{"cve": [{"lastseen": "2018-11-01T05:11:31", "bulletinFamily": "NVD", "description": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.", "modified": "2018-10-30T12:25:27", "published": "2007-09-13T20:17:00", "id": "CVE-2007-4465", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4465", "title": "CVE-2007-4465", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:34", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html\nVendor Specific News/Changelog Entry: http://bugs.gentoo.org/show_bug.cgi?id=186219\nVendor Specific News/Changelog Entry: http://www.apache.org/dist/httpd/CHANGES_2.2.6\n[Secunia Advisory ID:26952](https://secuniaresearch.flexerasoftware.com/advisories/26952/)\n[Secunia Advisory ID:28467](https://secuniaresearch.flexerasoftware.com/advisories/28467/)\n[Secunia Advisory ID:26842](https://secuniaresearch.flexerasoftware.com/advisories/26842/)\n[Secunia Advisory ID:27882](https://secuniaresearch.flexerasoftware.com/advisories/27882/)\n[Secunia Advisory ID:27563](https://secuniaresearch.flexerasoftware.com/advisories/27563/)\n[Secunia Advisory ID:27732](https://secuniaresearch.flexerasoftware.com/advisories/27732/)\n[Secunia Advisory ID:28471](https://secuniaresearch.flexerasoftware.com/advisories/28471/)\nRedHat RHSA: RHSA-2007:0911\nOther Advisory URL: http://securityreason.com/securityalert/3113\nOther Advisory URL: http://securityreason.com/achievement_securityalert/46\nOther Advisory URL: http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:235\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200711-06.xml\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-11/msg00002.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-09/0129.html\nISS X-Force ID: 36586\n[CVE-2007-4465](https://vulners.com/cve/CVE-2007-4465)\nBugtraq ID: 25653\n", "modified": "2007-09-12T23:03:43", "published": "2007-09-12T23:03:43", "href": "https://vulners.com/osvdb/OSVDB:38636", "id": "OSVDB:38636", "title": "Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:23", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n[Apache2 Undefined Charset UTF-7 XSS Vulnerability ]\r\n\r\nAuthor: SecurityReason\r\nMaksymilian Arciemowicz (cXIb8O3)\r\n\r\nDate:\r\n- - Written: 08.08.2007\r\n- - Public: 11.09.2007\r\n\r\nSecurityReason Research\r\nSecurityAlert Id: 46\r\n\r\nCVE: CVE-2007-4465\r\nSecurityRisk: Low \r\n\r\nAffected Software: Apache 2.x (mod_autoindex)\r\nAdvisory URL: http://securityreason.com/achievement_securityalert/46\r\nVendor: http://httpd.apache.org\r\n\r\n- --- 0.Description ---\r\n\r\nThe Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.\r\n\r\nApache has been the most popular web server on the Internet since April 1996. The November 2005 Netcraft Web Server Survey found that more than 70% of the web sites on the Internet are using Apache, thus making it more widely used than all other web servers combined.\r\n\r\n- --- 1. Apache2 XSS Undefined Charset UTF-7 XSS Vulnerability ---\r\n\r\nThe XSS(UTF7) exist in mod_autoindex.c . Charset is not defined and we can provide XSS attack using "P" option available in apache 2.2.4 by setting Charset to UTF-7. \r\n\r\n"P=pattern lists only files matching the given pattern"\r\n\r\nMore : http://httpd.apache.org/docs/2.0/mod/mod_autoindex.html\r\n\r\n- -Source code from mod_autoindex.c--------------\r\n#if APR_HAS_UNICODE_FS\r\nap_set_content_type(r, "text/html;charset=utf-8");\r\n#else\r\nap_set_content_type(r, "text/html");\r\n#endif\r\n- -Source code from mod_autoindex.c--------------\r\n\r\n\r\nif APR_HAS_UNICODE_FS is set to 1 then we have defined charset and this is present on Windows systems . But on on unix , linux systems the charset is not definded.\r\n\r\n- --- EXAMPLE 1 ---\r\n# telnet localhost 80\r\nTrying 127.0.0.1...\r\nConnected to localhost.\r\nEscape character is '^]'\r\n\r\nGET /icons/ http/1.1\r\nHost: localhost\r\nContent-type: text/html\r\nKeep-Alive: 300\r\nConnection: keep-alive\r\n\r\n\r\nHTTP/1.1 200 OK\r\nDate: Thu, 09 Aug 2007 01:01:48 GMT\r\nServer: Apache/1.3.29 (Unix) PHP/5.1.6 with Suhosin-Patch mod_ssl/2.8.16 OpenSSL/0.9.7j\r\nKeep-Alive: timeout=15, max=100\r\nConnection: Keep-Alive\r\nTransfer-Encoding: chunked\r\nContent-Type: text/html\r\n\r\n\r\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">\r\n<HTML>\r\n<HEAD>\r\n<TITLE>Index of /icons</TITLE>\r\n</HEAD>\r\n<BODY>\r\n<H1>Index of /icons</H1>\r\n...\r\n- --- EXAMPLE 1 ---\r\n\r\n- --- EXAMPLE 2 ---\r\n# telnet httpd.apache.org 80\r\nTrying 140.211.11.130...\r\nConnected to httpd.apache.org.\r\nEscape character is '^]'.\r\n\r\nGET /icons/ http/1.1\r\nHost: httpd.apache.org\r\nContent-type: text/html\r\nKeep-Alive: 300\r\nConnection: keep-alive\r\n\r\n\r\nHTTP/1.1 200 OK\r\nDate: Wed, 08 Aug 2007 23:06:26 GMT\r\nServer: Apache/2.3.0-dev (Unix)\r\nVary: Accept-Encoding\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nTransfer-Encoding: chunked\r\nContent-Type: text/html\r\n\r\n\r\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">\r\n<html>\r\n<head>\r\n<title>Index of /icons</title>\r\n</head>\r\n<body>\r\n<h1>Index of /icons</h1>\r\n...\r\n- --- EXAMPLE 2 ---\r\n\r\nAny request to folder /icons don't give charset in main header and in <head></head> section. In requests like 400 404 etc charset is defined (standard UTF8).\r\n\r\nFor example :\r\n\r\n- --- EXAMPLE 3 (400) ---\r\n# telnet 127.0.0.1 80\r\nTrying 127.0.0.1...\r\nConnected to 127.0.0.1.\r\nEscape character is '^]'.\r\nGET /%0 HTTP/1.1\r\nHost: localhost\r\n\r\nHTTP/1.1 400 Bad Request\r\nDate: Thu, 09 Aug 2007 13:13:32 GMT\r\nServer: Apache/1.3.29 (Unix) PHP/5.1.6 with Suhosin-Patch mod_ssl/2.8.16 OpenSSL/0.9.7j\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/html; charset=iso-8859-1\r\n...\r\n- --- EXAMPLE 3 ---\r\n\r\n- --- EXAMPLE 4 (404) ---\r\n# telnet 127.0.0.1 80\r\nTrying 127.0.0.1...\r\nConnected to 127.0.0.1.\r\nEscape character is '^]'.\r\nGET /noex HTTP/1.1\r\nHost: localhost\r\n\r\nHTTP/1.1 404 Not Found\r\nDate: Thu, 09 Aug 2007 13:14:48 GMT\r\nServer: Apache/1.3.29 (Unix) PHP/5.1.6 with Suhosin-Patch mod_ssl/2.8.16 OpenSSL/0.9.7j\r\nTransfer-Encoding: chunked\r\nContent-Type: text/html; charset=iso-8859-1\r\n...\r\n- --- EXAMPLE 4 ---\r\n\r\nAny request from family 4xx is defined with charset. Because it is possible put the text to site (like wrong patch) in 404. Main idea was that, anybody can't put any text to this site with folder. And it was good idea, but in apache 2.x exist option "P".\r\nLike:\r\n\r\nhttp://localhost/icons/?P=[Filter]\r\n\r\nAny value gived to this variable is displayed in html text. For example :\r\n\r\nhttp://localhost/icons/?P=Hallo\r\n\r\n- --- HTML --------\r\n<pre><img src="/icons/blank.gif" alt="Icon "> <a href="?C=N;O=D;P=Hallo">Name</a>\r\n- -----------------\r\n\r\n- --- 2. Exploit ---\r\n\r\nSecurityReason is not going to release a exploit to the general public.\r\nExploit was provided and tested for Apache Team .\r\n\r\n- --- 3. How to fix ---\r\n\r\nUpdate to Apache 2.2.6\r\n\r\nhttp://www.apache.org/dist/httpd/CHANGES_2.2.6\r\n\r\n- ---\r\nmod_autoindex: Add in Type and Charset options to IndexOptions\r\ndirective. This allows the admin to explicitly set the \r\ncontent-type and charset of the generated page and is therefore\r\na viable workaround for buggy browsers affected by CVE-2007-4465\r\n(cve.mitre.org). [Jim Jagielski]\r\n- ---\r\n\r\n- --- 4. Greets ---\r\n\r\nFor: sp3x, Infospec, p_e_a\r\n\r\n- --- 5. Contact ---\r\n\r\nAuthor: SecurityReason [ Maksymilian Arciemowicz ( cXIb8O3 ) ]\r\nEmail: cxib [at] securityreason [dot] com\r\nGPG: http://securityreason.pl/key/Arciemowicz.Maksymilian.gpg\r\nhttp://securityreason.com\r\nhttp://securityreason.pl\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.6 (OpenBSD)\r\n\r\niD8DBQFG6F0A3Ke13X/fTO4RAg49AJ9ZYTCR02BWOxInIA0qybXBagnu4wCdFvlo\r\nMGWmxpeZzSTbVKnHIP5M+2o=\r\n=BrVf\r\n-----END PGP SIGNATURE-----", "modified": "2007-09-13T00:00:00", "published": "2007-09-13T00:00:00", "id": "SECURITYVULNS:DOC:17995", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:17995", "title": "Apache2 Undefined Charset UTF-7 XSS Vulnerability", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:26", "bulletinFamily": "software", "description": " About the security content of Security Update 2008-003 / Mac OS X 10.5.3\r\n\r\n * Last Modified: May 28, 2008\r\n * Article: HT1897\r\n\r\nSummary\r\n\r\nThis document describes the security content of Security Update 2008-003 / Mac OS X 10.5.3, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.\r\n\r\nFor the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.\r\n\r\nFor information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."\r\n\r\nWhere possible, CVE IDs are used to reference the vulnerabilities for further information.\r\n\r\nTo learn about other Security Updates, see "Apple Security Updates."\r\nProducts Affected\r\n\r\nSecurity\r\nSecurity Update 2008-003 / Mac OS X v10.5.3\r\n\r\n * AFP Server\r\n\r\n CVE-ID: CVE-2008-1027\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Files that are not designated for sharing may be accessed remotely\r\n\r\n Description: AFP Server did not check that a file or directory to be served was inside a folder designated for sharing. A connected user or guest may access any files or folders for which they have permission, even if not contained in folders designated for sharing. This update addresses the issue by denying access to files and folders that are not inside a folder designated for sharing. Credit to Alex deVries and Robert Rich for reporting this issue.\r\n\r\n * Apache\r\n\r\n CVE-ID: CVE-2005-3352, CVE-2005-3357, CVE-2006-3747, CVE-2007-1863, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388\r\n\r\n Available for: Mac OS X Server v10.4.11\r\n\r\n Impact: Multiple vulnerabilities in Apache 2.0.55\r\n\r\n Description: Apache is updated to version 2.0.63 to address several vulnerabilities, the most serious of which may lead to cross-site scripting. Further information is available via the Apache web site at http://httpd.apache.org. Apache 2.0.x is only shipped with Mac OS X Server v10.4.x systems. Mac OS X v10.5.x and Mac OS X Server v10.5.x ship with Apache 2.2.x. The issues that affected Apache 2.2.x were addressed in Security Update 2008-002 for Mac OS X v10.5.2 and Mac OS X Server v10.5.2.\r\n\r\n * AppKit\r\n\r\n CVE-ID: CVE-2008-1028\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11\r\n\r\n Impact: Opening a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An implementation issue exists in AppKit's processing of document files. Opening a maliciously crafted file in an editor that uses AppKit, such as TextEdit, may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved validation of document files. This issue does not affect systems running Mac OS X 10.5 or later. Credit to Rosyna of Unsanity for reporting this issue.\r\n\r\n * Apple Pixlet Video\r\n\r\n CVE-ID: CVE-2008-1577\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: Multiple memory corruption issues exist in the handling of files using the Pixlet codec. Opening a maliciously crafted movie file may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.\r\n\r\n * ATS\r\n\r\n CVE-ID: CVE-2008-1575\r\n\r\n Available for: Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Printing a PDF document containing a maliciously crafted embedded font may lead to arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in the Apple Type Services server's handling of embedded fonts in PDF files. Printing a PDF document containing a maliciously crafted font may lead to arbitrary code execution. This update addresses the issue by performing additional validation of embedded fonts. This issue does not affect systems prior to Mac OS X v10.5. Credit to Melissa O'Neill of Harvey Mudd College for reporting this issue.\r\n\r\n * CFNetwork\r\n\r\n CVE-ID: CVE-2008-1580\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information\r\n\r\n Description: An information disclosure issue exists in Safari's SSL client certificate handling. When a web server issues a client certificate request, the first client certificate found in the keychain is automatically sent, which may lead to the disclosure of the information contained in the certificate. This update addresses the issue by prompting the user before sending the certificate.\r\n\r\n * CoreFoundation\r\n\r\n CVE-ID: CVE-2008-1030\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Applications' use of the CFData API in certain ways may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer overflow in CoreFoundation's handling of CFData objects may result in a heap buffer overflow. An application calling CFDataReplaceBytes with an with invalid length argument may unexpectedly terminate or lead to arbitrary code execution. This update addresses the issue by performing additional validation of length parameters.\r\n\r\n * CoreGraphics\r\n\r\n CVE-ID: CVE-2008-1031\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An uninitialized variable issue exists in CoreGraphics' handling of PDF files. Opening a maliciously crafted PDF file may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through proper initialization of pointers.\r\n\r\n * CoreTypes\r\n\r\n CVE-ID: CVE-2008-1032\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Users are not warned before opening certain potentially unsafe content types\r\n\r\n Description: This update extends the system's list of content types that will be flagged as potentially unsafe under certain circumstances, such as when they are downloaded from a web page. While these content types are not automatically launched, if manually opened they could lead to the execution of a malicious payload. This update improves the system's ability to notify users before handling content types used by Automator, Help, Safari, and Terminal. On Mac OS X v10.4 this functionality is provided by the Download Validation feature. On Mac OS X v10.5 this functionality is provided by the Quarantine feature. Credit to Brian Mastenbrook for reporting this issue.\r\n\r\n * CUPS\r\n\r\n CVE-ID: CVE-2008-1033\r\n\r\n Available for: Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Printing to password-protected printers with debug logging enabled may lead to the disclosure of sensitive information\r\n\r\n Description: An issue exists in the CUPS scheduler's check of the authentication environment variables when debug logging is enabled. This may lead to the disclosure of the username, domain, and password when printing to a password-protected printer. This update addresses the issue by properly validating environment variables. This issue does not affect systems prior to Mac OS X v10.5 with Security Update 2008-002 installed.\r\n\r\n * Flash Player Plug-in\r\n\r\n CVE-ID: CVE-2007-5275, CVE-2007- 6243, CVE-2007- 6637, CVE-2007-6019, CVE-2007-0071, CVE-2008-1655, CVE-2008-1654\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Opening maliciously crafted Flash content may lead to arbitrary code execution\r\n\r\n Description: Multiple issues exist in Adobe Flash Player Plug-in, the most serious of which may lead to arbitrary code execution. This update addresses the issue by updating to version 9.0.124.0. Further information is available via the Adobe web site at http://www.adobe.com/support/security/bulletins/apsb08-11.html\r\n\r\n * Help Viewer\r\n\r\n CVE-ID: CVE-2008-1034\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11\r\n\r\n Impact: A malicious help:topic URL may cause an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer underflow in Help Viewer's handling of help:topic URLs may result in a buffer overflow. Accessing a malicious help:topic URL may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect systems running Mac OS X 10.5 or later. Credit to Paul Haddad of PTH Consulting for reporting this issue.\r\n\r\n * iCal\r\n\r\n CVE-ID: CVE-2008-1035\r\n\r\n Available for: Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Opening a maliciously crafted iCalendar file in iCal may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A use-after-free issue exists in the iCal application's handling of iCalendar (usually ".ics") files. Opening a maliciously crafted iCalendar file in iCal may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by improving reference counting in the affected code. This issue does not affect systems prior to Mac OS X v10.5. Credit to Rodrigo Carvalho of Core Security Technologies for reporting this issue.\r\n\r\n * International Components for Unicode\r\n\r\n CVE-ID: CVE-2008-1036\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Visiting certain web sites may result in the disclosure of sensitive information\r\n\r\n Description: A conversion issue exists in ICU's handling of certain character encodings. Particular invalid character sequences may not appear in the converted output, and this can affect content filters. Visiting a maliciously crafted web site may lead to cross site scripting and the disclosure of sensitive information. This update addresses the issue by replacing invalid character sequences with a fallback character.\r\n\r\n * Image Capture\r\n\r\n CVE-ID: CVE-2008-1571\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11\r\n\r\n Impact: Accessing a maliciously crafted URL may lead to information disclosure\r\n\r\n Description: A path traversal issue exists in Image Capture's embedded web server. This may lead to the disclosure of local files on the server system. This update addresses the issue through improved URL handling. This issue does not affect systems running Mac OS X v10.5 or later.\r\n\r\n * Image Capture\r\n\r\n \r\n\r\n CVE-ID: CVE-2008-1572\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11\r\n\r\n Impact: A local user may manipulate files with the privileges of another user running Image Capture\r\n\r\n Description: An insecure file operation exists in Image Capture's handling of temporary files. This could allow a local user to overwrite files with the privileges of another user running Image Capture, or to access the contents of images being resized. This update addresses the issue through improved handling of temporary files. This issue does not affect systems running Mac OS X v10.5 or later.\r\n\r\n * ImageIO\r\n\r\n \r\n\r\n CVE-ID: CVE-2008-1573\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Viewing a maliciously crafted BMP or GIF image may lead to information disclosure\r\n\r\n Description: An out-of-bounds memory read may occur in the BMP and GIF image decoding engine, which may lead to the disclosure of content in memory. This update addresses the issue by performing additional validation of BMP and GIF images. Credit to Gynvael Coldwind of Hispasec for reporting this issue.\r\n\r\n * ImageIO\r\n\r\n \r\n\r\n CVE-ID: CVE-2007-5266, CVE-2007-5268, CVE-2007-5269\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Multiple vulnerabilities in libpng version 1.2.18\r\n\r\n Description: Multiple vulnerabilities exist in libpng version 1.2.18, the most serious of which may lead to a remote denial of service. This update addresses the issue by updating to version 1.2.24. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html\r\n\r\n * ImageIO\r\n\r\n \r\n\r\n CVE-ID: CVE-2008-1574\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Viewing a maliciously crafted JPEG2000 image file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer overflow in the handling of JPEG2000 image files may result in a heap buffer overflow. Viewing a maliciously crafted JPEG2000 image file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through additional validation of JPEG2000 images.\r\n\r\n * Kernel\r\n\r\n \r\n\r\n CVE-ID: CVE-2008-0177\r\n\r\n Available for: Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: A remote attacker may be able to cause to an unexpected system shutdown\r\n\r\n Description: An undetected failure condition exists in the handling of packets with an IPComp header. By sending a maliciously crafted packet to a system configured to use IPSec or IPv6, an attacker may cause an unexpected system shutdown. This update addresses the issue by properly detecting the failure condition.\r\n\r\n * Kernel\r\n\r\n \r\n\r\n CVE-ID: CVE-2007-6359\r\n\r\n Available for: Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: A local user may be able to cause an unexpected system shutdown\r\n\r\n Description: A null pointer dereference exists in the kernel's handling of code signatures in the cs_validate_page function. This may allow a local user to cause an unexpected system shutdown. This update addresses the issue by performing additional validation of code signatures. This issue does not affect systems prior to Mac OS X v10.5.\r\n\r\n * LoginWindow\r\n\r\n \r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11\r\n\r\n Impact: Managed Client preferences may not be applied\r\n\r\n Description: This update addresses a non-security issue introduced in Security Update 2007-004. Due to a race condition, LoginWindow may fail to apply certain preferences to fail on systems managed by Managed Client for Mac OS X (MCX). This update addresses the issue by eliminating the race condition in the handling of managed preferences. This issue does not affect systems running Mac OS X v10.5.\r\n\r\n * Mail\r\n\r\n \r\n\r\n CVE-ID: CVE-2008-1576\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11\r\n\r\n Impact: Sending mail through an SMTP server over IPv6 may lead to an unexpected application termination, information disclosure, or arbitrary code execution\r\n\r\n Description: An uninitialized buffer issue exists in Mail. When sending mail through an SMTP server over IPv6, Mail may use a buffer containing partially uninitialized memory, which could result in the disclosure of sensitive information to message recipients and mail server administrators. This could also potentially lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by properly initializing the variable. This issue does not affect systems running Mac OS X v10.5 or later. Credit to Derek Morr of The Pennsylvania State University for reporting this issue.\r\n\r\n * ruby\r\n\r\n \r\n\r\n CVE-ID: CVE-2007-6612\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: A remote attacker may be able to read arbitrary files\r\n\r\n Description: Mongrel is updated to version 1.1.4 to address a directory traversal issue in DirHandler which may lead to the disclosure of sensitive information. Further information is available via the Mongrel web site at http://mongrel.rubyforge.org\r\n\r\n * Single Sign-On\r\n\r\n \r\n\r\n CVE-ID: CVE-2008-1578\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Passwords supplied to sso_util are exposed to other local users\r\n\r\n Description: The sso_util command-line tool required that passwords be passed to it in its arguments, potentially exposing the passwords to other local users. Passwords exposed include those for users, administrators, and the KDC administration password. This update makes the password parameter optional, and sso_util will prompt for the password if needed. Credit to Geoff Franks of Hauptman Woodward Institute for reporting this issue.\r\n\r\n * Wiki Server\r\n\r\n \r\n\r\n CVE-ID: CVE-2008-1579\r\n\r\n Available for: Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: A remote attacker may determine valid user names on servers with the Wiki Server enabled\r\n\r\n Description: An information disclosure issue exists in Wiki Server when a nonexistent blog is accessed. Using the information in the error message, an attacker may deduce the existence of local user names. This update addresses the issue through improved handling of error messages. This issue does not affect systems prior to Mac OS X v10.5. Credit to Don Rainwater of the University of Cincinnati for reporting this issue.\r\n\r\n \r\n\r\nImportant: Mention of third-party websites and products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the selection, performance or use of information or products found at third-party websites. Apple provides this only as a convenience to our users. Apple has not tested the information found on these sites and makes no representations regarding its accuracy or reliability. There are risks inherent in the use of any information or products found on the Internet, and Apple assumes no responsibility in this regard. Please understand that a third-party site is independent from Apple and that Apple has no control over the content on that website. Please contact the vendor for additional information.", "modified": "2008-05-30T00:00:00", "published": "2008-05-30T00:00:00", "id": "SECURITYVULNS:DOC:19937", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19937", "title": " About the security content of Security Update 2008-003 / Mac OS X 10.5.3", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-01-16T20:07:29", "bulletinFamily": "scanner", "description": "This update includes the latest release of httpd, fixing two security\nissues.\n\nA flaw was found in the mod_proxy module. On sites where a reverse\nproxy is configured, a remote attacker could send a carefully crafted\nrequest that would cause the Apache child process handling that\nrequest to crash. On sites where a forward proxy is configured, an\nattacker could cause a similar crash if a user could be persuaded to\nvisit a malicious site using the proxy. This could lead to a denial of\nservice if using a threaded Multi-Processing Module. (CVE-2007-3847)\n\nA flaw was found in the mod_autoindex module. On sites where directory\nlistings are used, and the AddDefaultCharset directive has been\nremoved from the configuration, a cross-site-scripting attack may be\npossible against browsers which do not correctly derive the response\ncharacter set following the rules in RFC 2616. (CVE-2007-4465)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2015-10-21T00:00:00", "published": "2007-09-25T00:00:00", "id": "FEDORA_2007-707.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=26114", "title": "Fedora Core 6 : httpd-2.2.6-1.fc6 (2007-707)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-707.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(26114);\n script_version (\"$Revision: 1.19 $\");\n script_cvs_date(\"$Date: 2015/10/21 22:04:03 $\");\n\n script_cve_id(\"CVE-2007-3847\", \"CVE-2007-4465\");\n script_xref(name:\"FEDORA\", value:\"2007-707\");\n\n script_name(english:\"Fedora Core 6 : httpd-2.2.6-1.fc6 (2007-707)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes the latest release of httpd, fixing two security\nissues.\n\nA flaw was found in the mod_proxy module. On sites where a reverse\nproxy is configured, a remote attacker could send a carefully crafted\nrequest that would cause the Apache child process handling that\nrequest to crash. On sites where a forward proxy is configured, an\nattacker could cause a similar crash if a user could be persuaded to\nvisit a malicious site using the proxy. This could lead to a denial of\nservice if using a threaded Multi-Processing Module. (CVE-2007-3847)\n\nA flaw was found in the mod_autoindex module. On sites where directory\nlistings are used, and the AddDefaultCharset directive has been\nremoved from the configuration, a cross-site-scripting attack may be\npossible against browsers which do not correctly derive the response\ncharacter set following the rules in RFC 2616. (CVE-2007-4465)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-September/003878.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0b4b4767\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/09/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 6.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC6\", reference:\"httpd-2.2.6-1.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"httpd-debuginfo-2.2.6-1.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"httpd-devel-2.2.6-1.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"httpd-manual-2.2.6-1.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"mod_ssl-2.2.6-1.fc6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / mod_ssl\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:07:52", "bulletinFamily": "scanner", "description": "A flaw in the Apache mod_proxy module was found that could potentially\nlead to a denial of service is using a threaded Multi-Processing\nModule. On sites where a reverse proxy is configured, a remote\nattacker could send a special reequest that would cause the Apache\nchild process handling the request to crash. Likewise, a similar crash\ncould occur on sites with a forward proxy configured if a user could\nbe persuaded to visit a malicious site using the proxy\n(CVE-2007-3847).\n\nA flaw in the Apache mod_autoindex module was found. On sites where\ndirectory listings are used and the AddDefaultCharset directive was\nremoved from the configuration, a cross-site-scripting attack could be\npossible against browsers that to not correctly derive the response\ncharacter set according to the rules in RGC 2616 (CVE-2007-4465).\n\nThe updated packages have been patched to correct this issue.", "modified": "2018-07-19T00:00:00", "published": "2007-12-04T00:00:00", "id": "MANDRAKE_MDKSA-2007-235.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29202", "title": "Mandrake Linux Security Advisory : apache (MDKSA-2007:235)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2007:235. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29202);\n script_version (\"1.19\");\n script_cvs_date(\"Date: 2018/07/19 20:59:14\");\n\n script_cve_id(\"CVE-2007-3847\", \"CVE-2007-4465\");\n script_xref(name:\"MDKSA\", value:\"2007:235\");\n\n script_name(english:\"Mandrake Linux Security Advisory : apache (MDKSA-2007:235)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw in the Apache mod_proxy module was found that could potentially\nlead to a denial of service is using a threaded Multi-Processing\nModule. On sites where a reverse proxy is configured, a remote\nattacker could send a special reequest that would cause the Apache\nchild process handling the request to crash. Likewise, a similar crash\ncould occur on sites with a forward proxy configured if a user could\nbe persuaded to visit a malicious site using the proxy\n(CVE-2007-3847).\n\nA flaw in the Apache mod_autoindex module was found. On sites where\ndirectory listings are used and the AddDefaultCharset directive was\nremoved from the configuration, a cross-site-scripting attack could be\npossible against browsers that to not correctly derive the response\ncharacter set according to the rules in RGC 2616 (CVE-2007-4465).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-htcacheclean\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_authn_dbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_dav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_dbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_deflate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_disk_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_file_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_mem_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_proxy_ajp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_userdir\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-itk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.0\", reference:\"apache-base-2.2.3-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"apache-devel-2.2.3-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"apache-htcacheclean-2.2.3-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"apache-mod_authn_dbd-2.2.3-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"apache-mod_cache-2.2.3-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"apache-mod_dav-2.2.3-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"apache-mod_dbd-2.2.3-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"apache-mod_deflate-2.2.3-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"apache-mod_disk_cache-2.2.3-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"apache-mod_file_cache-2.2.3-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"apache-mod_ldap-2.2.3-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"apache-mod_mem_cache-2.2.3-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"apache-mod_proxy-2.2.3-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"apache-mod_proxy_ajp-2.2.3-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"apache-mod_ssl-2.2.3-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"apache-mod_userdir-2.2.3-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"apache-modules-2.2.3-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"apache-mpm-prefork-2.2.3-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"apache-mpm-worker-2.2.3-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"apache-source-2.2.3-1.2mdv2007.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-base-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-devel-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-htcacheclean-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-mod_authn_dbd-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-mod_cache-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-mod_dav-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-mod_dbd-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-mod_deflate-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-mod_disk_cache-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-mod_file_cache-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-mod_ldap-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-mod_mem_cache-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-mod_proxy-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-mod_proxy_ajp-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-mod_ssl-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-mod_userdir-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-modules-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-mpm-event-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-mpm-itk-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-mpm-prefork-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-mpm-worker-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-source-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:16:27", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2008:0006 :\n\nUpdated Apache httpd packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server.\n\nA flaw was found in the mod_imap module. On sites where mod_imap was\nenabled and an imagemap file was publicly available, a cross-site\nscripting attack was possible. (CVE-2007-5000)\n\nA flaw was found in the mod_autoindex module. On sites where directory\nlistings are used, and the 'AddDefaultCharset' directive has been\nremoved from the configuration, a cross-site scripting attack was\npossible against Web browsers which do not correctly derive the\nresponse character set following the rules in RFC 2616.\n(CVE-2007-4465)\n\nA flaw was found in the mod_status module. On sites where mod_status\nwas enabled and the status pages were publicly available, a cross-site\nscripting attack was possible. (CVE-2007-6388)\n\nA flaw was found in the mod_proxy_ftp module. On sites where\nmod_proxy_ftp was enabled and a forward proxy was configured, a\ncross-site scripting attack was possible against Web browsers which do\nnot correctly derive the response character set following the rules in\nRFC 2616. (CVE-2008-0005)\n\nUsers of Apache httpd should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Users should\nrestart httpd after installing this update.", "modified": "2018-07-18T00:00:00", "published": "2013-07-12T00:00:00", "id": "ORACLELINUX_ELSA-2008-0006.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67632", "title": "Oracle Linux 4 : httpd (ELSA-2008-0006)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0006 and \n# Oracle Linux Security Advisory ELSA-2008-0006 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67632);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2007-4465\", \"CVE-2007-5000\", \"CVE-2007-6388\", \"CVE-2008-0005\");\n script_bugtraq_id(25489, 25653, 26838, 27234, 27237);\n script_xref(name:\"RHSA\", value:\"2008:0006\");\n\n script_name(english:\"Oracle Linux 4 : httpd (ELSA-2008-0006)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0006 :\n\nUpdated Apache httpd packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server.\n\nA flaw was found in the mod_imap module. On sites where mod_imap was\nenabled and an imagemap file was publicly available, a cross-site\nscripting attack was possible. (CVE-2007-5000)\n\nA flaw was found in the mod_autoindex module. On sites where directory\nlistings are used, and the 'AddDefaultCharset' directive has been\nremoved from the configuration, a cross-site scripting attack was\npossible against Web browsers which do not correctly derive the\nresponse character set following the rules in RFC 2616.\n(CVE-2007-4465)\n\nA flaw was found in the mod_status module. On sites where mod_status\nwas enabled and the status pages were publicly available, a cross-site\nscripting attack was possible. (CVE-2007-6388)\n\nA flaw was found in the mod_proxy_ftp module. On sites where\nmod_proxy_ftp was enabled and a forward proxy was configured, a\ncross-site scripting attack was possible against Web browsers which do\nnot correctly derive the response character set following the rules in\nRFC 2616. (CVE-2008-0005)\n\nUsers of Apache httpd should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Users should\nrestart httpd after installing this update.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-January/000487.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"httpd-2.0.52-38.ent.2.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"httpd-2.0.52-38.ent.2.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"httpd-devel-2.0.52-38.ent.2.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"httpd-devel-2.0.52-38.ent.2.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"httpd-manual-2.0.52-38.ent.2.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"httpd-manual-2.0.52-38.ent.2.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"httpd-suexec-2.0.52-38.ent.2.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"httpd-suexec-2.0.52-38.ent.2.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"mod_ssl-2.0.52-38.ent.2.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"mod_ssl-2.0.52-38.ent.2.0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-suexec / mod_ssl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-01-16T20:07:54", "bulletinFamily": "scanner", "description": "Several bugs were fixed in the Apache2 webserver :\n\nThese include the following security issues :\n\n - mod_status: Fix a possible XSS attack against a site\n with a public server-status page and ExtendedStatus\n enabled, for browsers which perform charset 'detection'.\n (CVE-2006-5752)\n\n - mod_cache: Prevent a segmentation fault if attributes\n are listed in a Cache-Control header without any value.\n (CVE-2007-1863)\n\n - prefork, worker, event MPMs: Ensure that the parent\n process cannot be forced to kill processes outside its\n process group. (CVE-2007-3304)\n\n - mod_proxy: Prevent reading past the end of a buffer when\n parsing date-related headers. PR 41144. (CVE-2007-3847)\n\n - mod_autoindex: Add in ContentType and Charset options to\n IndexOptions directive. This allows the admin to\n explicitly set the content-type and charset of the\n generated page. (CVE-2007-4465)\n\nand the following non-security issues :\n\n - get_module_list: replace loadmodule.conf atomically\n\n - Use File::Temp to create good tmpdir in logresolve.pl2\n (httpd-2.x.x-logresolve.patchs)", "modified": "2013-07-20T00:00:00", "published": "2007-12-13T00:00:00", "id": "SUSE_APACHE2-4669.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29373", "title": "SuSE 10 Security Update : apache2 (ZYPP Patch Number 4669)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29373);\n script_version (\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2013/07/20 01:58:54 $\");\n\n script_cve_id(\"CVE-2006-5752\", \"CVE-2007-1863\", \"CVE-2007-3304\", \"CVE-2007-3847\", \"CVE-2007-4465\");\n\n script_name(english:\"SuSE 10 Security Update : apache2 (ZYPP Patch Number 4669)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several bugs were fixed in the Apache2 webserver :\n\nThese include the following security issues :\n\n - mod_status: Fix a possible XSS attack against a site\n with a public server-status page and ExtendedStatus\n enabled, for browsers which perform charset 'detection'.\n (CVE-2006-5752)\n\n - mod_cache: Prevent a segmentation fault if attributes\n are listed in a Cache-Control header without any value.\n (CVE-2007-1863)\n\n - prefork, worker, event MPMs: Ensure that the parent\n process cannot be forced to kill processes outside its\n process group. (CVE-2007-3304)\n\n - mod_proxy: Prevent reading past the end of a buffer when\n parsing date-related headers. PR 41144. (CVE-2007-3847)\n\n - mod_autoindex: Add in ContentType and Charset options to\n IndexOptions directive. This allows the admin to\n explicitly set the content-type and charset of the\n generated page. (CVE-2007-4465)\n\nand the following non-security issues :\n\n - get_module_list: replace loadmodule.conf atomically\n\n - Use File::Temp to create good tmpdir in logresolve.pl2\n (httpd-2.x.x-logresolve.patchs)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-5752.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-1863.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-3304.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-3847.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-4465.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 4669.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"apache2-2.2.3-16.15\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"apache2-devel-2.2.3-16.15\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"apache2-doc-2.2.3-16.15\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"apache2-example-pages-2.2.3-16.15\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"apache2-prefork-2.2.3-16.15\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"apache2-worker-2.2.3-16.15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:16:27", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2008:0005 :\n\nUpdated Apache httpd packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server.\n\nA flaw was found in the mod_imap module. On sites where mod_imap was\nenabled and an imagemap file was publicly available, a cross-site\nscripting attack was possible. (CVE-2007-5000)\n\nA flaw was found in the mod_autoindex module. On sites where directory\nlistings are used, and the 'AddDefaultCharset' directive has been\nremoved from the configuration, a cross-site scripting attack was\npossible against Web browsers which did not correctly derive the\nresponse character set following the rules in RFC 2616.\n(CVE-2007-4465)\n\nA flaw was found in the mod_proxy module. On sites where a reverse\nproxy is configured, a remote attacker could send a carefully crafted\nrequest that would cause the Apache child process handling that\nrequest to crash. On sites where a forward proxy is configured, an\nattacker could cause a similar crash if a user could be persuaded to\nvisit a malicious site using the proxy. This could lead to a denial of\nservice if using a threaded Multi-Processing Module. (CVE-2007-3847)\n\nA flaw was found in the mod_status module. On sites where mod_status\nwas enabled and the status pages were publicly available, a cross-site\nscripting attack was possible. (CVE-2007-6388)\n\nA flaw was found in the mod_proxy_ftp module. On sites where\nmod_proxy_ftp was enabled and a forward proxy was configured, a\ncross-site scripting attack was possible against Web browsers which\ndid not correctly derive the response character set following the\nrules in RFC 2616. (CVE-2008-0005)\n\nUsers of Apache httpd should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Users should\nrestart httpd after installing this update.", "modified": "2018-07-18T00:00:00", "published": "2013-07-12T00:00:00", "id": "ORACLELINUX_ELSA-2008-0005.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67631", "title": "Oracle Linux 3 : httpd (ELSA-2008-0005)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0005 and \n# Oracle Linux Security Advisory ELSA-2008-0005 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67631);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2007-3847\", \"CVE-2007-4465\", \"CVE-2007-5000\", \"CVE-2007-6388\", \"CVE-2008-0005\");\n script_bugtraq_id(25489, 25653, 26838, 27234, 27237);\n script_xref(name:\"RHSA\", value:\"2008:0005\");\n\n script_name(english:\"Oracle Linux 3 : httpd (ELSA-2008-0005)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0005 :\n\nUpdated Apache httpd packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server.\n\nA flaw was found in the mod_imap module. On sites where mod_imap was\nenabled and an imagemap file was publicly available, a cross-site\nscripting attack was possible. (CVE-2007-5000)\n\nA flaw was found in the mod_autoindex module. On sites where directory\nlistings are used, and the 'AddDefaultCharset' directive has been\nremoved from the configuration, a cross-site scripting attack was\npossible against Web browsers which did not correctly derive the\nresponse character set following the rules in RFC 2616.\n(CVE-2007-4465)\n\nA flaw was found in the mod_proxy module. On sites where a reverse\nproxy is configured, a remote attacker could send a carefully crafted\nrequest that would cause the Apache child process handling that\nrequest to crash. On sites where a forward proxy is configured, an\nattacker could cause a similar crash if a user could be persuaded to\nvisit a malicious site using the proxy. This could lead to a denial of\nservice if using a threaded Multi-Processing Module. (CVE-2007-3847)\n\nA flaw was found in the mod_status module. On sites where mod_status\nwas enabled and the status pages were publicly available, a cross-site\nscripting attack was possible. (CVE-2007-6388)\n\nA flaw was found in the mod_proxy_ftp module. On sites where\nmod_proxy_ftp was enabled and a forward proxy was configured, a\ncross-site scripting attack was possible against Web browsers which\ndid not correctly derive the response character set following the\nrules in RFC 2616. (CVE-2008-0005)\n\nUsers of Apache httpd should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Users should\nrestart httpd after installing this update.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-January/000486.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"httpd-2.0.46-70.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"httpd-2.0.46-70.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"httpd-devel-2.0.46-70.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"httpd-devel-2.0.46-70.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"mod_ssl-2.0.46-70.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"mod_ssl-2.0.46-70.ent.0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / mod_ssl\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:08:01", "bulletinFamily": "scanner", "description": "Updated Apache httpd packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server.\n\nA flaw was found in the mod_imap module. On sites where mod_imap was\nenabled and an imagemap file was publicly available, a cross-site\nscripting attack was possible. (CVE-2007-5000)\n\nA flaw was found in the mod_autoindex module. On sites where directory\nlistings are used, and the 'AddDefaultCharset' directive has been\nremoved from the configuration, a cross-site scripting attack was\npossible against Web browsers which do not correctly derive the\nresponse character set following the rules in RFC 2616.\n(CVE-2007-4465)\n\nA flaw was found in the mod_status module. On sites where mod_status\nwas enabled and the status pages were publicly available, a cross-site\nscripting attack was possible. (CVE-2007-6388)\n\nA flaw was found in the mod_proxy_ftp module. On sites where\nmod_proxy_ftp was enabled and a forward proxy was configured, a\ncross-site scripting attack was possible against Web browsers which do\nnot correctly derive the response character set following the rules in\nRFC 2616. (CVE-2008-0005)\n\nUsers of Apache httpd should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Users should\nrestart httpd after installing this update.", "modified": "2018-11-10T00:00:00", "published": "2008-01-15T00:00:00", "id": "CENTOS_RHSA-2008-0006.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29967", "title": "CentOS 4 : httpd (CESA-2008:0006)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0006 and \n# CentOS Errata and Security Advisory 2008:0006 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29967);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/11/10 11:49:28\");\n\n script_cve_id(\"CVE-2007-4465\", \"CVE-2007-5000\", \"CVE-2007-6388\", \"CVE-2008-0005\");\n script_bugtraq_id(25489, 25653, 26838, 27234, 27237);\n script_xref(name:\"RHSA\", value:\"2008:0006\");\n\n script_name(english:\"CentOS 4 : httpd (CESA-2008:0006)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated Apache httpd packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server.\n\nA flaw was found in the mod_imap module. On sites where mod_imap was\nenabled and an imagemap file was publicly available, a cross-site\nscripting attack was possible. (CVE-2007-5000)\n\nA flaw was found in the mod_autoindex module. On sites where directory\nlistings are used, and the 'AddDefaultCharset' directive has been\nremoved from the configuration, a cross-site scripting attack was\npossible against Web browsers which do not correctly derive the\nresponse character set following the rules in RFC 2616.\n(CVE-2007-4465)\n\nA flaw was found in the mod_status module. On sites where mod_status\nwas enabled and the status pages were publicly available, a cross-site\nscripting attack was possible. (CVE-2007-6388)\n\nA flaw was found in the mod_proxy_ftp module. On sites where\nmod_proxy_ftp was enabled and a forward proxy was configured, a\ncross-site scripting attack was possible against Web browsers which do\nnot correctly derive the response character set following the rules in\nRFC 2616. (CVE-2008-0005)\n\nUsers of Apache httpd should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Users should\nrestart httpd after installing this update.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-January/014607.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cb20db8c\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-January/014608.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?297e8e41\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-January/014610.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b5e7d236\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", reference:\"httpd-2.0.52-38.ent.centos4.2\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"httpd-devel-2.0.52-38.ent.centos4.2\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"httpd-manual-2.0.52-38.ent.centos4.2\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"httpd-suexec-2.0.52-38.ent.centos4.2\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"mod_ssl-2.0.52-38.ent.centos4.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-01-16T20:08:01", "bulletinFamily": "scanner", "description": "Updated Apache httpd packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server.\n\nA flaw was found in the mod_imap module. On sites where mod_imap was\nenabled and an imagemap file was publicly available, a cross-site\nscripting attack was possible. (CVE-2007-5000)\n\nA flaw was found in the mod_autoindex module. On sites where directory\nlistings are used, and the 'AddDefaultCharset' directive has been\nremoved from the configuration, a cross-site scripting attack was\npossible against Web browsers which did not correctly derive the\nresponse character set following the rules in RFC 2616.\n(CVE-2007-4465)\n\nA flaw was found in the mod_proxy module. On sites where a reverse\nproxy is configured, a remote attacker could send a carefully crafted\nrequest that would cause the Apache child process handling that\nrequest to crash. On sites where a forward proxy is configured, an\nattacker could cause a similar crash if a user could be persuaded to\nvisit a malicious site using the proxy. This could lead to a denial of\nservice if using a threaded Multi-Processing Module. (CVE-2007-3847)\n\nA flaw was found in the mod_status module. On sites where mod_status\nwas enabled and the status pages were publicly available, a cross-site\nscripting attack was possible. (CVE-2007-6388)\n\nA flaw was found in the mod_proxy_ftp module. On sites where\nmod_proxy_ftp was enabled and a forward proxy was configured, a\ncross-site scripting attack was possible against Web browsers which\ndid not correctly derive the response character set following the\nrules in RFC 2616. (CVE-2008-0005)\n\nUsers of Apache httpd should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Users should\nrestart httpd after installing this update.", "modified": "2018-11-10T00:00:00", "published": "2008-01-15T00:00:00", "id": "CENTOS_RHSA-2008-0005.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29966", "title": "CentOS 3 : httpd (CESA-2008:0005)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0005 and \n# CentOS Errata and Security Advisory 2008:0005 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29966);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/11/10 11:49:28\");\n\n script_cve_id(\"CVE-2007-3847\", \"CVE-2007-4465\", \"CVE-2007-5000\", \"CVE-2007-6388\", \"CVE-2008-0005\");\n script_bugtraq_id(25489, 25653, 26838, 27234, 27237);\n script_xref(name:\"RHSA\", value:\"2008:0005\");\n\n script_name(english:\"CentOS 3 : httpd (CESA-2008:0005)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated Apache httpd packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server.\n\nA flaw was found in the mod_imap module. On sites where mod_imap was\nenabled and an imagemap file was publicly available, a cross-site\nscripting attack was possible. (CVE-2007-5000)\n\nA flaw was found in the mod_autoindex module. On sites where directory\nlistings are used, and the 'AddDefaultCharset' directive has been\nremoved from the configuration, a cross-site scripting attack was\npossible against Web browsers which did not correctly derive the\nresponse character set following the rules in RFC 2616.\n(CVE-2007-4465)\n\nA flaw was found in the mod_proxy module. On sites where a reverse\nproxy is configured, a remote attacker could send a carefully crafted\nrequest that would cause the Apache child process handling that\nrequest to crash. On sites where a forward proxy is configured, an\nattacker could cause a similar crash if a user could be persuaded to\nvisit a malicious site using the proxy. This could lead to a denial of\nservice if using a threaded Multi-Processing Module. (CVE-2007-3847)\n\nA flaw was found in the mod_status module. On sites where mod_status\nwas enabled and the status pages were publicly available, a cross-site\nscripting attack was possible. (CVE-2007-6388)\n\nA flaw was found in the mod_proxy_ftp module. On sites where\nmod_proxy_ftp was enabled and a forward proxy was configured, a\ncross-site scripting attack was possible against Web browsers which\ndid not correctly derive the response character set following the\nrules in RFC 2616. (CVE-2008-0005)\n\nUsers of Apache httpd should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Users should\nrestart httpd after installing this update.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-January/014605.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?df3cd107\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-January/014606.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4ef9a6f8\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-January/014609.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?79996f0d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"httpd-2.0.46-70.ent.centos\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"httpd-devel-2.0.46-70.ent.centos\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"mod_ssl-2.0.46-70.ent.centos\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:07:50", "bulletinFamily": "scanner", "description": "Several bugs were fixed in the Apache2 webserver :\n\nThese include the following security issues :\n\n - CVE-2006-5752: mod_status: Fix a possible XSS attack\n against a site with a public server-status page and\n ExtendedStatus enabled, for browsers which perform\n charset 'detection'.\n\n - CVE-2007-1863: mod_cache: Prevent a segmentation fault\n if attributes are listed in a Cache-Control header\n without any value.\n\n - CVE-2007-3304: prefork, worker, event MPMs: Ensure that\n the parent process cannot be forced to kill processes\n outside its process group.\n\n - CVE-2007-3847: mod_proxy: Prevent reading past the end\n of a buffer when parsing date-related headers. PR 41144.\n\n - CVE-2007-4465: mod_autoindex: Add in ContentType and\n Charset options to IndexOptions directive. This allows\n the admin to explicitly set the content-type and charset\n of the generated page.\n\nand the following non-security issues :\n\n - get_module_list: replace loadmodule.conf atomically\n\n - Use File::Temp to create good tmpdir in logresolve.pl2\n (httpd-2.x.x-logresolve.patchs)", "modified": "2014-06-13T00:00:00", "published": "2007-11-20T00:00:00", "id": "SUSE_APACHE2-4666.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=28282", "title": "openSUSE 10 Security Update : apache2 (apache2-4666)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update apache2-4666.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(28282);\n script_version (\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2014/06/13 20:06:04 $\");\n\n script_cve_id(\"CVE-2006-5752\", \"CVE-2007-1863\", \"CVE-2007-3304\", \"CVE-2007-3847\", \"CVE-2007-4465\");\n\n script_name(english:\"openSUSE 10 Security Update : apache2 (apache2-4666)\");\n script_summary(english:\"Check for the apache2-4666 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several bugs were fixed in the Apache2 webserver :\n\nThese include the following security issues :\n\n - CVE-2006-5752: mod_status: Fix a possible XSS attack\n against a site with a public server-status page and\n ExtendedStatus enabled, for browsers which perform\n charset 'detection'.\n\n - CVE-2007-1863: mod_cache: Prevent a segmentation fault\n if attributes are listed in a Cache-Control header\n without any value.\n\n - CVE-2007-3304: prefork, worker, event MPMs: Ensure that\n the parent process cannot be forced to kill processes\n outside its process group.\n\n - CVE-2007-3847: mod_proxy: Prevent reading past the end\n of a buffer when parsing date-related headers. PR 41144.\n\n - CVE-2007-4465: mod_autoindex: Add in ContentType and\n Charset options to IndexOptions directive. This allows\n the admin to explicitly set the content-type and charset\n of the generated page.\n\nand the following non-security issues :\n\n - get_module_list: replace loadmodule.conf atomically\n\n - Use File::Temp to create good tmpdir in logresolve.pl2\n (httpd-2.x.x-logresolve.patchs)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"apache2-2.2.3-16.15\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"apache2-devel-2.2.3-16.15\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"apache2-example-pages-2.2.3-16.15\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"apache2-prefork-2.2.3-16.15\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"apache2-worker-2.2.3-16.15\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"apache2-2.2.3-22\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"apache2-devel-2.2.3-22\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"apache2-example-pages-2.2.3-22\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"apache2-prefork-2.2.3-22\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"apache2-worker-2.2.3-22\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"apache2-2.2.4-70.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"apache2-devel-2.2.4-70.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"apache2-example-pages-2.2.4-70.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"apache2-prefork-2.2.4-70.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"apache2-utils-2.2.4-70.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"apache2-worker-2.2.4-70.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:08:02", "bulletinFamily": "scanner", "description": "Updated Apache httpd packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server.\n\nA flaw was found in the mod_imap module. On sites where mod_imap was\nenabled and an imagemap file was publicly available, a cross-site\nscripting attack was possible. (CVE-2007-5000)\n\nA flaw was found in the mod_autoindex module. On sites where directory\nlistings are used, and the 'AddDefaultCharset' directive has been\nremoved from the configuration, a cross-site scripting attack was\npossible against Web browsers which do not correctly derive the\nresponse character set following the rules in RFC 2616.\n(CVE-2007-4465)\n\nA flaw was found in the mod_status module. On sites where mod_status\nwas enabled and the status pages were publicly available, a cross-site\nscripting attack was possible. (CVE-2007-6388)\n\nA flaw was found in the mod_proxy_ftp module. On sites where\nmod_proxy_ftp was enabled and a forward proxy was configured, a\ncross-site scripting attack was possible against Web browsers which do\nnot correctly derive the response character set following the rules in\nRFC 2616. (CVE-2008-0005)\n\nUsers of Apache httpd should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Users should\nrestart httpd after installing this update.", "modified": "2018-11-27T00:00:00", "published": "2008-01-15T00:00:00", "id": "REDHAT-RHSA-2008-0006.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29976", "title": "RHEL 4 : httpd (RHSA-2008:0006)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0006. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29976);\n script_version (\"1.23\");\n script_cvs_date(\"Date: 2018/11/27 13:31:32\");\n\n script_cve_id(\"CVE-2007-4465\", \"CVE-2007-5000\", \"CVE-2007-6388\", \"CVE-2008-0005\");\n script_bugtraq_id(25489, 25653, 26838, 27234, 27237);\n script_xref(name:\"RHSA\", value:\"2008:0006\");\n\n script_name(english:\"RHEL 4 : httpd (RHSA-2008:0006)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated Apache httpd packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server.\n\nA flaw was found in the mod_imap module. On sites where mod_imap was\nenabled and an imagemap file was publicly available, a cross-site\nscripting attack was possible. (CVE-2007-5000)\n\nA flaw was found in the mod_autoindex module. On sites where directory\nlistings are used, and the 'AddDefaultCharset' directive has been\nremoved from the configuration, a cross-site scripting attack was\npossible against Web browsers which do not correctly derive the\nresponse character set following the rules in RFC 2616.\n(CVE-2007-4465)\n\nA flaw was found in the mod_status module. On sites where mod_status\nwas enabled and the status pages were publicly available, a cross-site\nscripting attack was possible. (CVE-2007-6388)\n\nA flaw was found in the mod_proxy_ftp module. On sites where\nmod_proxy_ftp was enabled and a forward proxy was configured, a\ncross-site scripting attack was possible against Web browsers which do\nnot correctly derive the response character set following the rules in\nRFC 2616. (CVE-2008-0005)\n\nUsers of Apache httpd should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Users should\nrestart httpd after installing this update.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-4465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5000\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6388\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0005\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0006\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0006\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"httpd-2.0.52-38.ent.2\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"httpd-devel-2.0.52-38.ent.2\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"httpd-manual-2.0.52-38.ent.2\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"httpd-suexec-2.0.52-38.ent.2\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"mod_ssl-2.0.52-38.ent.2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-suexec / mod_ssl\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-01-16T20:08:02", "bulletinFamily": "scanner", "description": "Updated apache packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server.\n\nA flaw was found in the mod_imap module. On sites where mod_imap was\nenabled and an imagemap file was publicly available, a cross-site\nscripting attack was possible. (CVE-2007-5000)\n\nA flaw was found in the mod_autoindex module. On sites where directory\nlistings are used, and the 'AddDefaultCharset' directive has been\nremoved from the configuration, a cross-site scripting attack was\npossible against Web browsers which did not correctly derive the\nresponse character set following the rules in RFC 2616.\n(CVE-2007-4465)\n\nA flaw was found in the mod_status module. On sites where mod_status\nwas enabled and the status pages were publicly available, a cross-site\nscripting attack was possible. (CVE-2007-6388)\n\nA flaw was found in the mod_proxy_ftp module. On sites where\nmod_proxy_ftp was enabled and a forward proxy was configured, a\ncross-site scripting attack was possible against Web browsers which\ndid not correctly derive the response character set following the\nrules in RFC 2616. (CVE-2008-0005)\n\nUsers of Apache should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Users should\nrestart Apache after installing this update.", "modified": "2018-11-27T00:00:00", "published": "2008-01-15T00:00:00", "id": "REDHAT-RHSA-2008-0004.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29974", "title": "RHEL 2.1 : apache (RHSA-2008:0004)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0004. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29974);\n script_version (\"1.23\");\n script_cvs_date(\"Date: 2018/11/27 13:31:32\");\n\n script_cve_id(\"CVE-2007-4465\", \"CVE-2007-5000\", \"CVE-2007-6388\", \"CVE-2008-0005\");\n script_bugtraq_id(25653, 26838, 27234, 27237);\n script_xref(name:\"RHSA\", value:\"2008:0004\");\n\n script_name(english:\"RHEL 2.1 : apache (RHSA-2008:0004)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated apache packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server.\n\nA flaw was found in the mod_imap module. On sites where mod_imap was\nenabled and an imagemap file was publicly available, a cross-site\nscripting attack was possible. (CVE-2007-5000)\n\nA flaw was found in the mod_autoindex module. On sites where directory\nlistings are used, and the 'AddDefaultCharset' directive has been\nremoved from the configuration, a cross-site scripting attack was\npossible against Web browsers which did not correctly derive the\nresponse character set following the rules in RFC 2616.\n(CVE-2007-4465)\n\nA flaw was found in the mod_status module. On sites where mod_status\nwas enabled and the status pages were publicly available, a cross-site\nscripting attack was possible. (CVE-2007-6388)\n\nA flaw was found in the mod_proxy_ftp module. On sites where\nmod_proxy_ftp was enabled and a forward proxy was configured, a\ncross-site scripting attack was possible against Web browsers which\ndid not correctly derive the response character set following the\nrules in RFC 2616. (CVE-2008-0005)\n\nUsers of Apache should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Users should\nrestart Apache after installing this update.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-4465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5000\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6388\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0005\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0004\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected apache, apache-devel and / or apache-manual\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0004\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"apache-1.3.27-14.ent\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"apache-devel-1.3.27-14.ent\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"apache-manual-1.3.27-14.ent\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache / apache-devel / apache-manual\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2017-07-25T10:56:59", "bulletinFamily": "scanner", "description": "Check for the Version of httpd", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861345", "id": "OPENVAS:861345", "title": "Fedora Update for httpd FEDORA-2007-707", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for httpd FEDORA-2007-707\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"httpd on Fedora Core 6\";\ntag_insight = \"The Apache HTTP Server is a powerful, efficient, and extensible\n web server.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html\");\n script_id(861345);\n script_version(\"$Revision: 6622 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:31:39 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2007-707\");\n script_cve_id(\"CVE-2007-3847\", \"CVE-2007-4465\");\n script_name( \"Fedora Update for httpd FEDORA-2007-707\");\n\n script_summary(\"Check for the Version of httpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora_core\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC6\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.6~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/httpd-debuginfo\", rpm:\"x86_64/debug/httpd-debuginfo~2.2.6~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/httpd-manual\", rpm:\"x86_64/httpd-manual~2.2.6~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/httpd-devel\", rpm:\"x86_64/httpd-devel~2.2.6~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mod_ssl\", rpm:\"x86_64/mod_ssl~2.2.6~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/httpd\", rpm:\"x86_64/httpd~2.2.6~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/httpd-manual\", rpm:\"i386/httpd-manual~2.2.6~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/httpd-debuginfo\", rpm:\"i386/debug/httpd-debuginfo~2.2.6~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/httpd-devel\", rpm:\"i386/httpd-devel~2.2.6~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mod_ssl\", rpm:\"i386/mod_ssl~2.2.6~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/httpd\", rpm:\"i386/httpd~2.2.6~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:04", "bulletinFamily": "scanner", "description": "Check for the Version of apache", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=830196", "id": "OPENVAS:830196", "title": "Mandriva Update for apache MDKSA-2007:235 (apache)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for apache MDKSA-2007:235 (apache)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A flaw in the Apache mod_proxy module was found that could potentially\n lead to a denial of service is using a threaded Multi-Processing\n Module. On sites where a reverse proxy is configured, a remote\n attacker could send a special reequest that would cause the Apache\n child process handling the request to crash. Likewise, a similar crash\n could occur on sites with a forward proxy configured if a user could\n be persuaded to visit a malicious site using the proxy (CVE-2007-3847).\n\n A flaw in the Apache mod_autoindex module was found. On sites where\n directory listings are used and the AddDefaultCharset directive was\n removed from the configuration, a cross-site-scripting attack could\n be possible against browsers that to not correctly derive the response\n character set according to the rules in RGC 2616 (CVE-2007-4465).\n \n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"apache on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-12/msg00002.php\");\n script_id(830196);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:00:25 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDKSA\", value: \"2007:235\");\n script_cve_id(\"CVE-2007-3847\", \"CVE-2007-4465\");\n script_name( \"Mandriva Update for apache MDKSA-2007:235 (apache)\");\n\n script_summary(\"Check for the Version of apache\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-base\", rpm:\"apache-base~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-htcacheclean\", rpm:\"apache-htcacheclean~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_authn_dbd\", rpm:\"apache-mod_authn_dbd~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_cache\", rpm:\"apache-mod_cache~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav\", rpm:\"apache-mod_dav~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dbd\", rpm:\"apache-mod_dbd~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_deflate\", rpm:\"apache-mod_deflate~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_disk_cache\", rpm:\"apache-mod_disk_cache~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_file_cache\", rpm:\"apache-mod_file_cache~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ldap\", rpm:\"apache-mod_ldap~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_mem_cache\", rpm:\"apache-mod_mem_cache~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy\", rpm:\"apache-mod_proxy~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy_ajp\", rpm:\"apache-mod_proxy_ajp~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ssl\", rpm:\"apache-mod_ssl~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_userdir\", rpm:\"apache-mod_userdir~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-modules\", rpm:\"apache-modules~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-event\", rpm:\"apache-mpm-event~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-itk\", rpm:\"apache-mpm-itk~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-prefork\", rpm:\"apache-mpm-prefork~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-worker\", rpm:\"apache-mpm-worker~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-source\", rpm:\"apache-source~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache\", rpm:\"apache~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-base\", rpm:\"apache-base~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-htcacheclean\", rpm:\"apache-htcacheclean~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_authn_dbd\", rpm:\"apache-mod_authn_dbd~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_cache\", rpm:\"apache-mod_cache~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav\", rpm:\"apache-mod_dav~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dbd\", rpm:\"apache-mod_dbd~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_deflate\", rpm:\"apache-mod_deflate~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_disk_cache\", rpm:\"apache-mod_disk_cache~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_file_cache\", rpm:\"apache-mod_file_cache~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ldap\", rpm:\"apache-mod_ldap~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_mem_cache\", rpm:\"apache-mod_mem_cache~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy\", rpm:\"apache-mod_proxy~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy_ajp\", rpm:\"apache-mod_proxy_ajp~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ssl\", rpm:\"apache-mod_ssl~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_userdir\", rpm:\"apache-mod_userdir~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-modules\", rpm:\"apache-modules~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-prefork\", rpm:\"apache-mpm-prefork~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-worker\", rpm:\"apache-mpm-worker~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-source\", rpm:\"apache-source~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache\", rpm:\"apache~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:38:37", "bulletinFamily": "scanner", "description": "Check for the Version of apache", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830196", "id": "OPENVAS:1361412562310830196", "title": "Mandriva Update for apache MDKSA-2007:235 (apache)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for apache MDKSA-2007:235 (apache)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A flaw in the Apache mod_proxy module was found that could potentially\n lead to a denial of service is using a threaded Multi-Processing\n Module. On sites where a reverse proxy is configured, a remote\n attacker could send a special reequest that would cause the Apache\n child process handling the request to crash. Likewise, a similar crash\n could occur on sites with a forward proxy configured if a user could\n be persuaded to visit a malicious site using the proxy (CVE-2007-3847).\n\n A flaw in the Apache mod_autoindex module was found. On sites where\n directory listings are used and the AddDefaultCharset directive was\n removed from the configuration, a cross-site-scripting attack could\n be possible against browsers that to not correctly derive the response\n character set according to the rules in RGC 2616 (CVE-2007-4465).\n \n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"apache on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-12/msg00002.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830196\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:00:25 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDKSA\", value: \"2007:235\");\n script_cve_id(\"CVE-2007-3847\", \"CVE-2007-4465\");\n script_name( \"Mandriva Update for apache MDKSA-2007:235 (apache)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of apache\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-base\", rpm:\"apache-base~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-htcacheclean\", rpm:\"apache-htcacheclean~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_authn_dbd\", rpm:\"apache-mod_authn_dbd~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_cache\", rpm:\"apache-mod_cache~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav\", rpm:\"apache-mod_dav~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dbd\", rpm:\"apache-mod_dbd~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_deflate\", rpm:\"apache-mod_deflate~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_disk_cache\", rpm:\"apache-mod_disk_cache~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_file_cache\", rpm:\"apache-mod_file_cache~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ldap\", rpm:\"apache-mod_ldap~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_mem_cache\", rpm:\"apache-mod_mem_cache~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy\", rpm:\"apache-mod_proxy~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy_ajp\", rpm:\"apache-mod_proxy_ajp~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ssl\", rpm:\"apache-mod_ssl~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_userdir\", rpm:\"apache-mod_userdir~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-modules\", rpm:\"apache-modules~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-event\", rpm:\"apache-mpm-event~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-itk\", rpm:\"apache-mpm-itk~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-prefork\", rpm:\"apache-mpm-prefork~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-worker\", rpm:\"apache-mpm-worker~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-source\", rpm:\"apache-source~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache\", rpm:\"apache~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-base\", rpm:\"apache-base~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-htcacheclean\", rpm:\"apache-htcacheclean~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_authn_dbd\", rpm:\"apache-mod_authn_dbd~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_cache\", rpm:\"apache-mod_cache~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav\", rpm:\"apache-mod_dav~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dbd\", rpm:\"apache-mod_dbd~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_deflate\", rpm:\"apache-mod_deflate~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_disk_cache\", rpm:\"apache-mod_disk_cache~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_file_cache\", rpm:\"apache-mod_file_cache~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ldap\", rpm:\"apache-mod_ldap~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_mem_cache\", rpm:\"apache-mod_mem_cache~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy\", rpm:\"apache-mod_proxy~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy_ajp\", rpm:\"apache-mod_proxy_ajp~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ssl\", rpm:\"apache-mod_ssl~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_userdir\", rpm:\"apache-mod_userdir~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-modules\", rpm:\"apache-modules~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-prefork\", rpm:\"apache-mpm-prefork~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-worker\", rpm:\"apache-mpm-worker~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-source\", rpm:\"apache-source~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache\", rpm:\"apache~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:06", "bulletinFamily": "scanner", "description": "Check for the Version of Apache", "modified": "2017-07-06T00:00:00", "published": "2009-05-05T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=835172", "id": "OPENVAS:835172", "title": "HP-UX Update for Apache HPSBUX02365", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Apache HPSBUX02365\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote Cross Site Scripting (XSS) or Denial of Service (DoS)\";\ntag_affected = \"Apache on\n HP-UX B.11.11, B.11.23, B.11.31 running Apache v2.0.59.05 and previous\";\ntag_insight = \"A potential security vulnerability has been identified with HP-UX running \n Apache. These vulnerabilities could be exploited remotely resulting in Cross \n Site Scripting (XSS) or Denial of Service (DoS).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01539432-4\");\n script_id(835172);\n script_version(\"$Revision: 6584 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:13:23 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"HPSBUX\", value: \"02365\");\n script_cve_id(\"CVE-2007-4465\", \"CVE-2008-2168\", \"CVE-2008-2364\");\n script_name( \"HP-UX Update for Apache HPSBUX02365\");\n\n script_summary(\"Check for the Version of Apache\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.APACHE\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.APACHE2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.AUTH_LDAP\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.AUTH_LDAP2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_JK\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_JK2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_PERL\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_PERL2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.WEBPROXY\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.WEBPROXY\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.APACHE\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.APACHE2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.AUTH_LDAP\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.AUTH_LDAP2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_JK\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_JK2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_PERL\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_PERL2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.WEBPROXY\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.WEBPROXY\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.WEBPROXY\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:38:43", "bulletinFamily": "scanner", "description": "Check for the Version of Apache", "modified": "2018-04-06T00:00:00", "published": "2009-05-05T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835172", "id": "OPENVAS:1361412562310835172", "title": "HP-UX Update for Apache HPSBUX02365", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Apache HPSBUX02365\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote Cross Site Scripting (XSS) or Denial of Service (DoS)\";\ntag_affected = \"Apache on\n HP-UX B.11.11, B.11.23, B.11.31 running Apache v2.0.59.05 and previous\";\ntag_insight = \"A potential security vulnerability has been identified with HP-UX running \n Apache. These vulnerabilities could be exploited remotely resulting in Cross \n Site Scripting (XSS) or Denial of Service (DoS).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01539432-4\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835172\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"HPSBUX\", value: \"02365\");\n script_cve_id(\"CVE-2007-4465\", \"CVE-2008-2168\", \"CVE-2008-2364\");\n script_name( \"HP-UX Update for Apache HPSBUX02365\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Apache\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.APACHE\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.APACHE2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.AUTH_LDAP\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.AUTH_LDAP2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_JK\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_JK2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_PERL\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_PERL2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.WEBPROXY\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.WEBPROXY\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.APACHE\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.APACHE2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.AUTH_LDAP\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.AUTH_LDAP2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_JK\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_JK2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_PERL\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_PERL2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.WEBPROXY\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.WEBPROXY\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP2\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.WEBPROXY\", revision:\"B.2.0.59.07.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:37", "bulletinFamily": "scanner", "description": "Check for the Version of httpd", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880227", "id": "OPENVAS:880227", "title": "CentOS Update for httpd CESA-2008:0006 centos4 x86_64", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for httpd CESA-2008:0006 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Apache HTTP Server is a popular Web server.\n\n A flaw was found in the mod_imap module. On sites where mod_imap was\n enabled and an imagemap file was publicly available, a cross-site scripting\n attack was possible. (CVE-2007-5000)\n \n A flaw was found in the mod_autoindex module. On sites where directory\n listings are used, and the "AddDefaultCharset" directive has been removed\n from the configuration, a cross-site scripting attack was possible against\n Web browsers which do not correctly derive the response character set\n following the rules in RFC 2616. (CVE-2007-4465)\n \n A flaw was found in the mod_status module. On sites where mod_status was\n enabled and the status pages were publicly available, a cross-site\n scripting attack was possible. (CVE-2007-6388)\n \n A flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp\n was enabled and a forward proxy was configured, a cross-site scripting\n attack was possible against Web browsers which do not correctly derive the\n response character set following the rules in RFC 2616. (CVE-2008-0005)\n \n Users of Apache httpd should upgrade to these updated packages, which\n contain backported patches to resolve these issues. Users should restart\n httpd after installing this update.\";\n\ntag_affected = \"httpd on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-January/014608.html\");\n script_id(880227);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"CESA\", value: \"2008:0006\");\n script_cve_id(\"CVE-2007-4465\", \"CVE-2007-5000\", \"CVE-2007-6388\", \"CVE-2008-0005\");\n script_name( \"CentOS Update for httpd CESA-2008:0006 centos4 x86_64\");\n\n script_summary(\"Check for the Version of httpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.0.52~38.ent.centos4.2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.0.52~38.ent.centos4.2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.0.52~38.ent.centos4.2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-suexec\", rpm:\"httpd-suexec~2.0.52~38.ent.centos4.2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.0.52~38.ent.centos4.2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-25T10:56:49", "bulletinFamily": "scanner", "description": "Check for the Version of httpd", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880256", "id": "OPENVAS:880256", "title": "CentOS Update for httpd CESA-2008:0005 centos3 x86_64", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for httpd CESA-2008:0005 centos3 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Apache HTTP Server is a popular Web server.\n\n A flaw was found in the mod_imap module. On sites where mod_imap was\n enabled and an imagemap file was publicly available, a cross-site scripting\n attack was possible. (CVE-2007-5000)\n \n A flaw was found in the mod_autoindex module. On sites where directory\n listings are used, and the "AddDefaultCharset" directive has been removed\n from the configuration, a cross-site scripting attack was possible against\n Web browsers which did not correctly derive the response character set\n following the rules in RFC 2616. (CVE-2007-4465)\n \n A flaw was found in the mod_proxy module. On sites where a reverse proxy is\n configured, a remote attacker could send a carefully crafted request that\n would cause the Apache child process handling that request to crash. On\n sites where a forward proxy is configured, an attacker could cause a\n similar crash if a user could be persuaded to visit a malicious site using\n the proxy. This could lead to a denial of service if using a threaded\n Multi-Processing Module. (CVE-2007-3847) \n \n A flaw was found in the mod_status module. On sites where mod_status was\n enabled and the status pages were publicly available, a cross-site\n scripting attack was possible. (CVE-2007-6388)\n \n A flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp\n was enabled and a forward proxy was configured, a cross-site scripting\n attack was possible against Web browsers which did not correctly derive the\n response character set following the rules in RFC 2616. (CVE-2008-0005)\n \n Users of Apache httpd should upgrade to these updated packages, which\n contain backported patches to resolve these issues. Users should restart\n httpd after installing this update.\";\n\ntag_affected = \"httpd on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-January/014606.html\");\n script_id(880256);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2008:0005\");\n script_cve_id(\"CVE-2007-3847\", \"CVE-2007-4465\", \"CVE-2007-5000\", \"CVE-2007-6388\", \"CVE-2008-0005\");\n script_name( \"CentOS Update for httpd CESA-2008:0005 centos3 x86_64\");\n\n script_summary(\"Check for the Version of httpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.0.46~70.ent.centos\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.0.46~70.ent.centos\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.0.46~70.ent.centos\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:40:10", "bulletinFamily": "scanner", "description": "Check for the Version of httpd", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880227", "id": "OPENVAS:1361412562310880227", "title": "CentOS Update for httpd CESA-2008:0006 centos4 x86_64", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for httpd CESA-2008:0006 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Apache HTTP Server is a popular Web server.\n\n A flaw was found in the mod_imap module. On sites where mod_imap was\n enabled and an imagemap file was publicly available, a cross-site scripting\n attack was possible. (CVE-2007-5000)\n \n A flaw was found in the mod_autoindex module. On sites where directory\n listings are used, and the "AddDefaultCharset" directive has been removed\n from the configuration, a cross-site scripting attack was possible against\n Web browsers which do not correctly derive the response character set\n following the rules in RFC 2616. (CVE-2007-4465)\n \n A flaw was found in the mod_status module. On sites where mod_status was\n enabled and the status pages were publicly available, a cross-site\n scripting attack was possible. (CVE-2007-6388)\n \n A flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp\n was enabled and a forward proxy was configured, a cross-site scripting\n attack was possible against Web browsers which do not correctly derive the\n response character set following the rules in RFC 2616. (CVE-2008-0005)\n \n Users of Apache httpd should upgrade to these updated packages, which\n contain backported patches to resolve these issues. Users should restart\n httpd after installing this update.\";\n\ntag_affected = \"httpd on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-January/014608.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880227\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"CESA\", value: \"2008:0006\");\n script_cve_id(\"CVE-2007-4465\", \"CVE-2007-5000\", \"CVE-2007-6388\", \"CVE-2008-0005\");\n script_name( \"CentOS Update for httpd CESA-2008:0006 centos4 x86_64\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of httpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.0.52~38.ent.centos4.2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.0.52~38.ent.centos4.2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.0.52~38.ent.centos4.2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-suexec\", rpm:\"httpd-suexec~2.0.52~38.ent.centos4.2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.0.52~38.ent.centos4.2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-25T10:56:04", "bulletinFamily": "scanner", "description": "Check for the Version of httpd", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880313", "id": "OPENVAS:880313", "title": "CentOS Update for httpd CESA-2008:0005 centos3 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for httpd CESA-2008:0005 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Apache HTTP Server is a popular Web server.\n\n A flaw was found in the mod_imap module. On sites where mod_imap was\n enabled and an imagemap file was publicly available, a cross-site scripting\n attack was possible. (CVE-2007-5000)\n \n A flaw was found in the mod_autoindex module. On sites where directory\n listings are used, and the "AddDefaultCharset" directive has been removed\n from the configuration, a cross-site scripting attack was possible against\n Web browsers which did not correctly derive the response character set\n following the rules in RFC 2616. (CVE-2007-4465)\n \n A flaw was found in the mod_proxy module. On sites where a reverse proxy is\n configured, a remote attacker could send a carefully crafted request that\n would cause the Apache child process handling that request to crash. On\n sites where a forward proxy is configured, an attacker could cause a\n similar crash if a user could be persuaded to visit a malicious site using\n the proxy. This could lead to a denial of service if using a threaded\n Multi-Processing Module. (CVE-2007-3847) \n \n A flaw was found in the mod_status module. On sites where mod_status was\n enabled and the status pages were publicly available, a cross-site\n scripting attack was possible. (CVE-2007-6388)\n \n A flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp\n was enabled and a forward proxy was configured, a cross-site scripting\n attack was possible against Web browsers which did not correctly derive the\n response character set following the rules in RFC 2616. (CVE-2008-0005)\n \n Users of Apache httpd should upgrade to these updated packages, which\n contain backported patches to resolve these issues. Users should restart\n httpd after installing this update.\";\n\ntag_affected = \"httpd on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-January/014605.html\");\n script_id(880313);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2008:0005\");\n script_cve_id(\"CVE-2007-3847\", \"CVE-2007-4465\", \"CVE-2007-5000\", \"CVE-2007-6388\", \"CVE-2008-0005\");\n script_name( \"CentOS Update for httpd CESA-2008:0005 centos3 i386\");\n\n script_summary(\"Check for the Version of httpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.0.46~70.ent.centos\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.0.46~70.ent.centos\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.0.46~70.ent.centos\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:54", "bulletinFamily": "scanner", "description": "Check for the Version of apache", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880086", "id": "OPENVAS:880086", "title": "CentOS Update for apache CESA-2008:0004-01 centos2 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for apache CESA-2008:0004-01 centos2 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Apache HTTP Server is a popular Web server.\n\n A flaw was found in the mod_imap module. On sites where mod_imap was\n enabled and an imagemap file was publicly available, a cross-site scripting\n attack was possible. (CVE-2007-5000)\n \n A flaw was found in the mod_autoindex module. On sites where directory\n listings are used, and the "AddDefaultCharset" directive has been removed\n from the configuration, a cross-site scripting attack was possible against\n Web browsers which did not correctly derive the response character set\n following the rules in RFC 2616. (CVE-2007-4465)\n \n A flaw was found in the mod_status module. On sites where mod_status was\n enabled and the status pages were publicly available, a cross-site\n scripting attack was possible. (CVE-2007-6388)\n \n A flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp\n was enabled and a forward proxy was configured, a cross-site scripting\n attack was possible against Web browsers which did not correctly derive the\n response character set following the rules in RFC 2616. (CVE-2008-0005)\n \n Users of Apache should upgrade to these updated packages, which contain\n backported patches to resolve these issues. Users should restart Apache\n after installing this update.\";\n\ntag_affected = \"apache on CentOS 2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-January/014611.html\");\n script_id(880086);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"CESA\", value: \"2008:0004-01\");\n script_cve_id(\"CVE-2007-4465\", \"CVE-2007-5000\", \"CVE-2007-6388\", \"CVE-2008-0005\");\n script_name( \"CentOS Update for apache CESA-2008:0004-01 centos2 i386\");\n\n script_summary(\"Check for the Version of apache\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS2\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache\", rpm:\"apache~1.3.27~14.ent.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~1.3.27~14.ent.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-manual\", rpm:\"apache-manual~1.3.27~14.ent.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "redhat": [{"lastseen": "2018-12-11T17:43:09", "bulletinFamily": "unix", "description": "The Apache HTTP Server is a popular and freely-available Web server.\r\n\r\nA flaw was found in the Apache HTTP Server mod_proxy module. On sites where\r\na reverse proxy is configured, a remote attacker could send a carefully\r\ncrafted request that would cause the Apache child process handling that\r\nrequest to crash. On sites where a forward proxy is configured, an attacker\r\ncould cause a similar crash if a user could be persuaded to visit a\r\nmalicious site using the proxy. This could lead to a denial of service if\r\nusing a threaded Multi-Processing Module. (CVE-2007-3847)\r\n\r\nA flaw was found in the mod_autoindex module. On sites where directory\r\nlistings are used, and the AddDefaultCharset directive has been removed\r\nfrom the configuration, a cross-site-scripting attack may be possible\r\nagainst browsers which do not correctly derive the response character set\r\nfollowing the rules in RFC 2616. (CVE-2007-4465)\r\n\r\nUsers of httpd should upgrade to these updated packages which contain\r\nbackported patches to correct these issues.", "modified": "2018-05-03T23:41:40", "published": "2007-10-25T04:00:00", "id": "RHSA-2007:0911", "href": "https://access.redhat.com/errata/RHSA-2007:0911", "type": "redhat", "title": "(RHSA-2007:0911) Moderate: httpd security update", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-12-11T17:41:00", "bulletinFamily": "unix", "description": "The Apache HTTP Server is a popular Web server.\r\n\r\nA flaw was found in the mod_imap module. On sites where mod_imap was\r\nenabled and an imagemap file was publicly available, a cross-site scripting\r\nattack was possible. (CVE-2007-5000)\r\n\r\nA flaw was found in the mod_autoindex module. On sites where directory\r\nlistings are used, and the \"AddDefaultCharset\" directive has been removed\r\nfrom the configuration, a cross-site scripting attack was possible against\r\nWeb browsers which did not correctly derive the response character set\r\nfollowing the rules in RFC 2616. (CVE-2007-4465)\r\n\r\nA flaw was found in the mod_proxy module. On sites where a reverse proxy is\r\nconfigured, a remote attacker could send a carefully crafted request that\r\nwould cause the Apache child process handling that request to crash. On\r\nsites where a forward proxy is configured, an attacker could cause a\r\nsimilar crash if a user could be persuaded to visit a malicious site using\r\nthe proxy. This could lead to a denial of service if using a threaded\r\nMulti-Processing Module. (CVE-2007-3847) \r\n\r\nA flaw was found in the mod_status module. On sites where mod_status was\r\nenabled and the status pages were publicly available, a cross-site\r\nscripting attack was possible. (CVE-2007-6388)\r\n\r\nA flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp\r\nwas enabled and a forward proxy was configured, a cross-site scripting\r\nattack was possible against Web browsers which did not correctly derive the\r\nresponse character set following the rules in RFC 2616. (CVE-2008-0005)\r\n\r\nUsers of Apache httpd should upgrade to these updated packages, which\r\ncontain backported patches to resolve these issues. Users should restart\r\nhttpd after installing this update.", "modified": "2017-07-28T18:43:24", "published": "2008-01-15T05:00:00", "id": "RHSA-2008:0005", "href": "https://access.redhat.com/errata/RHSA-2008:0005", "type": "redhat", "title": "(RHSA-2008:0005) Moderate: httpd security update", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-12-11T17:43:11", "bulletinFamily": "unix", "description": "The Apache HTTP Server is a popular Web server.\r\n\r\nA flaw was found in the mod_imap module. On sites where mod_imap was\r\nenabled and an imagemap file was publicly available, a cross-site scripting\r\nattack was possible. (CVE-2007-5000)\r\n\r\nA flaw was found in the mod_autoindex module. On sites where directory\r\nlistings are used, and the \"AddDefaultCharset\" directive has been removed\r\nfrom the configuration, a cross-site scripting attack was possible against\r\nWeb browsers which do not correctly derive the response character set\r\nfollowing the rules in RFC 2616. (CVE-2007-4465)\r\n\r\nA flaw was found in the mod_status module. On sites where mod_status was\r\nenabled and the status pages were publicly available, a cross-site\r\nscripting attack was possible. (CVE-2007-6388)\r\n\r\nA flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp\r\nwas enabled and a forward proxy was configured, a cross-site scripting\r\nattack was possible against Web browsers which do not correctly derive the\r\nresponse character set following the rules in RFC 2616. (CVE-2008-0005)\r\n\r\nUsers of Apache httpd should upgrade to these updated packages, which\r\ncontain backported patches to resolve these issues. Users should restart\r\nhttpd after installing this update.", "modified": "2017-09-08T11:56:13", "published": "2008-01-15T05:00:00", "id": "RHSA-2008:0006", "href": "https://access.redhat.com/errata/RHSA-2008:0006", "type": "redhat", "title": "(RHSA-2008:0006) Moderate: httpd security update", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-12-11T17:43:29", "bulletinFamily": "unix", "description": "The Apache HTTP Server is a popular Web server.\r\n\r\nA flaw was found in the mod_imap module. On sites where mod_imap was\r\nenabled and an imagemap file was publicly available, a cross-site scripting\r\nattack was possible. (CVE-2007-5000)\r\n\r\nA flaw was found in the mod_autoindex module. On sites where directory\r\nlistings are used, and the \"AddDefaultCharset\" directive has been removed\r\nfrom the configuration, a cross-site scripting attack was possible against\r\nWeb browsers which did not correctly derive the response character set\r\nfollowing the rules in RFC 2616. (CVE-2007-4465)\r\n\r\nA flaw was found in the mod_status module. On sites where mod_status was\r\nenabled and the status pages were publicly available, a cross-site\r\nscripting attack was possible. (CVE-2007-6388)\r\n\r\nA flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp\r\nwas enabled and a forward proxy was configured, a cross-site scripting\r\nattack was possible against Web browsers which did not correctly derive the\r\nresponse character set following the rules in RFC 2616. (CVE-2008-0005)\r\n\r\nUsers of Apache should upgrade to these updated packages, which contain\r\nbackported patches to resolve these issues. Users should restart Apache\r\nafter installing this update.", "modified": "2018-03-14T19:26:26", "published": "2008-01-15T05:00:00", "id": "RHSA-2008:0004", "href": "https://access.redhat.com/errata/RHSA-2008:0004", "type": "redhat", "title": "(RHSA-2008:0004) Moderate: apache security update", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-12-11T17:45:10", "bulletinFamily": "unix", "description": "The Apache HTTP Server is a popular Web server.\r\n\r\nA flaw was found in the mod_imagemap module. On sites where mod_imagemap\r\nwas enabled and an imagemap file was publicly available, a cross-site\r\nscripting attack was possible. (CVE-2007-5000)\r\n\r\nA flaw was found in the mod_autoindex module. On sites where directory\r\nlistings are used, and the \"AddDefaultCharset\" directive has been removed\r\nfrom the configuration, a cross-site scripting attack might have been\r\npossible against Web browsers which do not correctly derive the response\r\ncharacter set following the rules in RFC 2616. (CVE-2007-4465)\r\n\r\nA flaw was found in the mod_status module. On sites where mod_status was\r\nenabled and the status pages were publicly available, a cross-site\r\nscripting attack was possible. (CVE-2007-6388)\r\n\r\nA flaw was found in the mod_proxy_balancer module. On sites where\r\nmod_proxy_balancer was enabled, a cross-site scripting attack against an\r\nauthorized user was possible. (CVE-2007-6421)\r\n\r\nA flaw was found in the mod_proxy_balancer module. On sites where\r\nmod_proxy_balancer was enabled, an authorized user could send a carefully\r\ncrafted request that would cause the Apache child process handling that\r\nrequest to crash. This could lead to a denial of service if using a\r\nthreaded Multi-Processing Module. (CVE-2007-6422) \r\n\r\nA flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp\r\nwas enabled and a forward proxy was configured, a cross-site scripting\r\nattack was possible against Web browsers which do not correctly derive the\r\nresponse character set following the rules in RFC 2616. (CVE-2008-0005)\r\n\r\nUsers of Apache httpd should upgrade to these updated packages, which\r\ncontain backported patches to resolve these issues. Users should restart\r\nhttpd after installing this update.", "modified": "2017-09-08T12:20:17", "published": "2008-01-15T05:00:00", "id": "RHSA-2008:0008", "href": "https://access.redhat.com/errata/RHSA-2008:0008", "type": "redhat", "title": "(RHSA-2008:0008) Moderate: httpd security update", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-12-11T17:42:14", "bulletinFamily": "unix", "description": "This release corrects several security vulnerabilities in various\ncomponents shipped as part of the Red Hat Network Satellite Server 4.2. In\na typical operating environment, these components are not exposed to users\nof Satellite Server in a vulnerable manner. These security updates will\nreduce risk in unique Satellite Server environments.\n\nMultiple flaws were fixed in the Apache HTTPD server. These flaws could\nresult in a cross-site scripting, denial-of-service, or information\ndisclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197,\nCVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388)\n\nA denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)\n\nA denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329)\n\nMultiple cross-site scripting flaws were fixed in the image map feature in\nthe JFreeChart package. (CVE-2007-6306)\n\nMultiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243,\nCVE-2007-2435, CVE-2007-2788, CVE-2007-2789)\n\nMultiple flaws were fixed in the OpenMotif package. (CVE-2004-0687,\nCVE-2004-0688, CVE-2004-0914, CVE-2005-3964, CVE-2005-0605)\n\nA flaw which could result in weak encryption was fixed in the\nperl-Crypt-CBC package. (CVE-2006-0898)\n\nMultiple flaws were fixed in the Tomcat package. (CVE-2008-0128,\nCVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355,\nCVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195,\nCVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510)\n\nUsers of Red Hat Network Satellite Server 4.2 are advised to upgrade to\n4.2.3, which resolves these issues.", "modified": "2018-05-03T23:41:49", "published": "2008-06-30T04:00:00", "id": "RHSA-2008:0524", "href": "https://access.redhat.com/errata/RHSA-2008:0524", "type": "redhat", "title": "(RHSA-2008:0524) Low: Red Hat Network Satellite Server security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:44:17", "bulletinFamily": "unix", "description": "During an internal security review, a cross-site scripting flaw was found\nthat affected the Red Hat Network channel search feature. (CVE-2007-5961)\n\nThis release also corrects several security vulnerabilities in various\ncomponents shipped as part of the Red Hat Network Satellite Server. In a\ntypical operating environment, these components are not exposed to users of\nSatellite Server in a vulnerable manner. These security updates will reduce\nrisk in unique Satellite Server environments.\n\nMultiple flaws were fixed in the Apache HTTPD server. These flaws could\nresult in a cross-site scripting, denial-of-service, or information\ndisclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197,\nCVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388)\n\nA denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)\n\nA denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329)\n\nMultiple cross-site scripting flaws were fixed in the image map feature in\nthe JFreeChart package. (CVE-2007-6306)\n\nMultiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243,\nCVE-2007-2435, CVE-2007-2788, CVE-2007-2789)\n\nTwo arbitrary code execution flaws were fixed in the OpenMotif package.\n(CVE-2005-3964, CVE-2005-0605)\n\nA flaw which could result in weak encryption was fixed in the\nperl-Crypt-CBC package. (CVE-2006-0898)\n\nMultiple flaws were fixed in the Tomcat package. (CVE-2008-0128,\nCVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355,\nCVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195,\nCVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510)\n\nUsers of Red Hat Network Satellite Server 5.0 are advised to upgrade to\n5.0.2, which resolves these issues.", "modified": "2018-05-03T23:42:02", "published": "2008-05-20T04:00:00", "id": "RHSA-2008:0261", "href": "https://access.redhat.com/errata/RHSA-2008:0261", "type": "redhat", "title": "(RHSA-2008:0261) Moderate: Red Hat Network Satellite Server security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2018-01-24T23:00:39", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2008:0004-01\n\n\nThe Apache HTTP Server is a popular Web server.\r\n\r\nA flaw was found in the mod_imap module. On sites where mod_imap was\r\nenabled and an imagemap file was publicly available, a cross-site scripting\r\nattack was possible. (CVE-2007-5000)\r\n\r\nA flaw was found in the mod_autoindex module. On sites where directory\r\nlistings are used, and the \"AddDefaultCharset\" directive has been removed\r\nfrom the configuration, a cross-site scripting attack was possible against\r\nWeb browsers which did not correctly derive the response character set\r\nfollowing the rules in RFC 2616. (CVE-2007-4465)\r\n\r\nA flaw was found in the mod_status module. On sites where mod_status was\r\nenabled and the status pages were publicly available, a cross-site\r\nscripting attack was possible. (CVE-2007-6388)\r\n\r\nA flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp\r\nwas enabled and a forward proxy was configured, a cross-site scripting\r\nattack was possible against Web browsers which did not correctly derive the\r\nresponse character set following the rules in RFC 2616. (CVE-2008-0005)\r\n\r\nUsers of Apache should upgrade to these updated packages, which contain\r\nbackported patches to resolve these issues. Users should restart Apache\r\nafter installing this update.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014611.html\n\n**Affected packages:**\napache\napache-devel\napache-manual\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "modified": "2008-01-16T02:42:35", "published": "2008-01-16T02:42:35", "href": "http://lists.centos.org/pipermail/centos-announce/2008-January/014611.html", "id": "CESA-2008:0004-01", "title": "apache security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-10-12T14:45:42", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2008:0006\n\n\nThe Apache HTTP Server is a popular Web server.\r\n\r\nA flaw was found in the mod_imap module. On sites where mod_imap was\r\nenabled and an imagemap file was publicly available, a cross-site scripting\r\nattack was possible. (CVE-2007-5000)\r\n\r\nA flaw was found in the mod_autoindex module. On sites where directory\r\nlistings are used, and the \"AddDefaultCharset\" directive has been removed\r\nfrom the configuration, a cross-site scripting attack was possible against\r\nWeb browsers which do not correctly derive the response character set\r\nfollowing the rules in RFC 2616. (CVE-2007-4465)\r\n\r\nA flaw was found in the mod_status module. On sites where mod_status was\r\nenabled and the status pages were publicly available, a cross-site\r\nscripting attack was possible. (CVE-2007-6388)\r\n\r\nA flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp\r\nwas enabled and a forward proxy was configured, a cross-site scripting\r\nattack was possible against Web browsers which do not correctly derive the\r\nresponse character set following the rules in RFC 2616. (CVE-2008-0005)\r\n\r\nUsers of Apache httpd should upgrade to these updated packages, which\r\ncontain backported patches to resolve these issues. Users should restart\r\nhttpd after installing this update.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014607.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014608.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014610.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014613.html\n\n**Affected packages:**\nhttpd\nhttpd-devel\nhttpd-manual\nhttpd-suexec\nmod_ssl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0006.html", "modified": "2008-01-16T05:08:37", "published": "2008-01-15T13:48:01", "href": "http://lists.centos.org/pipermail/centos-announce/2008-January/014607.html", "id": "CESA-2008:0006", "title": "httpd, mod_ssl security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-10-12T14:45:18", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2008:0005\n\n\nThe Apache HTTP Server is a popular Web server.\r\n\r\nA flaw was found in the mod_imap module. On sites where mod_imap was\r\nenabled and an imagemap file was publicly available, a cross-site scripting\r\nattack was possible. (CVE-2007-5000)\r\n\r\nA flaw was found in the mod_autoindex module. On sites where directory\r\nlistings are used, and the \"AddDefaultCharset\" directive has been removed\r\nfrom the configuration, a cross-site scripting attack was possible against\r\nWeb browsers which did not correctly derive the response character set\r\nfollowing the rules in RFC 2616. (CVE-2007-4465)\r\n\r\nA flaw was found in the mod_proxy module. On sites where a reverse proxy is\r\nconfigured, a remote attacker could send a carefully crafted request that\r\nwould cause the Apache child process handling that request to crash. On\r\nsites where a forward proxy is configured, an attacker could cause a\r\nsimilar crash if a user could be persuaded to visit a malicious site using\r\nthe proxy. This could lead to a denial of service if using a threaded\r\nMulti-Processing Module. (CVE-2007-3847) \r\n\r\nA flaw was found in the mod_status module. On sites where mod_status was\r\nenabled and the status pages were publicly available, a cross-site\r\nscripting attack was possible. (CVE-2007-6388)\r\n\r\nA flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp\r\nwas enabled and a forward proxy was configured, a cross-site scripting\r\nattack was possible against Web browsers which did not correctly derive the\r\nresponse character set following the rules in RFC 2616. (CVE-2008-0005)\r\n\r\nUsers of Apache httpd should upgrade to these updated packages, which\r\ncontain backported patches to resolve these issues. Users should restart\r\nhttpd after installing this update.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014605.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014606.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014609.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014612.html\n\n**Affected packages:**\nhttpd\nhttpd-devel\nmod_ssl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0005.html", "modified": "2008-01-16T05:02:46", "published": "2008-01-15T12:48:29", "href": "http://lists.centos.org/pipermail/centos-announce/2008-January/014605.html", "id": "CESA-2008:0005", "title": "httpd, mod_ssl security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-10-03T18:24:34", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2008:0008\n\n\nThe Apache HTTP Server is a popular Web server.\r\n\r\nA flaw was found in the mod_imagemap module. On sites where mod_imagemap\r\nwas enabled and an imagemap file was publicly available, a cross-site\r\nscripting attack was possible. (CVE-2007-5000)\r\n\r\nA flaw was found in the mod_autoindex module. On sites where directory\r\nlistings are used, and the \"AddDefaultCharset\" directive has been removed\r\nfrom the configuration, a cross-site scripting attack might have been\r\npossible against Web browsers which do not correctly derive the response\r\ncharacter set following the rules in RFC 2616. (CVE-2007-4465)\r\n\r\nA flaw was found in the mod_status module. On sites where mod_status was\r\nenabled and the status pages were publicly available, a cross-site\r\nscripting attack was possible. (CVE-2007-6388)\r\n\r\nA flaw was found in the mod_proxy_balancer module. On sites where\r\nmod_proxy_balancer was enabled, a cross-site scripting attack against an\r\nauthorized user was possible. (CVE-2007-6421)\r\n\r\nA flaw was found in the mod_proxy_balancer module. On sites where\r\nmod_proxy_balancer was enabled, an authorized user could send a carefully\r\ncrafted request that would cause the Apache child process handling that\r\nrequest to crash. This could lead to a denial of service if using a\r\nthreaded Multi-Processing Module. (CVE-2007-6422) \r\n\r\nA flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp\r\nwas enabled and a forward proxy was configured, a cross-site scripting\r\nattack was possible against Web browsers which do not correctly derive the\r\nresponse character set following the rules in RFC 2616. (CVE-2008-0005)\r\n\r\nUsers of Apache httpd should upgrade to these updated packages, which\r\ncontain backported patches to resolve these issues. Users should restart\r\nhttpd after installing this update.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014614.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014615.html\n\n**Affected packages:**\nhttpd\nhttpd-devel\nhttpd-manual\nmod_ssl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0008.html", "modified": "2008-01-16T22:06:47", "published": "2008-01-16T22:06:46", "href": "http://lists.centos.org/pipermail/centos-announce/2008-January/014615.html", "id": "CESA-2008:0008", "title": "httpd, mod_ssl security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:45:37", "bulletinFamily": "unix", "description": " [2.0.46-70.ent.0.1]\n - use oracle index page oracle_index.html and logo removal\n - add apr-configure.patch\n \n [2.0.46-70.ent]\n - add security fix for CVE-2007-6388 (#427235)\n - add security fix for mod_proxy_ftp UTF-7 XSS (#427742)\n \n [2.0.46-69.ent]\n - add security fix for CVE-2007-3847 (#250759)\n - add security fixes for CVE-2007-4465, CVE-2007-5000 (#421601) ", "modified": "2008-01-15T00:00:00", "published": "2008-01-15T00:00:00", "id": "ELSA-2008-0005", "href": "http://linux.oracle.com/errata/ELSA-2008-0005.html", "title": "Moderate: httpd security update ", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:48:25", "bulletinFamily": "unix", "description": " [2.0.52-38.ent.2.0.1]\n - use oracle index page oracle_index.html\n - updated string and distro in specfile\n \n [2.0.52-38.ent.2]\n - add security fix for CVE-2007-6388 (#427236)\n - add security fix for mod_proxy_ftp UTF-7 XSS (#427743)\n \n [2.0.52-38.ent.1]\n - add security fixes for CVE-2007-4465, CVE-2007-5000 (#421611) ", "modified": "2008-01-15T00:00:00", "published": "2008-01-15T00:00:00", "id": "ELSA-2008-0006", "href": "http://linux.oracle.com/errata/ELSA-2008-0006.html", "title": "Moderate: httpd security update ", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T01:47:44", "bulletinFamily": "unix", "description": " [2.2.3-12.el5_1.3.0.1]\n - use oracle index page oracle_index.html, update vstring and distro\n \n [2.2.3-12.el5_1.3]\n - further update to backport for CVE-2007-6421 (#427240)\n \n [2.2.3-12.el5_1.2]\n - updated backport for CVE-2007-6421 (#427240)\n \n [2.2.3-11.el5_1.1]\n - add security fixes for CVE-2007-6388, CVE-2007-6421\n and CVE-2007-6422 (#427240)\n - add security fix for CVE-2007-4465, CVE-2007-5000 (#421631)\n - add security fix for mod_proxy_ftp UTF-7 XSS (#427745) ", "modified": "2008-01-15T00:00:00", "published": "2008-01-15T00:00:00", "id": "ELSA-2008-0008", "href": "http://linux.oracle.com/errata/ELSA-2008-0008.html", "title": "Moderate: httpd security update ", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "suse": [{"lastseen": "2016-09-04T11:46:33", "bulletinFamily": "unix", "description": "Several bugs were fixed in the Apache2 web server.\n#### Solution\nThere is no known workaround, please install the update packages.", "modified": "2007-11-19T15:20:20", "published": "2007-11-19T15:20:20", "id": "SUSE-SA:2007:061", "href": "http://lists.opensuse.org/opensuse-security-announce/2007-11/msg00002.html", "title": "remote denial of service in apache2", "type": "suse", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:54", "bulletinFamily": "unix", "description": "### Background\n\nThe Apache HTTP server is one of the most popular web servers on the Internet. \n\n### Description\n\nMultiple cross-site scripting vulnerabilities have been discovered in mod_status and mod_autoindex (CVE-2006-5752, CVE-2007-4465). An error has been discovered in the recall_headers() function in mod_mem_cache (CVE-2007-1862). The mod_cache module does not properly sanitize requests before processing them (CVE-2007-1863). The Prefork module does not properly check PID values before sending signals (CVE-2007-3304). The mod_proxy module does not correctly check headers before processing them (CVE-2007-3847). \n\n### Impact\n\nA remote attacker could exploit one of these vulnerabilities to inject arbitrary script or HTML content, obtain sensitive information or cause a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Apache users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/apache-2.0.59-r5\"", "modified": "2007-11-07T00:00:00", "published": "2007-11-07T00:00:00", "id": "GLSA-200711-06", "href": "https://security.gentoo.org/glsa/200711-06", "type": "gentoo", "title": "Apache: Multiple vulnerabilities", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:36", "bulletinFamily": "unix", "description": "It was discovered that Apache did not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. This was only vulnerable in Ubuntu 6.06. (CVE-2006-3918)\n\nIt was discovered that when configured as a proxy server and using a threaded MPM, Apache did not properly sanitize its input. A remote attacker could send Apache crafted date headers and cause a denial of service via application crash. By default, mod_proxy is disabled in Ubuntu. (CVE-2007-3847)\n\nIt was discovered that mod_autoindex did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. (CVE-2007-4465)\n\nIt was discovered that mod_imap/mod_imagemap did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_imap/mod_imagemap is disabled in Ubuntu. (CVE-2007-5000)\n\nIt was discovered that mod_status when status pages were available, allowed for cross-site scripting attacks. By default, mod_status is disabled in Ubuntu. (CVE-2007-6388)\n\nIt was discovered that mod_proxy_balancer did not sanitize its input, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6421)\n\nIt was discovered that mod_proxy_balancer could be made to dereference a NULL pointer. A remote attacker could send a crafted request and cause a denial of service via application crash. By default, mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6422)\n\nIt was discovered that mod_proxy_ftp did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_proxy_ftp is disabled in Ubuntu. (CVE-2008-0005)", "modified": "2008-02-04T00:00:00", "published": "2008-02-04T00:00:00", "id": "USN-575-1", "href": "https://usn.ubuntu.com/575-1/", "title": "Apache vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}]}