \n'es to be seen under virtual hosts (#1131847)\n[2.4.6-25]\n- do not use hardcoded curve for ECDHE suites (#1080125)\n[2.4.6-24]\n- allow reverse-proxy to be set via SetHandler (#1136290)\n[2.4.6-23]\n- fix possible crash in SIGINT handling (#1131006)\n[2.4.6-22]\n- ab: fix integer overflow when printing stats with lot of requests (#1092420)\n[2.4.6-21]\n- add pre_htaccess so mpm-itk can be build as separate module (#1059143)\n[2.4.6-20]\n- mod_ssl: prefer larger keys and support up to 8192-bit keys (#1073078)", "modified": "2015-03-11T00:00:00", "published": "2015-03-11T00:00:00", "id": "ELSA-2015-0325", "href": "http://linux.oracle.com/errata/ELSA-2015-0325.html", "type": "oraclelinux", "title": "httpd security, bug fix, and enhancement update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-05-13T09:23:50", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5704"], "description": "[2.2.15-45.0.1]\n- replace index.html with Oracle's index page oracle_index.html\n- update vstring in specfile\n[2.2.15-45]\n- mod_proxy_balancer: add support for 'drain mode' (N) (#767130)\n[2.2.15-44]\n- set SSLCipherSuite to DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES (#1086771)\n[2.2.15-43]\n- revert DirectoryMatch patch from 2.2.15-40 (#1016963)\n[2.2.15-42]\n- core: fix bypassing of mod_headers rules via chunked requests (CVE-2013-5704)\n[2.2.15-41]\n- fix compilation with older OpenSSL caused by misspelling in patch (#1162268)\n[2.2.15-40]\n- mod_proxy: do not mix workers shared memory during graceful restart (#1149906)\n- mod_ssl: Fix SSL_CLIENT_VERIFY value when optional_no_ca and SSLSessionCache\n are used and SSL session is resumed (#1149703)\n- mod_ssl: log revoked certificates at the INFO level (#1161328)\n- mod_ssl: use -extensions v3_req for certificate generation (#906476)\n- core: check the config file before restarting the server (#1146194)\n- core: do not match files when using DirectoryMatch (#1016963)\n- core: improve error message for inaccessible DocumentRoot (#987590)\n- rotatelogs: improve support for localtime (#922844)\n- mod_deflate: fix decompression of files larger than 4GB (#1057695)\n- ab: fix integer overflow when printing stats with lot of requests (#1092419)\n- ab: try all addresses instead of failing on first one when not available (#1125269)\n- ab: fix read failure when targeting SSL server (#1045477)\n- apachectl: support HTTPD_LANG variable from /etc/sysconfig/httpd (#963146)\n- do not display 'bomb' icon for files ending with 'core' (#1069625)", "modified": "2015-07-28T00:00:00", "published": "2015-07-28T00:00:00", "id": "ELSA-2015-1249", "href": "http://linux.oracle.com/errata/ELSA-2015-1249.html", "type": "oraclelinux", "title": "httpd security, bug fix, and enhancement update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-06-04T20:20:54", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3183"], "description": "[2.2.15-47.0.1]\n- replace index.html with Oracle's index page oracle_index.html\n- update vstring in specfile\n[2.2.15-47]\n- fix regressions caused by fix for CVE-2015-3183\n[2.2.15-46]\n- core: fix chunk header parsing defect (CVE-2015-3183)", "modified": "2015-08-24T00:00:00", "published": "2015-08-24T00:00:00", "id": "ELSA-2015-1668", "href": "http://linux.oracle.com/errata/ELSA-2015-1668.html", "type": "oraclelinux", "title": "httpd security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "debian": [{"lastseen": "2021-06-08T22:20:47", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5704", "CVE-2014-3581"], "description": "Package : apache2\nVersion : 2.2.16-6+squeeze14\nCVE ID : CVE-2013-5704 CVE-2014-3581\n\nThis update fixes two security issues with apache2.\n\nCVE-2013-5704\n\n Disable the possibility to replace HTTP headers with HTTP trailers\n as this could be used to circumvent earlier header operations made by\n other modules. This can be restored with a new MergeTrailers\n directive.\n\nCVE-2014-3581\n\n Fix denial of service where Apache can segfault when mod_cache is used\n and when the cached request contains an empty Content-Type header.\n\n-- \nRapha\u00ebl Hertzog \u25c8 Debian Developer\n\nSupport Debian LTS: http://www.freexian.com/services/debian-lts.html\nLearn to master Debian: http://debian-handbook.info/get/\n", "edition": 13, "modified": "2014-10-16T10:10:48", "published": "2014-10-16T10:10:48", "id": "DEBIAN:DLA-71-1:FFC5F", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201410/msg00003.html", "title": "[SECURITY] [DLA 71-1] apache2 security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-11-11T13:14:05", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3183"], "description": "Package : apache2\nVersion : 2.2.16-6+squeeze15\nCVE ID : CVE-2015-3183\n\nA vulnerability has been found in the Apache HTTP Server.\n\nCVE-2015-3183\n\n Apache HTTP Server did not properly parse chunk headers, which\n allowed remote attackers to conduct HTTP request smuggling via a\n crafted request. This flaw relates to mishandling of large\n chunk-size values and invalid chunk-extension characters in\n modules/http/http_filters.c.\n\nFor the squeeze distribution, these issues have been fixed in version\n2.2.16-6+squeeze15 of apache2.\n\nWe recommend you to upgrade your apache2 packages.\n", "edition": 3, "modified": "2015-07-28T21:32:10", "published": "2015-07-28T21:32:10", "id": "DEBIAN:DLA-284-1:B7206", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201507/msg00024.html", "title": "[SECURITY] [DLA 284-1] apache2 security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "slackware": [{"lastseen": "2020-10-25T16:36:14", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5704", "CVE-2014-3581", "CVE-2014-3583", "CVE-2014-8109"], "description": "New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/httpd-2.4.12-i486-1_slack14.1.txz: Upgraded.\n This update fixes the following security issues:\n * CVE-2014-3583 mod_proxy_fcgi: Fix a potential crash due to buffer\n over-read, with response headers' size above 8K.\n * CVE-2014-3581 mod_cache: Avoid a crash when Content-Type has an\n empty value. PR 56924.\n * CVE-2014-8109 mod_lua: Fix handling of the Require line when a\n LuaAuthzProvider is used in multiple Require directives with\n different arguments. PR57204.\n * CVE-2013-5704 core: HTTP trailers could be used to replace HTTP\n headers late during request processing, potentially undoing or\n otherwise confusing modules that examined or modified request\n headers earlier. Adds \"MergeTrailers\" directive to restore legacy\n behavior.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3583\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3581\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8109\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5704\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/httpd-2.2.29-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/httpd-2.2.29-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/httpd-2.2.29-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/httpd-2.2.29-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/httpd-2.2.29-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/httpd-2.2.29-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/httpd-2.4.12-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/httpd-2.4.12-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/httpd-2.4.12-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/httpd-2.4.12-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.12-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.12-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 package:\n511973e7033d924fe8f2dfac870cfc9d httpd-2.2.29-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n5fb45ffc524b4afc2b6e3c322bd43ff2 httpd-2.2.29-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n47ef44a58d821fe2462817bd308e4c88 httpd-2.2.29-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n4e99389080c31b12a863d315f17e0897 httpd-2.2.29-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n9ecaeefcc21871e101c4e41487879ba7 httpd-2.2.29-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n4c4badc191f0c2337d0f05fe4f5f6701 httpd-2.2.29-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n44ee311cec11c0b8b5361871f076060a httpd-2.4.12-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nd222d77977fea4f3d2583398070e70fe httpd-2.4.12-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\nd65e3a24abd582fb54b6da0ba926106e httpd-2.4.12-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\ne655bdd8f6f7e13da6ae2c70f9c9eea0 httpd-2.4.12-x86_64-1_slack14.1.txz\n\nSlackware -current package:\nbfd8439df17a91bf8b3351a9fdafbfc9 n/httpd-2.4.12-i486-1.txz\n\nSlackware x86_64 -current package:\n3c68dceffdf6de2c67ac2b40fc3846dc n/httpd-2.4.12-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg httpd-2.4.12-i486-1_slack14.1.txz\n\nThen, restart Apache httpd:\n\n > /etc/rc.d/rc.httpd stop\n > /etc/rc.d/rc.httpd start", "modified": "2015-04-22T01:20:26", "published": "2015-04-22T01:20:26", "id": "SSA-2015-111-03", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.568837", "type": "slackware", "title": "[slackware-security] httpd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "amazon": [{"lastseen": "2020-11-10T12:35:39", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3583", "CVE-2013-5704", "CVE-2014-3581", "CVE-2014-8109"], "description": "**Issue Overview:**\n\nmod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory. ([CVE-2014-8109 __](<https://access.redhat.com/security/cve/CVE-2014-8109>))\n\nA flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header restrictions defined with mod_headers. ([CVE-2013-5704 __](<https://access.redhat.com/security/cve/CVE-2013-5704>))\n\nA NULL pointer dereference flaw was found in the way the mod_cache httpd module handled Content-Type headers. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP server was configured to proxy to a server with caching enabled. ([CVE-2014-3581 __](<https://access.redhat.com/security/cve/CVE-2014-3581>))\n\nThe handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers. ([CVE-2014-3583 __](<https://access.redhat.com/security/cve/CVE-2014-3583>))\n\n \n**Affected Packages:** \n\n\nhttpd24\n\n \n**Issue Correction:** \nRun _yum update httpd24_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n mod24_proxy_html-2.4.10-15.58.amzn1.i686 \n httpd24-tools-2.4.10-15.58.amzn1.i686 \n httpd24-devel-2.4.10-15.58.amzn1.i686 \n mod24_ssl-2.4.10-15.58.amzn1.i686 \n mod24_ldap-2.4.10-15.58.amzn1.i686 \n mod24_session-2.4.10-15.58.amzn1.i686 \n httpd24-2.4.10-15.58.amzn1.i686 \n httpd24-debuginfo-2.4.10-15.58.amzn1.i686 \n \n noarch: \n httpd24-manual-2.4.10-15.58.amzn1.noarch \n \n src: \n httpd24-2.4.10-15.58.amzn1.src \n \n x86_64: \n mod24_session-2.4.10-15.58.amzn1.x86_64 \n httpd24-tools-2.4.10-15.58.amzn1.x86_64 \n mod24_ldap-2.4.10-15.58.amzn1.x86_64 \n httpd24-debuginfo-2.4.10-15.58.amzn1.x86_64 \n mod24_ssl-2.4.10-15.58.amzn1.x86_64 \n mod24_proxy_html-2.4.10-15.58.amzn1.x86_64 \n httpd24-devel-2.4.10-15.58.amzn1.x86_64 \n httpd24-2.4.10-15.58.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2015-02-12T10:57:00", "published": "2015-02-12T10:57:00", "id": "ALAS-2015-483", "href": "https://alas.aws.amazon.com/ALAS-2015-483.html", "title": "Low: httpd24", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-11-10T12:36:17", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5704"], "description": "**Issue Overview:**\n\nThe mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass \"RequestHeader unset\" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states \"this is not a security issue in httpd as such.\"\n\n \n**Affected Packages:** \n\n\nhttpd\n\n \n**Issue Correction:** \nRun _yum update httpd_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n mod_ssl-2.2.29-1.4.amzn1.i686 \n httpd-2.2.29-1.4.amzn1.i686 \n httpd-debuginfo-2.2.29-1.4.amzn1.i686 \n httpd-devel-2.2.29-1.4.amzn1.i686 \n httpd-tools-2.2.29-1.4.amzn1.i686 \n \n noarch: \n httpd-manual-2.2.29-1.4.amzn1.noarch \n \n src: \n httpd-2.2.29-1.4.amzn1.src \n \n x86_64: \n httpd-debuginfo-2.2.29-1.4.amzn1.x86_64 \n httpd-devel-2.2.29-1.4.amzn1.x86_64 \n httpd-tools-2.2.29-1.4.amzn1.x86_64 \n httpd-2.2.29-1.4.amzn1.x86_64 \n mod_ssl-2.2.29-1.4.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2014-09-17T21:48:00", "published": "2014-09-17T21:48:00", "id": "ALAS-2014-414", "href": "https://alas.aws.amazon.com/ALAS-2014-414.html", "title": "Low: httpd", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-11-10T12:35:26", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3183"], "description": "**Issue Overview:**\n\nMultiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks.\n\n \n**Affected Packages:** \n\n\nhttpd\n\n \n**Issue Correction:** \nRun _yum update httpd_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n httpd-devel-2.2.31-1.6.amzn1.i686 \n mod_ssl-2.2.31-1.6.amzn1.i686 \n httpd-tools-2.2.31-1.6.amzn1.i686 \n httpd-debuginfo-2.2.31-1.6.amzn1.i686 \n httpd-2.2.31-1.6.amzn1.i686 \n \n noarch: \n httpd-manual-2.2.31-1.6.amzn1.noarch \n \n src: \n httpd-2.2.31-1.6.amzn1.src \n \n x86_64: \n httpd-debuginfo-2.2.31-1.6.amzn1.x86_64 \n httpd-devel-2.2.31-1.6.amzn1.x86_64 \n httpd-tools-2.2.31-1.6.amzn1.x86_64 \n mod_ssl-2.2.31-1.6.amzn1.x86_64 \n httpd-2.2.31-1.6.amzn1.x86_64 \n \n \n", "edition": 3, "modified": "2015-08-17T12:23:00", "published": "2015-08-17T12:23:00", "id": "ALAS-2015-578", "href": "https://alas.aws.amazon.com/ALAS-2015-578.html", "title": "Medium: httpd", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5704", "CVE-2014-3581", "CVE-2014-3583", "CVE-2014-8109"], "description": "The Apache HTTP Server is a powerful, efficient, and extensible web server. ", "modified": "2015-03-16T01:41:46", "published": "2015-03-16T01:41:46", "id": "FEDORA:A5B39608798D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: httpd-2.4.10-15.fc21", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5704", "CVE-2014-3581", "CVE-2014-3583", "CVE-2014-8109"], "description": "The Apache HTTP Server is a powerful, efficient, and extensible web server. ", "modified": "2015-02-28T10:22:55", "published": "2015-02-28T10:22:55", "id": "FEDORA:30CE76087A4B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: httpd-2.4.10-2.fc20", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:20", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3583", "CVE-2013-5704", "CVE-2014-3581", "CVE-2014-8109"], "description": "\nApache HTTP SERVER PROJECT reports:\n\nmod_proxy_fcgi: Fix a potential crash due to buffer over-read,\n\t with response headers' size above 8K.\nmod_cache: Avoid a crash when Content-Type has an empty value. PR 56924.\nmod_lua: Fix handling of the Require line when a LuaAuthzProvider is used\n\t in multiple Require directives with different arguments. PR57204.\ncore: HTTP trailers could be used to replace HTTP headers late during\n\t request processing, potentially undoing or otherwise confusing modules\n\t that examined or modified request headers earlier. Adds \"MergeTrailers\"\n\t directive to restore legacy behavior.\n\n", "edition": 4, "modified": "2015-01-29T00:00:00", "published": "2015-01-29T00:00:00", "id": "5804B9D4-A959-11E4-9363-20CF30E32F6D", "href": "https://vuxml.freebsd.org/freebsd/5804b9d4-a959-11e4-9363-20cf30e32f6d.html", "title": "apache24 -- several vulnerabilities", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:33:08", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3183"], "description": "\nApache Foundation reports:\n\nCVE-2015-3183 core: Fix chunk header parsing defect. Remove\n\t apr_brigade_flatten(), buffering and duplicated code from the HTTP_IN\n\t filter, parse chunks in a single pass with zero copy. Limit accepted\n\t chunk-size to 2^63-1 and be strict about chunk-ext authorized\n\t characters.\n\n", "edition": 4, "modified": "2015-06-24T00:00:00", "published": "2015-06-24T00:00:00", "id": "29083F8E-2CA8-11E5-86FF-14DAE9D210B8", "href": "https://vuxml.freebsd.org/freebsd/29083f8e-2ca8-11e5-86ff-14dae9d210b8.html", "title": "apache22 -- chunk header parsing defect", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "gentoo": [{"lastseen": "2016-10-06T20:54:50", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1546", "CVE-2016-4979", "CVE-2015-3183", "CVE-2014-3581"], "edition": 1, "description": "### Background\n\nApache HTTP Server is one of the most popular web servers on the Internet. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Apache HTTP Server. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nRemote attackers could bypass intended access restrictions, conduct HTTP request smuggling attacks, or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Apache users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/apache-2.4.23\"", "modified": "2016-10-06T00:00:00", "published": "2016-10-06T00:00:00", "id": "GLSA-201610-02", "href": "https://security.gentoo.org/glsa/201610-02", "type": "gentoo", "title": "Apache: Multiple vulnerabilities", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "ubuntu": [{"lastseen": "2020-07-02T11:35:17", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3583", "CVE-2013-5704", "CVE-2015-0228", "CVE-2014-3581", "CVE-2014-8109"], "description": "Martin Holst Swende discovered that the mod_headers module allowed HTTP \ntrailers to replace HTTP headers during request processing. A remote \nattacker could possibly use this issue to bypass RequestHeaders directives. \n(CVE-2013-5704)\n\nMark Montague discovered that the mod_cache module incorrectly handled \nempty HTTP Content-Type headers. A remote attacker could use this issue to \ncause the server to stop responding, leading to a denial of service. This \nissue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2014-3581)\n\nTeguh P. Alko discovered that the mod_proxy_fcgi module incorrectly \nhandled long response headers. A remote attacker could use this issue to \ncause the server to stop responding, leading to a denial of service. This \nissue only affected Ubuntu 14.10. (CVE-2014-3583)\n\nIt was discovered that the mod_lua module incorrectly handled different \narguments within different contexts. A remote attacker could possibly use \nthis issue to bypass intended access restrictions. This issue only affected \nUbuntu 14.10. (CVE-2014-8109)\n\nGuido Vranken discovered that the mod_lua module incorrectly handled a \nspecially crafted websocket PING in certain circumstances. A remote \nattacker could possibly use this issue to cause the server to stop \nresponding, leading to a denial of service. This issue only affected \nUbuntu 14.10. (CVE-2015-0228)", "edition": 5, "modified": "2015-03-10T00:00:00", "published": "2015-03-10T00:00:00", "id": "USN-2523-1", "href": "https://ubuntu.com/security/notices/USN-2523-1", "title": "Apache HTTP Server vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "httpd": [{"lastseen": "2020-12-24T14:26:50", "bulletinFamily": "software", "cvelist": ["CVE-2014-3581"], "description": "\nA NULL pointer deference was found in mod_cache. A malicious HTTP\nserver could cause a crash in a caching forward proxy configuration.\nThis crash would only be a denial of service if using a threaded MPM.\n", "edition": 5, "modified": "2014-09-08T00:00:00", "published": "2014-09-08T00:00:00", "id": "HTTPD:6573AA423444D48814198437D67A124C", "href": "https://httpd.apache.org/security_report.html", "title": "Apache Httpd < None: mod_cache crash with empty Content-Type header", "type": "httpd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-06-08T18:46:51", "bulletinFamily": "software", "cvelist": ["CVE-2014-3581"], "edition": 2, "description": "\nA NULL pointer deference was found in mod_cache. A malicious HTTP\nserver could cause a crash in a caching forward proxy configuration.\nThis crash would only be a denial of service if using a threaded MPM.\n", "modified": "2015-01-30T00:00:00", "published": "2014-09-08T00:00:00", "id": "HTTPD:F2A87ED4391D8B489A9CEE6E7FF7265B", "href": "https://httpd.apache.org/security_report.html", "type": "httpd", "title": "Apache Httpd < 2.4.12: mod_cache crash with empty Content-Type header", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2020-12-24T14:26:50", "bulletinFamily": "software", "cvelist": ["CVE-2013-5704"], "description": "\nHTTP trailers could be used to replace HTTP headers late during request\nprocessing, potentially undoing or otherwise confusing modules that\nexamined or modified request headers earlier.\nThis fix adds the \"MergeTrailers\" directive to restore legacy behavior.\n", "edition": 5, "modified": "2013-10-19T00:00:00", "published": "2013-09-06T00:00:00", "id": "HTTPD:62C816876F31B66A0ABB9350EAB1B165", "href": "https://httpd.apache.org/security_report.html", "title": "Apache Httpd < None: HTTP Trailers processing bypass", "type": "httpd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-06-08T18:46:51", "bulletinFamily": "software", "cvelist": ["CVE-2013-5704"], "edition": 2, "description": "\nHTTP trailers could be used to replace HTTP headers late during request\nprocessing, potentially undoing or otherwise confusing modules that\nexamined or modified request headers earlier.\nThis fix adds the \"MergeTrailers\" directive to restore legacy behavior.\n", "modified": "2015-01-30T00:00:00", "published": "2013-09-06T00:00:00", "id": "HTTPD:E1CF90532AA2021DA820BEF49250B460", "href": "https://httpd.apache.org/security_report.html", "type": "httpd", "title": "Apache Httpd < 2.4.12: HTTP Trailers processing bypass", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2021-06-08T18:46:51", "bulletinFamily": "software", "cvelist": ["CVE-2013-5704"], "edition": 2, "description": "\nHTTP trailers could be used to replace HTTP headers late during request\nprocessing, potentially undoing or otherwise confusing modules that\nexamined or modified request headers earlier.\nThis fix adds the \"MergeTrailers\" directive to restore legacy behavior.\n", "modified": "2014-09-03T00:00:00", "published": "2013-09-06T00:00:00", "id": "HTTPD:A524D631D92D34A98F278942749ECB13", "href": "https://httpd.apache.org/security_report.html", "type": "httpd", "title": "Apache Httpd < 2.2.29: HTTP Trailers processing bypass", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2020-12-24T14:26:50", "bulletinFamily": "software", "cvelist": ["CVE-2015-3183"], "description": "\n An HTTP request smuggling attack was possible due to a bug in parsing of\n chunked requests. A malicious client could force the server to\n misinterpret the request length, allowing cache poisoning or\n credential hijacking if an intermediary proxy is in use. \n", "edition": 5, "modified": "2015-06-09T00:00:00", "published": "2015-04-04T00:00:00", "id": "HTTPD:B401E293B5244BCB5C4A4751BFAFE869", "href": "https://httpd.apache.org/security_report.html", "title": "Apache Httpd < None: HTTP request smuggling attack against chunked request parser", "type": "httpd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-06-08T18:46:51", "bulletinFamily": "software", "cvelist": ["CVE-2015-3183"], "edition": 3, "description": "\n\n An HTTP request smuggling attack was possible due to a bug in parsing of\n chunked requests. A malicious client could force the server to\n misinterpret the request length, allowing cache poisoning or\n credential hijacking if an intermediary proxy is in use.\n \n", "modified": "2015-07-16T00:00:00", "published": "2015-04-04T00:00:00", "id": "HTTPD:EEE8EF011043502558E000564EB457E1", "href": "https://httpd.apache.org/security_report.html", "type": "httpd", "title": "Apache Httpd < 2.2.31: HTTP request smuggling attack against chunked request parser", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2021-06-08T18:46:51", "bulletinFamily": "software", "cvelist": ["CVE-2015-3183"], "edition": 3, "description": "\n\n An HTTP request smuggling attack was possible due to a bug in parsing of\n chunked requests. A malicious client could force the server to\n misinterpret the request length, allowing cache poisoning or\n credential hijacking if an intermediary proxy is in use.\n \n", "modified": "2015-07-15T00:00:00", "published": "2015-04-04T00:00:00", "id": "HTTPD:25A1DF6BFF44ABE7779B9CD4591B50EE", "href": "https://httpd.apache.org/security_report.html", "type": "httpd", "title": "Apache Httpd < 2.4.16: HTTP request smuggling attack against chunked request parser", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "seebug": [{"lastseen": "2017-11-19T17:28:24", "description": "Bugtraq ID:66550\r\nCVE ID:CVE-2013-5704\r\n\r\nModSecurity\u662fWeb\u5e94\u7528\u670d\u52a1\u5668\u3002\r\n\r\nModSecurity\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u5b89\u5168\u9650\u5236\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u6210\u529f\u5229\u7528\u540e\u53ef\u4f7f\u653b\u51fb\u8005\u7ed5\u8fc7\u8fc7\u6ee4\u89c4\u5219\u3002\n0\nmodsecurity\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8bf7\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttp://sourceforge.net/projects/mod-security/", "published": "2014-04-04T00:00:00", "title": "ModSecurity 'mod_headers'\u6a21\u5757\u5b89\u5168\u9650\u5236\u7ed5\u8fc7\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-5704"], "modified": "2014-04-04T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-62058", "id": "SSV:62058", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": ""}], "myhack58": [{"lastseen": "2016-10-29T17:55:46", "bulletinFamily": "info", "cvelist": ["CVE-2014-0230"], "edition": 1, "description": "Affected system:\n\n> The Apache Group Tomcat 8.0.0-RC1 \u2013 8.0.8 \nApache Group Tomcat 7.0.0 \u2013 7.0.54 \nApache Group Tomcat 6.0.0 \u2013 6.0.43\n\nDescription:\n\n* * *\n\nCVE(CAN) ID: [CVE-2 0 1 4-0 2 3 0](<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0230>)\n\nApache Tomcat is a popular open source JSP application server program.\n\nNot reading the request body, i.e. the response to the request is returned to the user agent, Tomcat by default will trust the rest of the request body, then processing the connection on the next request. Tomcat to trust the request body size is not limited. Tomcat does close the connection, the processing thread will also remain connected, this can lead to a limited denial of service.\n\n<*source: AntBean@secdig \n*>\n\nRecommendations:\n\n* * *\n\nManufacturers patch:\n\nThe Apache Group \n---- \nThe current vendors have released an upgrade patch to fix this security issue, please go to the manufacturers home page download:\n\n[1] <http://tomcat.apache.org/security-8.html> \n[2] <http://tomcat.apache.org/security-7.html> \n[3] <http://tomcat.apache.org/security-6.html> \n[4] <http://www.openwall.com/lists/oss-security/2015/04/10/1>\n", "modified": "2015-05-11T00:00:00", "published": "2015-05-11T00:00:00", "href": "http://www.myhack58.com/Article/html/3/62/2015/62233.htm", "id": "MYHACK58:62201562233", "type": "myhack58", "title": "Apache Tomcat denial of service vulnerability(CVE-2 0 1 4-0 2 3 0)-vulnerability warning-the black bar safety net", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:38", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0230"], "description": "When a response for a request with a request body is returned to the\nuser agent before the request body is fully read, by default Tomcat\nswallows the remaining request body so that the next request on the\nconnection may be processed. There was no limit to the size of request\nbody that Tomcat would swallow. This permitted a limited Denial of\nService as Tomcat would never close the connection and a processing\nthread would remain allocated to the connection.", "modified": "2015-05-13T00:00:00", "published": "2015-05-13T00:00:00", "id": "ASA-201505-8", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-May/000321.html", "type": "archlinux", "title": "tomcat6: denial of service", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}]}
