New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.
Here are the details from the Slackware 14.1 ChangeLog:
patches/packages/httpd-2.4.10-i486-1_slack14.1.txz: Upgraded.
This update fixes the following security issues:
*) SECURITY: CVE-2014-0117 (cve.mitre.org)
mod_proxy: Fix crash in Connection header handling which
allowed a denial of service attack against a reverse proxy
with a threaded MPM. [Ben Reser]
*) SECURITY: CVE-2014-0118 (cve.mitre.org)
mod_deflate: The DEFLATE input filter (inflates request bodies) now
limits the length and compression ratio of inflated request bodies to
avoid denial of sevice via highly compressed bodies. See directives
DeflateInflateLimitRequestBody, DeflateInflateRatioLimit,
and DeflateInflateRatioBurst. [Yann Ylavic, Eric Covener]
*) SECURITY: CVE-2014-0226 (cve.mitre.org)
Fix a race condition in scoreboard handling, which could lead to
a heap buffer overflow. [Joe Orton, Eric Covener]
*) SECURITY: CVE-2014-0231 (cve.mitre.org)
mod_cgid: Fix a denial of service against CGI scripts that do
not consume stdin that could lead to lingering HTTPD child processes
filling up the scoreboard and eventually hanging the server. By
default, the client I/O timeout (Timeout directive) now applies to
communication with scripts. The CGIDScriptTimeout directive can be
used to set a different timeout for communication with scripts.
[Rainer Jung, Eric Covener, Yann Ylavic]
For more information, see:
https://vulners.com/cve/CVE-2014-0117
https://vulners.com/cve/CVE-2014-0118
https://vulners.com/cve/CVE-2014-0226
https://vulners.com/cve/CVE-2014-0231
(* Security fix *)
Where to find the new packages:
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/httpd-2.2.27-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/httpd-2.2.27-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/httpd-2.2.27-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/httpd-2.2.27-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/httpd-2.2.27-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/httpd-2.2.27-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/httpd-2.4.10-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/httpd-2.4.10-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/httpd-2.4.10-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/httpd-2.4.10-x86_64-1_slack14.1.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.10-i486-1.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.10-x86_64-1.txz
MD5 signatures:
Slackware 13.0 package:
c79e696c379625efd18e6414f30dba80 httpd-2.2.27-i486-1_slack13.0.txz
Slackware x86_64 13.0 package:
28be181b3a0aae494371279230f190e9 httpd-2.2.27-x86_64-1_slack13.0.txz
Slackware 13.1 package:
fc409fff4d79cb1969a40756f8a9f576 httpd-2.2.27-i486-1_slack13.1.txz
Slackware x86_64 13.1 package:
07ab0f3337fc15656cd2e841c9b0eba4 httpd-2.2.27-x86_64-1_slack13.1.txz
Slackware 13.37 package:
b5cefd8903745aceaa68b482cb63e4e2 httpd-2.2.27-i486-1_slack13.37.txz
Slackware x86_64 13.37 package:
610a33703e7f84fd14f09bc9529c1cd5 httpd-2.2.27-x86_64-1_slack13.37.txz
Slackware 14.0 package:
d6dedc1064a6a4d039b188fed02de89b httpd-2.4.10-i486-1_slack14.0.txz
Slackware x86_64 14.0 package:
7d150bf3bd558bf70ea2c21a08a1b5b7 httpd-2.4.10-x86_64-1_slack14.0.txz
Slackware 14.1 package:
7e9b03930b0452a95595a61cf1b093d8 httpd-2.4.10-i486-1_slack14.1.txz
Slackware x86_64 14.1 package:
efc9893a3428d87a8d78787fbde793e0 httpd-2.4.10-x86_64-1_slack14.1.txz
Slackware -current package:
1ac5a4cc6275c8f7cfa6e3a77a27f2db n/httpd-2.4.10-i486-1.txz
Slackware x86_64 -current package:
7fa5fda601a324238f5a2768204a7476 n/httpd-2.4.10-x86_64-1.txz
Installation instructions:
Upgrade the package as root:
> upgradepkg httpd-2.4.10-i486-1_slack14.1.txz
Then, restart Apache httpd:
> /etc/rc.d/rc.httpd stop
> /etc/rc.d/rc.httpd start
{"fedora": [{"lastseen": "2020-12-21T08:17:52", "description": "The Apache HTTP Server is a powerful, efficient, and extensible web server. ", "cvss3": {}, "published": "2014-08-15T02:47:11", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: httpd-2.4.10-1.fc19", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0117", "CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231"], "modified": "2014-08-15T02:47:11", "id": "FEDORA:0CF762254E", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UBIEIKHZHLCJ3CYIJVMY5M4HG7BQPAP4/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "The Apache HTTP Server is a powerful, efficient, and extensible web server. ", "cvss3": {}, "published": "2014-07-25T10:03:52", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: httpd-2.4.10-1.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0117", "CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231"], "modified": "2014-07-25T10:03:52", "id": "FEDORA:BBF8021A28", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RRHYBOEMWGBMN5SQCXZOL4QDFAPBTLDR/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:37:21", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-07-28T00:00:00", "type": "openvas", "title": "Fedora Update for httpd FEDORA-2014-8742", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0231", "CVE-2014-0118", "CVE-2014-0117", "CVE-2014-0226"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868036", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868036", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for httpd FEDORA-2014-8742\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868036\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-28 16:27:42 +0530 (Mon, 28 Jul 2014)\");\n script_cve_id(\"CVE-2014-0231\", \"CVE-2014-0117\", \"CVE-2014-0118\", \"CVE-2014-0226\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for httpd FEDORA-2014-8742\");\n script_tag(name:\"affected\", value:\"httpd on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-8742\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135744.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.4.10~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:36", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-07-28T00:00:00", "type": "openvas", "title": "Ubuntu Update for apache2 USN-2299-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0231", "CVE-2014-0118", "CVE-2014-0117", "CVE-2014-0226"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310841915", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841915", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2299_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for apache2 USN-2299-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841915\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-28 16:41:33 +0530 (Mon, 28 Jul 2014)\");\n script_cve_id(\"CVE-2014-0117\", \"CVE-2014-0118\", \"CVE-2014-0226\", \"CVE-2014-0231\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Ubuntu Update for apache2 USN-2299-1\");\n\n script_tag(name:\"affected\", value:\"apache2 on Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"insight\", value:\"Marek Kroemeke discovered that the mod_proxy module incorrectly\nhandled certain requests. A remote attacker could use this issue to cause the\nserver to stop responding, leading to a denial of service. This issue only\naffected Ubuntu 14.04 LTS. (CVE-2014-0117)\n\nGiancarlo Pellegrino and Davide Balzarotti discovered that the mod_deflate\nmodule incorrectly handled body decompression. A remote attacker could use\nthis issue to cause resource consumption, leading to a denial of service.\n(CVE-2014-0118)\n\nMarek Kroemeke and others discovered that the mod_status module incorrectly\nhandled certain requests. A remote attacker could use this issue to cause\nthe server to stop responding, leading to a denial of service, or possibly\nexecute arbitrary code. (CVE-2014-0226)\n\nRainer Jung discovered that the mod_cgid module incorrectly handled certain\nscripts. A remote attacker could use this issue to cause the server to stop\nresponding, leading to a denial of service. (CVE-2014-0231)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2299-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2299-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'apache2'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|10\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"apache2-bin\", ver:\"2.4.7-1ubuntu4.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"apache2.2-bin\", ver:\"2.2.22-1ubuntu1.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"apache2.2-bin\", ver:\"2.2.14-5ubuntu8.14\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:39", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-08-15T00:00:00", "type": "openvas", "title": "Fedora Update for httpd FEDORA-2014-9057", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0231", "CVE-2014-0118", "CVE-2014-0117", "CVE-2014-0226"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868088", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868088", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for httpd FEDORA-2014-9057\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868088\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-15 05:55:52 +0200 (Fri, 15 Aug 2014)\");\n script_cve_id(\"CVE-2014-0231\", \"CVE-2014-0117\", \"CVE-2014-0118\", \"CVE-2014-0226\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for httpd FEDORA-2014-9057\");\n script_tag(name:\"affected\", value:\"httpd on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-9057\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-August/136646.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.4.10~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:07", "description": "Oracle Linux Local Security Checks ELSA-2014-0921", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-0921", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0231", "CVE-2013-4352", "CVE-2014-0118", "CVE-2014-0117", "CVE-2014-0226"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123364", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123364", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-0921.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123364\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:02:48 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-0921\");\n script_tag(name:\"insight\", value:\"ELSA-2014-0921 - httpd security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-0921\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-0921.html\");\n script_cve_id(\"CVE-2014-0118\", \"CVE-2014-0226\", \"CVE-2014-0231\", \"CVE-2013-4352\", \"CVE-2014-0117\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.4.6~18.0.1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.4.6~18.0.1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.4.6~18.0.1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.4.6~18.0.1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mod_ldap\", rpm:\"mod_ldap~2.4.6~18.0.1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mod_proxy_html\", rpm:\"mod_proxy_html~2.4.6~18.0.1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mod_session\", rpm:\"mod_session~2.4.6~18.0.1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.4.6~18.0.1.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-07-28T00:00:00", "type": "openvas", "title": "RedHat Update for httpd RHSA-2014:0921-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0231", "CVE-2013-4352", "CVE-2014-0118", "CVE-2014-0117", "CVE-2014-0226"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871212", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871212", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for httpd RHSA-2014:0921-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871212\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-28 16:46:49 +0530 (Mon, 28 Jul 2014)\");\n script_cve_id(\"CVE-2013-4352\", \"CVE-2014-0117\", \"CVE-2014-0118\", \"CVE-2014-0226\", \"CVE-2014-0231\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Update for httpd RHSA-2014:0921-01\");\n\n\n script_tag(name:\"affected\", value:\"httpd on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"insight\", value:\"The httpd packages provide the Apache HTTP Server, a powerful, efficient,\nand extensible web server.\n\nA race condition flaw, leading to heap-based buffer overflows, was found in\nthe mod_status httpd module. A remote attacker able to access a status page\nserved by mod_status on a server using a threaded Multi-Processing Module\n(MPM) could send a specially crafted request that would cause the httpd\nchild process to crash or, possibly, allow the attacker to execute\narbitrary code with the privileges of the 'apache' user. (CVE-2014-0226)\n\nA NULL pointer dereference flaw was found in the mod_cache httpd module.\nA malicious HTTP server could cause the httpd child process to crash when\nthe Apache HTTP Server was used as a forward proxy with caching.\n(CVE-2013-4352)\n\nA denial of service flaw was found in the mod_proxy httpd module. A remote\nattacker could send a specially crafted request to a server configured as a\nreverse proxy using a threaded Multi-Processing Modules (MPM) that would\ncause the httpd child process to crash. (CVE-2014-0117)\n\nA denial of service flaw was found in the way httpd's mod_deflate module\nhandled request body decompression (configured via the 'DEFLATE' input\nfilter). A remote attacker able to send a request whose body would be\ndecompressed could use this flaw to consume an excessive amount of system\nmemory and CPU on the target system. (CVE-2014-0118)\n\nA denial of service flaw was found in the way httpd's mod_cgid module\nexecuted CGI scripts that did not read data from the standard input.\nA remote attacker could submit a specially crafted request that would cause\nthe httpd child process to hang indefinitely. (CVE-2014-0231)\n\nAll httpd users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon will be restarted automatically.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:0921-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-July/msg00047.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.4.6~18.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.4.6~18.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-debuginfo\", rpm:\"httpd-debuginfo~2.4.6~18.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.4.6~18.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.4.6~18.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.4.6~18.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:22", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-07-28T00:00:00", "type": "openvas", "title": "CentOS Update for httpd CESA-2014:0920 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0231", "CVE-2014-0118", "CVE-2014-0226"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881972", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881972", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for httpd CESA-2014:0920 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881972\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-28 16:34:43 +0530 (Mon, 28 Jul 2014)\");\n script_cve_id(\"CVE-2014-0118\", \"CVE-2014-0226\", \"CVE-2014-0231\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Update for httpd CESA-2014:0920 centos5\");\n\n script_tag(name:\"affected\", value:\"httpd on CentOS 5\");\n script_tag(name:\"insight\", value:\"The httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nA race condition flaw, leading to heap-based buffer overflows, was found in\nthe mod_status httpd module. A remote attacker able to access a status page\nserved by mod_status on a server using a threaded Multi-Processing Module\n(MPM) could send a specially crafted request that would cause the httpd\nchild process to crash or, possibly, allow the attacker to execute\narbitrary code with the privileges of the 'apache' user. (CVE-2014-0226)\n\nA denial of service flaw was found in the way httpd's mod_deflate module\nhandled request body decompression (configured via the 'DEFLATE' input\nfilter). A remote attacker able to send a request whose body would be\ndecompressed could use this flaw to consume an excessive amount of system\nmemory and CPU on the target system. (CVE-2014-0118)\n\nA denial of service flaw was found in the way httpd's mod_cgid module\nexecuted CGI scripts that did not read data from the standard input.\nA remote attacker could submit a specially crafted request that would cause\nthe httpd child process to hang indefinitely. (CVE-2014-0231)\n\nAll httpd users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon will be restarted automatically.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2014:0920\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-July/020440.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.3~87.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.3~87.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.3~87.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.3~87.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T23:00:36", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2014-388)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0231", "CVE-2014-0118", "CVE-2014-0226"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120103", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120103", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120103\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:17:29 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2014-388)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in the Apache HTTP server. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update httpd to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-388.html\");\n script_cve_id(\"CVE-2014-0118\", \"CVE-2014-0226\", \"CVE-2014-0231\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.2.27~1.3.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.27~1.3.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.27~1.3.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.27~1.3.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.27~1.3.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:18", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-07-28T00:00:00", "type": "openvas", "title": "CentOS Update for httpd CESA-2014:0920 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0231", "CVE-2014-0118", "CVE-2014-0226"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881968", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881968", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for httpd CESA-2014:0920 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881968\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-28 16:31:47 +0530 (Mon, 28 Jul 2014)\");\n script_cve_id(\"CVE-2014-0118\", \"CVE-2014-0226\", \"CVE-2014-0231\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Update for httpd CESA-2014:0920 centos6\");\n\n script_tag(name:\"affected\", value:\"httpd on CentOS 6\");\n script_tag(name:\"insight\", value:\"The httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nA race condition flaw, leading to heap-based buffer overflows, was found in\nthe mod_status httpd module. A remote attacker able to access a status page\nserved by mod_status on a server using a threaded Multi-Processing Module\n(MPM) could send a specially crafted request that would cause the httpd\nchild process to crash or, possibly, allow the attacker to execute\narbitrary code with the privileges of the 'apache' user. (CVE-2014-0226)\n\nA denial of service flaw was found in the way httpd's mod_deflate module\nhandled request body decompression (configured via the 'DEFLATE' input\nfilter). A remote attacker able to send a request whose body would be\ndecompressed could use this flaw to consume an excessive amount of system\nmemory and CPU on the target system. (CVE-2014-0118)\n\nA denial of service flaw was found in the way httpd's mod_cgid module\nexecuted CGI scripts that did not read data from the standard input.\nA remote attacker could submit a specially crafted request that would cause\nthe httpd child process to hang indefinitely. (CVE-2014-0231)\n\nAll httpd users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon will be restarted automatically.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2014:0920\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-July/020441.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.15~31.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.15~31.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.15~31.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.2.15~31.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.15~31.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T23:01:02", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2014-389)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0231", "CVE-2014-0118", "CVE-2014-0226"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120104", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120104", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120104\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:17:31 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2014-389)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in the Apache HTTP server. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update httpd24 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-389.html\");\n script_cve_id(\"CVE-2014-0118\", \"CVE-2014-0226\", \"CVE-2014-0231\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"mod24_proxy_html\", rpm:\"mod24_proxy_html~2.4.10~1.59.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd24\", rpm:\"httpd24~2.4.10~1.59.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd24-debuginfo\", rpm:\"httpd24-debuginfo~2.4.10~1.59.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mod24_ldap\", rpm:\"mod24_ldap~2.4.10~1.59.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd24-tools\", rpm:\"httpd24-tools~2.4.10~1.59.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mod24_ssl\", rpm:\"mod24_ssl~2.4.10~1.59.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd24-devel\", rpm:\"httpd24-devel~2.4.10~1.59.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd24-manual\", rpm:\"httpd24-manual~2.4.10~1.59.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:40", "description": "Several security issues were found in the Apache HTTP server.\n\nCVE-2014-0118\nThe DEFLATE input filter (inflates request bodies) in mod_deflate\nallows remote attackers to cause a denial of service (resource\nconsumption) via crafted request data that decompresses to a much\nlarger size.\n\nCVE-2014-0226\nA race condition was found in mod_status. An attacker able to\naccess a public server status page on a server could send carefully\ncrafted requests which could lead to a heap buffer overflow,\ncausing denial of service, disclosure of sensitive information, or\npotentially the execution of arbitrary code.\n\nCVE-2014-0231\nA flaw was found in mod_cgid. If a server using mod_cgid hosted\nCGI scripts which did not consume standard input, a remote attacker\ncould cause child processes to hang indefinitely, leading to denial\nof service.", "cvss3": {}, "published": "2014-07-24T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2989-1 (apache2 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0231", "CVE-2014-0118", "CVE-2014-0226"], "modified": "2019-03-19T00:00:00", "id": "OPENVAS:1361412562310702989", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702989", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2989.nasl 14302 2019-03-19 08:28:48Z cfischer $\n# Auto-generated from advisory DSA 2989-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702989\");\n script_version(\"$Revision: 14302 $\");\n script_cve_id(\"CVE-2014-0118\", \"CVE-2014-0226\", \"CVE-2014-0231\");\n script_name(\"Debian Security Advisory DSA 2989-1 (apache2 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 09:28:48 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-24 00:00:00 +0200 (Thu, 24 Jul 2014)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2989.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"apache2 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy), these problems have been fixed in\nversion 2.2.22-13+deb7u3.\n\nFor the testing distribution (jessie), these problems will be fixed in\nversion 2.4.10-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.4.10-1.\n\nWe recommend that you upgrade your apache2 packages.\");\n script_tag(name:\"summary\", value:\"Several security issues were found in the Apache HTTP server.\n\nCVE-2014-0118\nThe DEFLATE input filter (inflates request bodies) in mod_deflate\nallows remote attackers to cause a denial of service (resource\nconsumption) via crafted request data that decompresses to a much\nlarger size.\n\nCVE-2014-0226\nA race condition was found in mod_status. An attacker able to\naccess a public server status page on a server could send carefully\ncrafted requests which could lead to a heap buffer overflow,\ncausing denial of service, disclosure of sensitive information, or\npotentially the execution of arbitrary code.\n\nCVE-2014-0231\nA flaw was found in mod_cgid. If a server using mod_cgid hosted\nCGI scripts which did not consume standard input, a remote attacker\ncould cause child processes to hang indefinitely, leading to denial\nof service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-dbg\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-mpm-itk\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-suexec\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2.2-bin\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-07-28T00:00:00", "type": "openvas", "title": "RedHat Update for httpd RHSA-2014:0920-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0231", "CVE-2014-0118", "CVE-2014-0226"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871203", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871203", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for httpd RHSA-2014:0920-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871203\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-28 16:42:09 +0530 (Mon, 28 Jul 2014)\");\n script_cve_id(\"CVE-2014-0118\", \"CVE-2014-0226\", \"CVE-2014-0231\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Update for httpd RHSA-2014:0920-01\");\n\n\n script_tag(name:\"affected\", value:\"httpd on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"insight\", value:\"The httpd packages provide the Apache HTTP Server, a powerful, efficient,\nand extensible web server.\n\nA race condition flaw, leading to heap-based buffer overflows, was found in\nthe mod_status httpd module. A remote attacker able to access a status page\nserved by mod_status on a server using a threaded Multi-Processing Module\n(MPM) could send a specially crafted request that would cause the httpd\nchild process to crash or, possibly, allow the attacker to execute\narbitrary code with the privileges of the 'apache' user. (CVE-2014-0226)\n\nA denial of service flaw was found in the way httpd's mod_deflate module\nhandled request body decompression (configured via the 'DEFLATE' input\nfilter). A remote attacker able to send a request whose body would be\ndecompressed could use this flaw to consume an excessive amount of system\nmemory and CPU on the target system. (CVE-2014-0118)\n\nA denial of service flaw was found in the way httpd's mod_cgid module\nexecuted CGI scripts that did not read data from the standard input.\nA remote attacker could submit a specially crafted request that would cause\nthe httpd child process to hang indefinitely. (CVE-2014-0231)\n\nAll httpd users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon will be restarted automatically.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:0920-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-July/msg00046.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(6|5)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.15~31.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-debuginfo\", rpm:\"httpd-debuginfo~2.2.15~31.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.15~31.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.2.15~31.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.15~31.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.15~31.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.3~87.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-debuginfo\", rpm:\"httpd-debuginfo~2.2.3~87.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.3~87.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.3~87.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.3~87.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:32", "description": "Oracle Linux Local Security Checks ELSA-2014-0920", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-0920", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0231", "CVE-2014-0118", "CVE-2014-0226"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123366", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123366", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-0920.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123366\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:02:50 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-0920\");\n script_tag(name:\"insight\", value:\"ELSA-2014-0920 - httpd security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-0920\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-0920.html\");\n script_cve_id(\"CVE-2014-0118\", \"CVE-2014-0226\", \"CVE-2014-0231\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.3~87.0.1.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.3~87.0.1.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.3~87.0.1.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.3~87.0.1.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.15~31.0.1.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.15~31.0.1.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.15~31.0.1.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.2.15~31.0.1.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.15~31.0.1.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-27T10:48:54", "description": "Several security issues were found in the Apache HTTP server.\n\nCVE-2014-0118 \nThe DEFLATE input filter (inflates request bodies) in mod_deflate\nallows remote attackers to cause a denial of service (resource\nconsumption) via crafted request data that decompresses to a much\nlarger size.\n\nCVE-2014-0226 \nA race condition was found in mod_status. An attacker able to\naccess a public server status page on a server could send carefully\ncrafted requests which could lead to a heap buffer overflow,\ncausing denial of service, disclosure of sensitive information, or\npotentially the execution of arbitrary code.\n\nCVE-2014-0231 \nA flaw was found in mod_cgid. If a server using mod_cgid hosted\nCGI scripts which did not consume standard input, a remote attacker\ncould cause child processes to hang indefinitely, leading to denial\nof service.", "cvss3": {}, "published": "2014-07-24T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2989-1 (apache2 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0231", "CVE-2014-0118", "CVE-2014-0226"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:702989", "href": "http://plugins.openvas.org/nasl.php?oid=702989", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2989.nasl 6692 2017-07-12 09:57:43Z teissa $\n# Auto-generated from advisory DSA 2989-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"apache2 on Debian Linux\";\ntag_insight = \"The Apache Software Foundation's goal is to build a secure, efficient and\nextensible HTTP server as standards-compliant open source software. The\nresult has long been the number one web server on the Internet.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 2.2.22-13+deb7u3.\n\nFor the testing distribution (jessie), these problems will be fixed in\nversion 2.4.10-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.4.10-1.\n\nWe recommend that you upgrade your apache2 packages.\";\ntag_summary = \"Several security issues were found in the Apache HTTP server.\n\nCVE-2014-0118 \nThe DEFLATE input filter (inflates request bodies) in mod_deflate\nallows remote attackers to cause a denial of service (resource\nconsumption) via crafted request data that decompresses to a much\nlarger size.\n\nCVE-2014-0226 \nA race condition was found in mod_status. An attacker able to\naccess a public server status page on a server could send carefully\ncrafted requests which could lead to a heap buffer overflow,\ncausing denial of service, disclosure of sensitive information, or\npotentially the execution of arbitrary code.\n\nCVE-2014-0231 \nA flaw was found in mod_cgid. If a server using mod_cgid hosted\nCGI scripts which did not consume standard input, a remote attacker\ncould cause child processes to hang indefinitely, leading to denial\nof service.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702989);\n script_version(\"$Revision: 6692 $\");\n script_cve_id(\"CVE-2014-0118\", \"CVE-2014-0226\", \"CVE-2014-0231\");\n script_name(\"Debian Security Advisory DSA 2989-1 (apache2 - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-12 11:57:43 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-07-24 00:00:00 +0200 (Thu, 24 Jul 2014)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2989.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-dbg\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-itk\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2.2-bin\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-dbg\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-itk\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2.2-bin\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-dbg\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-itk\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2.2-bin\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-dbg\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-itk\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2.2-bin\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.22-13+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:26", "description": "Gentoo Linux Local Security Checks GLSA 201504-03", "cvss3": {}, "published": "2015-09-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201504-03", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0231", "CVE-2013-5704", "CVE-2014-0118", "CVE-2014-0226"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121370", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121370", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201504-03.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121370\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:46 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201504-03\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Apache HTTP Server. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201504-03\");\n script_cve_id(\"CVE-2013-5704\", \"CVE-2014-0118\", \"CVE-2014-0226\", \"CVE-2014-0231\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201504-03\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-servers/apache\", unaffected: make_list(\"ge 2.2.29\"), vulnerable: make_list(\"lt 2.2.29\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-17T14:27:29", "description": "This host is installed with Apache HTTP Server\n and is prone to denial of service vulnerability.", "cvss3": {}, "published": "2015-05-27T00:00:00", "type": "openvas", "title": "Apache HTTP Server Multiple Vulnerabilities May15", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0231", "CVE-2014-3523", "CVE-2014-0118", "CVE-2014-8109", "CVE-2014-0226"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310805638", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805638", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache HTTP Server Multiple Vulnerabilities May15\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:http_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805638\");\n script_version(\"2019-07-05T09:54:18+0000\");\n script_cve_id(\"CVE-2014-3523\", \"CVE-2014-0118\", \"CVE-2014-0226\", \"CVE-2014-0231\");\n script_bugtraq_id(73040);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 09:54:18 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-05-27 12:15:46 +0530 (Wed, 27 May 2015)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\"); # Only vulnerable if mod_lua/mod_deflate/mod_status/mod_cgid is enabled\n script_name(\"Apache HTTP Server Multiple Vulnerabilities May15\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache HTTP Server\n and is prone to denial of service vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to:\n\n - Vulnerability in the WinNT MPM component within the 'winnt_accept' function\n in server/mpm/winnt/child.c script that is triggered when the default\n AcceptFilter is used.\n\n - Vulnerability in the mod_deflate module that is triggered when handling\n highly compressed bodies.\n\n - A race condition in the mod_status module that is triggered as user-supplied\n input is not properly validated when handling the scoreboard.\n\n - Vulnerability in the mod_cgid module that is triggered when used to host CGI\n scripts that do not consume standard input.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attackers to bypass intended access restrictions in opportunistic\n circumstances by leveraging multiple Require directives.\");\n\n script_tag(name:\"affected\", value:\"Apache HTTP Server version before 2.4.10.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 2.4.10 or\n later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://httpd.apache.org/security/vulnerabilities_24.html\");\n script_xref(name:\"URL\", value:\"http://www.rapid7.com/db/vulnerabilities/apache-httpd-cve-2014-8109\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"secpod_apache_detect.nasl\");\n script_mandatory_keys(\"apache/installed\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!httpd_port = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!httpd_ver = get_app_version(cpe:CPE, port:httpd_port)){\n exit(0);\n}\n\nif(version_in_range(version:httpd_ver, test_version:\"2.4.1\", test_version2:\"2.4.9\"))\n{\n report = 'Installed version: ' + httpd_ver + '\\n' +\n 'Fixed version: ' + \"2.4.10\" + '\\n';\n security_message(data:report, port:httpd_port);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:38:14", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-10-16T00:00:00", "type": "openvas", "title": "SUSE: Security Advisory for apache2 (SUSE-SU-2014:1081-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0231", "CVE-2014-0098", "CVE-2013-6438", "CVE-2014-0226"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851022", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851022", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851022\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 17:22:49 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2013-6438\", \"CVE-2014-0098\", \"CVE-2014-0226\", \"CVE-2014-0231\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for apache2 (SUSE-SU-2014:1081-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'apache2'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This apache2 update fixes the following security and non-security issues:\n\n * mod_cgid denial of service (CVE-2014-0231, bnc#887768)\n\n * mod_status heap-based buffer overflow (CVE-2014-0226, bnc#887765)\n\n * mod_dav denial of service (CVE-2013-6438, bnc#869105)\n\n * log_cookie mod_log_config.c remote denial of service (CVE-2014-0098,\n bnc#869106)\n\n * Support ECDH in Apache2 (bnc#859916)\n\n * apache fails to start with SSL on Xen kernel at boot time\n (bnc#852401)\");\n\n script_tag(name:\"affected\", value:\"apache2 on SUSE Linux Enterprise Server 11 SP1 LTSS\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2014:1081-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLES11.0SP1\") {\n if(!isnull(res = isrpmvuln(pkg:\"apache2\", rpm:\"apache2~2.2.12~1.48.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-doc\", rpm:\"apache2-doc~2.2.12~1.48.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-example-pages\", rpm:\"apache2-example-pages~2.2.12~1.48.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-prefork\", rpm:\"apache2-prefork~2.2.12~1.48.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-utils\", rpm:\"apache2-utils~2.2.12~1.48.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-worker\", rpm:\"apache2-worker~2.2.12~1.48.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:38:29", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-10-13T00:00:00", "type": "openvas", "title": "SUSE: Security Advisory for apache2 (SUSE-SU-2014:0967-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0231", "CVE-2014-0098", "CVE-2013-6438", "CVE-2014-0226"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850761", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850761", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850761\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-13 18:35:00 +0530 (Tue, 13 Oct 2015)\");\n script_cve_id(\"CVE-2013-6438\", \"CVE-2014-0098\", \"CVE-2014-0226\", \"CVE-2014-0231\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for apache2 (SUSE-SU-2014:0967-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'apache2'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for the Apache Web Server provides the following fixes:\n\n * Fixed a heap-based buffer overflow on apache module mod_status.\n (bnc#887765, CVE-2014-0226)\n\n * Properly remove whitespace characters from CDATA sections to avoid\n remote denial of service by crashing the Apache Server process.\n (bnc#869105, CVE-2013-6438)\n\n * Correction to parsing of cookie content this can lead to a crash\n with a specially designed cookie sent to the server. (bnc#869106,\n CVE-2014-0098)\n\n * ECC support should not be missing. (bnc#859916)\n\n This update also introduces a new configuration parameter\n CGIDScriptTimeout, which defaults to the value of parameter Timeout.\n CGIDScriptTimeout is set to 60s if mod_cgid is loaded/active, via\n /etc/apache2/conf.d/cgid-timeout.conf. The new directive and its effect\n prevent request workers to be eaten until starvation if cgi programs do\n not send output back to the server within the timeout set by\n CGIDScriptTimeout. (bnc#887768, CVE-2014-0231)\n\n Security Issues references:\n\n * CVE-2014-0226\n\n * CVE-2013-6438\n\n * CVE-2014-0098\n\n * CVE-2014-0231\");\n\n script_tag(name:\"affected\", value:\"apache2 on SUSE Linux Enterprise Server 11 SP3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2014:0967-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLES11.0SP3\") {\n if(!isnull(res = isrpmvuln(pkg:\"apache2\", rpm:\"apache2~2.2.12~1.46.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-doc\", rpm:\"apache2-doc~2.2.12~1.46.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-example-pages\", rpm:\"apache2-example-pages~2.2.12~1.46.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-prefork\", rpm:\"apache2-prefork~2.2.12~1.46.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-utils\", rpm:\"apache2-utils~2.2.12~1.46.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-worker\", rpm:\"apache2-worker~2.2.12~1.46.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:36:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-10-16T00:00:00", "type": "openvas", "title": "SUSE: Security Advisory for apache2 (SUSE-SU-2014:1080-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0231", "CVE-2014-0098", "CVE-2013-6438", "CVE-2014-0226"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850965", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850965", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850965\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 15:08:46 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2013-6438\", \"CVE-2014-0098\", \"CVE-2014-0226\", \"CVE-2014-0231\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for apache2 (SUSE-SU-2014:1080-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'apache2'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This apache2 update fixes the following security and non security issues:\n\n * mod_cgid denial of service (CVE-2014-0231, bnc#887768)\n\n * mod_status heap-based buffer overflow (CVE-2014-0226, bnc#887765)\n\n * mod_dav denial of service (CVE-2013-6438, bnc#869105)\n\n * log_cookie mod_log_config.c remote denial of service (CVE-2014-0098,\n bnc#869106)\n\n * Support ECDH in Apache2 (bnc#859916)\");\n\n script_tag(name:\"affected\", value:\"apache2 on SUSE Linux Enterprise Server 11 SP2 LTSS\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2014:1080-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLES11.0SP2\") {\n if(!isnull(res = isrpmvuln(pkg:\"apache2\", rpm:\"apache2~2.2.12~1.48.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-doc\", rpm:\"apache2-doc~2.2.12~1.48.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-example-pages\", rpm:\"apache2-example-pages~2.2.12~1.48.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-prefork\", rpm:\"apache2-prefork~2.2.12~1.48.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-utils\", rpm:\"apache2-utils~2.2.12~1.48.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-worker\", rpm:\"apache2-worker~2.2.12~1.48.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:39:50", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-08-08T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for security (openSUSE-SU-2014:0969-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0231", "CVE-2013-5705", "CVE-2014-0098", "CVE-2013-6438", "CVE-2014-0226"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850602", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850602", "sourceData": "# Copyright (C) 2014 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850602\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-08-08 05:58:45 +0200 (Fri, 08 Aug 2014)\");\n script_cve_id(\"CVE-2014-0226\", \"CVE-2013-5705\", \"CVE-2013-6438\", \"CVE-2014-0098\",\n \"CVE-2014-0231\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"openSUSE: Security Advisory for security (openSUSE-SU-2014:0969-1)\");\n\n script_tag(name:\"affected\", value:\"security on openSUSE 11.4\");\n\n script_tag(name:\"insight\", value:\"apache2:\n\n - ECC support was added to mod_ssl\n\n - fix for a race condition in mod_status known as CVE-2014-0226 can lead\n to information disclosure mod_status is not active by default, and is\n normally only open for connects from localhost.\n\n - fix for bug known as CVE-2014-0098 that can crash the apache process if\n a specially designed cookie is sent to the server (log_cookie.c)\n\n - fix for crash bug in mod_dav known as CVE-2013-6438\n\n - fix for a problem with non-responsive CGI scripts that would otherwise\n cause the server to stall and deny service. CVE-2014-0231, new\n configuration parameter CGIDScriptTimeout defaults to 60s.\n\n apache2-mod_security2:\n\n - specially drafted chunked http requests allow an attacker to bypass\n filters configured in mod_security2. This vulnerability is known as\n CVE-2013-5705.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"openSUSE-SU\", value:\"2014:0969-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'security'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE11\\.4\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE11.4\") {\n if(!isnull(res = isrpmvuln(pkg:\"apache2\", rpm:\"apache2~2.2.17~80.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-debuginfo\", rpm:\"apache2-debuginfo~2.2.17~80.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-debugsource\", rpm:\"apache2-debugsource~2.2.17~80.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-devel\", rpm:\"apache2-devel~2.2.17~80.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-event\", rpm:\"apache2-event~2.2.17~80.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-event-debuginfo\", rpm:\"apache2-event-debuginfo~2.2.17~80.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-example-certificates\", rpm:\"apache2-example-certificates~2.2.17~80.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-example-pages\", rpm:\"apache2-example-pages~2.2.17~80.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-itk\", rpm:\"apache2-itk~2.2.17~80.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-itk-debuginfo\", rpm:\"apache2-itk-debuginfo~2.2.17~80.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-mod_security2\", rpm:\"apache2-mod_security2~2.7.5~16.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-mod_security2-debuginfo\", rpm:\"apache2-mod_security2-debuginfo~2.7.5~16.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-mod_security2-debugsource\", rpm:\"apache2-mod_security2-debugsource~2.7.5~16.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-prefork\", rpm:\"apache2-prefork~2.2.17~80.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-prefork-debuginfo\", rpm:\"apache2-prefork-debuginfo~2.2.17~80.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-utils\", rpm:\"apache2-utils~2.2.17~80.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-utils-debuginfo\", rpm:\"apache2-utils-debuginfo~2.2.17~80.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-worker\", rpm:\"apache2-worker~2.2.17~80.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-worker-debuginfo\", rpm:\"apache2-worker-debuginfo~2.2.17~80.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-doc\", rpm:\"apache2-doc~2.2.17~80.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-17T14:27:20", "description": "This host is installed with Apache HTTP Server\n and is prone to denial of service vulnerability.", "cvss3": {}, "published": "2015-05-27T00:00:00", "type": "openvas", "title": "Apache HTTP Server Mod_Cache Denial of service Vulnerability -01 May15", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0117"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310805635", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805635", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache HTTP Server Mod_Proxy Denial of service Vulnerability May15\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:http_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805635\");\n script_version(\"2019-07-05T09:54:18+0000\");\n script_cve_id(\"CVE-2014-0117\");\n script_bugtraq_id(68740);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 09:54:18 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-05-27 12:15:46 +0530 (Wed, 27 May 2015)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\"); # Only vulnerable if mod_proxy and a threaded MPM is enabled\n script_name(\"Apache HTTP Server Mod_Cache Denial of service Vulnerability -01 May15\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache HTTP Server\n and is prone to denial of service vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Flaw is due to vulnerability in\n mod_proxy module in the Apache HTTP Server.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attackers to cause a denial of service via a crafted HTTP Connection header\n when a reverse proxy is enabled.\");\n\n script_tag(name:\"affected\", value:\"Apache HTTP Server version 2.4.6 through\n 2.4.9.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 2.4.10 or\n later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://zerodayinitiative.com/advisories/ZDI-14-239/\");\n script_xref(name:\"URL\", value:\"http://httpd.apache.org/security/vulnerabilities_24.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"secpod_apache_detect.nasl\");\n script_mandatory_keys(\"apache/installed\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!httpd_port = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!httpd_ver = get_app_version(cpe:CPE, port:httpd_port)){\n exit(0);\n}\n\nif(version_in_range(version:httpd_ver, test_version:\"2.4.6\", test_version2:\"2.4.9\"))\n{\n report = 'Installed version: ' + httpd_ver + '\\n' +\n 'Fixed version: ' + \"2.4.10\" + '\\n';\n security_message(data:report, port:httpd_port);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:36", "description": "Gentoo Linux Local Security Checks GLSA 201408-12", "cvss3": {}, "published": "2015-09-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201408-12", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0098", "CVE-2013-6438", "CVE-2014-0226"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121256", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121256", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201408-12.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121256\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:27:45 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201408-12\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been found in Apache HTTP Server. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201408-12\");\n script_cve_id(\"CVE-2013-6438\", \"CVE-2014-0098\", \"CVE-2014-0226\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201408-12\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-servers/apache\", unaffected: make_list(\"ge 2.2.27-r4\"), vulnerable: make_list(\"lt 2.2.27-r4\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:34:18", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2019-1419)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3185", "CVE-2017-9798", "CVE-2016-2161", "CVE-2019-0217", "CVE-2014-0231", "CVE-2013-4352", "CVE-2017-3167", "CVE-2016-8743", "CVE-2013-5704", "CVE-2014-0098", "CVE-2013-6438", "CVE-2018-1312", "CVE-2015-3183", "CVE-2017-15710", "CVE-2017-9788", "CVE-2014-0118", "CVE-2018-1303", "CVE-2016-5387", "CVE-2014-3581", "CVE-2017-7668", "CVE-2017-3169", "CVE-2014-0117", "CVE-2016-0736", "CVE-2014-0226", "CVE-2017-7679"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191419", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191419", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1419\");\n script_version(\"2020-01-23T11:43:35+0000\");\n script_cve_id(\"CVE-2013-4352\", \"CVE-2013-5704\", \"CVE-2013-6438\", \"CVE-2014-0098\", \"CVE-2014-0117\", \"CVE-2014-0118\", \"CVE-2014-0226\", \"CVE-2014-0231\", \"CVE-2014-3581\", \"CVE-2015-3183\", \"CVE-2015-3185\", \"CVE-2016-0736\", \"CVE-2016-2161\", \"CVE-2016-5387\", \"CVE-2016-8743\", \"CVE-2017-15710\", \"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7668\", \"CVE-2017-7679\", \"CVE-2017-9788\", \"CVE-2017-9798\", \"CVE-2018-1303\", \"CVE-2018-1312\", \"CVE-2019-0217\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:43:35 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:43:35 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2019-1419)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1419\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1419\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'httpd' package(s) announced via the EulerOS-SA-2019-1419 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.(CVE-2014-0098)\n\nA race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the 'apache' user.(CVE-2014-0226)\n\nIt was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning.(CVE-2016-8743)\n\nA NULL pointer dereference flaw was found in the way the mod_cache httpd module handled Content-Type headers. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP server was configured to proxy to a server with caching enabled.(CVE-2014-3581)\n\nMultiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks.(CVE-2015-3183)\n\nIn Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.(CVE-2017-15710)\n\nA NULL pointer derefere ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'httpd' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.4.6~80.1.h6\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.4.6~80.1.h6\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.4.6~80.1.h6\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2023-01-26T13:31:26", "description": "## Releases\n\n * Ubuntu 14.04 ESM\n * Ubuntu 12.04 \n * Ubuntu 10.04 \n\n## Packages\n\n * apache2 \\- Apache HTTP server\n\nMarek Kroemeke discovered that the mod_proxy module incorrectly handled \ncertain requests. A remote attacker could use this issue to cause the \nserver to stop responding, leading to a denial of service. This issue only \naffected Ubuntu 14.04 LTS. (CVE-2014-0117)\n\nGiancarlo Pellegrino and Davide Balzarotti discovered that the mod_deflate \nmodule incorrectly handled body decompression. A remote attacker could use \nthis issue to cause resource consumption, leading to a denial of service. \n(CVE-2014-0118)\n\nMarek Kroemeke and others discovered that the mod_status module incorrectly \nhandled certain requests. A remote attacker could use this issue to cause \nthe server to stop responding, leading to a denial of service, or possibly \nexecute arbitrary code. (CVE-2014-0226)\n\nRainer Jung discovered that the mod_cgid module incorrectly handled certain \nscripts. A remote attacker could use this issue to cause the server to stop \nresponding, leading to a denial of service. (CVE-2014-0231)\n", "cvss3": {}, "published": "2014-07-23T00:00:00", "type": "ubuntu", "title": "Apache HTTP Server vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0117", "CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231"], "modified": "2014-07-23T00:00:00", "id": "USN-2299-1", "href": "https://ubuntu.com/security/notices/USN-2299-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-01-18T14:36:26", "description": "This update includes the latest stable release of the Apache HTTP Server, httpd 2.4.10, fixing a number of security issues.\n\nhttp://www.apache.org/dist/httpd/Announcement2.4.html\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2014-08-15T00:00:00", "type": "nessus", "title": "Fedora 19 : httpd-2.4.10-1.fc19 (2014-9057)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0117", "CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:httpd", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2014-9057.NASL", "href": "https://www.tenable.com/plugins/nessus/77207", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-9057.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77207);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-0117\", \"CVE-2014-0118\", \"CVE-2014-0226\", \"CVE-2014-0231\");\n script_bugtraq_id(68678, 68740, 68742, 68745);\n script_xref(name:\"FEDORA\", value:\"2014-9057\");\n\n script_name(english:\"Fedora 19 : httpd-2.4.10-1.fc19 (2014-9057)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes the latest stable release of the Apache HTTP\nServer, httpd 2.4.10, fixing a number of security issues.\n\nhttp://www.apache.org/dist/httpd/Announcement2.4.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.apache.org/dist/httpd/Announcement2.4.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1120596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1120599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1120601\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1120603\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-August/136646.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d68bd30a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected httpd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"httpd-2.4.10-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-18T14:35:19", "description": "New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.", "cvss3": {}, "published": "2014-07-24T00:00:00", "type": "nessus", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : httpd (SSA:2014-204-01)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0117", "CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:httpd", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux:13.1", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1"], "id": "SLACKWARE_SSA_2014-204-01.NASL", "href": "https://www.tenable.com/plugins/nessus/76712", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2014-204-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76712);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0117\", \"CVE-2014-0118\", \"CVE-2014-0226\", \"CVE-2014-0231\");\n script_xref(name:\"SSA\", value:\"2014-204-01\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : httpd (SSA:2014-204-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New httpd packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.616658\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4c5ef3e6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected httpd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"httpd\", pkgver:\"2.2.27\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.2.27\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"httpd\", pkgver:\"2.2.27\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.2.27\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"httpd\", pkgver:\"2.2.27\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.2.27\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"httpd\", pkgver:\"2.4.10\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.4.10\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"httpd\", pkgver:\"2.4.10\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.4.10\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"httpd\", pkgver:\"2.4.10\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.4.10\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-18T14:35:32", "description": "Marek Kroemeke discovered that the mod_proxy module incorrectly handled certain requests. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service.\nThis issue only affected Ubuntu 14.04 LTS. (CVE-2014-0117)\n\nGiancarlo Pellegrino and Davide Balzarotti discovered that the mod_deflate module incorrectly handled body decompression. A remote attacker could use this issue to cause resource consumption, leading to a denial of service. (CVE-2014-0118)\n\nMarek Kroemeke and others discovered that the mod_status module incorrectly handled certain requests. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service, or possibly execute arbitrary code. (CVE-2014-0226)\n\nRainer Jung discovered that the mod_cgid module incorrectly handled certain scripts. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service.\n(CVE-2014-0231).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2014-07-24T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : apache2 vulnerabilities (USN-2299-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0117", "CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:apache2-bin", "p-cpe:/a:canonical:ubuntu_linux:apache2.2-bin", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2299-1.NASL", "href": "https://www.tenable.com/plugins/nessus/76757", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2299-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76757);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0117\", \"CVE-2014-0118\", \"CVE-2014-0226\", \"CVE-2014-0231\");\n script_bugtraq_id(68678, 68740, 68742, 68745);\n script_xref(name:\"USN\", value:\"2299-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : apache2 vulnerabilities (USN-2299-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Marek Kroemeke discovered that the mod_proxy module incorrectly\nhandled certain requests. A remote attacker could use this issue to\ncause the server to stop responding, leading to a denial of service.\nThis issue only affected Ubuntu 14.04 LTS. (CVE-2014-0117)\n\nGiancarlo Pellegrino and Davide Balzarotti discovered that the\nmod_deflate module incorrectly handled body decompression. A remote\nattacker could use this issue to cause resource consumption, leading\nto a denial of service. (CVE-2014-0118)\n\nMarek Kroemeke and others discovered that the mod_status module\nincorrectly handled certain requests. A remote attacker could use this\nissue to cause the server to stop responding, leading to a denial of\nservice, or possibly execute arbitrary code. (CVE-2014-0226)\n\nRainer Jung discovered that the mod_cgid module incorrectly handled\ncertain scripts. A remote attacker could use this issue to cause the\nserver to stop responding, leading to a denial of service.\n(CVE-2014-0231).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2299-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2-bin and / or apache2.2-bin packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2.2-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|12\\.04|14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04 / 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"apache2.2-bin\", pkgver:\"2.2.14-5ubuntu8.14\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"apache2.2-bin\", pkgver:\"2.2.22-1ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"apache2-bin\", pkgver:\"2.4.7-1ubuntu4.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-bin / apache2.2-bin\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-18T14:36:01", "description": "This update includes the latest stable release of the Apache HTTP Server, httpd 2.4.10.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2014-07-26T00:00:00", "type": "nessus", "title": "Fedora 20 : httpd-2.4.10-1.fc20 (2014-8742)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0117", "CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:httpd", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-8742.NASL", "href": "https://www.tenable.com/plugins/nessus/76852", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-8742.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76852);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-0117\", \"CVE-2014-0118\", \"CVE-2014-0226\", \"CVE-2014-0231\");\n script_bugtraq_id(68678, 68740, 68742, 68745);\n script_xref(name:\"FEDORA\", value:\"2014-8742\");\n\n script_name(english:\"Fedora 20 : httpd-2.4.10-1.fc20 (2014-8742)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes the latest stable release of the Apache HTTP\nServer, httpd 2.4.10.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1120596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1120599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1120601\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1120603\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135744.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6d445fb9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected httpd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"httpd-2.4.10-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:46:35", "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger a missing hostname value. (CVE-2013-4352)\n\n - The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header. (CVE-2014-0117)\n\n - The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size. (CVE-2014-0118)\n\n - Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c. (CVE-2014-0226)\n\n - The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor. (CVE-2014-0231)", "cvss3": {}, "published": "2015-01-19T00:00:00", "type": "nessus", "title": "Oracle Solaris Third-Party Patch Update : apache (multiple_denial_of_service_dos5)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4352", "CVE-2014-0117", "CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:oracle:solaris:11.2", "p-cpe:/a:oracle:solaris:apache"], "id": "SOLARIS11_APACHE_20141014.NASL", "href": "https://www.tenable.com/plugins/nessus/80589", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80589);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-4352\", \"CVE-2014-0117\", \"CVE-2014-0118\", \"CVE-2014-0226\", \"CVE-2014-0231\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : apache (multiple_denial_of_service_dos5)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - The cache_invalidate function in\n modules/cache/cache_storage.c in the mod_cache module in\n the Apache HTTP Server 2.4.6, when a caching forward\n proxy is enabled, allows remote HTTP servers to cause a\n denial of service (NULL pointer dereference and daemon\n crash) via vectors that trigger a missing hostname\n value. (CVE-2013-4352)\n\n - The mod_proxy module in the Apache HTTP Server 2.4.x\n before 2.4.10, when a reverse proxy is enabled, allows\n remote attackers to cause a denial of service\n (child-process crash) via a crafted HTTP Connection\n header. (CVE-2014-0117)\n\n - The deflate_in_filter function in mod_deflate.c in the\n mod_deflate module in the Apache HTTP Server before\n 2.4.10, when request body decompression is enabled,\n allows remote attackers to cause a denial of service\n (resource consumption) via crafted request data that\n decompresses to a much larger size. (CVE-2014-0118)\n\n - Race condition in the mod_status module in the Apache\n HTTP Server before 2.4.10 allows remote attackers to\n cause a denial of service (heap-based buffer overflow),\n or possibly obtain sensitive credential information or\n execute arbitrary code, via a crafted request that\n triggers improper scoreboard handling within the\n status_handler function in\n modules/generators/mod_status.c and the\n lua_ap_scoreboard_worker function in\n modules/lua/lua_request.c. (CVE-2014-0226)\n\n - The mod_cgid module in the Apache HTTP Server before\n 2.4.10 does not have a timeout mechanism, which allows\n remote attackers to cause a denial of service (process\n hang) via a request to a CGI script that does not read\n from its stdin file descriptor. (CVE-2014-0231)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/multiple-denial-of-servicedos-vulnerabilities-in-apache-http-server\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?104d170e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.2.2.5.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:apache\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^apache-\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.2.2.0.5.0\", sru:\"SRU 11.2.2.5.0\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : apache\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"apache\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-18T14:35:19", "description": "Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nA race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the 'apache' user. (CVE-2014-0226)\n\nA NULL pointer dereference flaw was found in the mod_cache httpd module. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP Server was used as a forward proxy with caching. (CVE-2013-4352)\n\nA denial of service flaw was found in the mod_proxy httpd module. A remote attacker could send a specially crafted request to a server configured as a reverse proxy using a threaded Multi-Processing Modules (MPM) that would cause the httpd child process to crash.\n(CVE-2014-0117)\n\nA denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the 'DEFLATE' input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system.\n(CVE-2014-0118)\n\nA denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely. (CVE-2014-0231)\n\nAll httpd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically.", "cvss3": {}, "published": "2014-07-30T00:00:00", "type": "nessus", "title": "RHEL 7 : httpd (RHSA-2014:0921)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4352", "CVE-2014-0117", "CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:mod_ldap", "p-cpe:/a:redhat:enterprise_linux:mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:mod_session", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2014-0921.NASL", "href": "https://www.tenable.com/plugins/nessus/76905", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0921. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76905);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-4352\", \"CVE-2014-0117\", \"CVE-2014-0118\", \"CVE-2014-0226\", \"CVE-2014-0231\");\n script_xref(name:\"RHSA\", value:\"2014:0921\");\n\n script_name(english:\"RHEL 7 : httpd (RHSA-2014:0921)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated httpd packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 7.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nA race condition flaw, leading to heap-based buffer overflows, was\nfound in the mod_status httpd module. A remote attacker able to access\na status page served by mod_status on a server using a threaded\nMulti-Processing Module (MPM) could send a specially crafted request\nthat would cause the httpd child process to crash or, possibly, allow\nthe attacker to execute arbitrary code with the privileges of the\n'apache' user. (CVE-2014-0226)\n\nA NULL pointer dereference flaw was found in the mod_cache httpd\nmodule. A malicious HTTP server could cause the httpd child process to\ncrash when the Apache HTTP Server was used as a forward proxy with\ncaching. (CVE-2013-4352)\n\nA denial of service flaw was found in the mod_proxy httpd module. A\nremote attacker could send a specially crafted request to a server\nconfigured as a reverse proxy using a threaded Multi-Processing\nModules (MPM) that would cause the httpd child process to crash.\n(CVE-2014-0117)\n\nA denial of service flaw was found in the way httpd's mod_deflate\nmodule handled request body decompression (configured via the\n'DEFLATE' input filter). A remote attacker able to send a request\nwhose body would be decompressed could use this flaw to consume an\nexcessive amount of system memory and CPU on the target system.\n(CVE-2014-0118)\n\nA denial of service flaw was found in the way httpd's mod_cgid module\nexecuted CGI scripts that did not read data from the standard input. A\nremote attacker could submit a specially crafted request that would\ncause the httpd child process to hang indefinitely. (CVE-2014-0231)\n\nAll httpd users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After\ninstalling the updated packages, the httpd daemon will be restarted\nautomatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0921\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0231\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0226\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4352\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0921\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"httpd-2.4.6-18.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd-2.4.6-18.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"httpd-debuginfo-2.4.6-18.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd-debuginfo-2.4.6-18.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"httpd-devel-2.4.6-18.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd-devel-2.4.6-18.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"httpd-manual-2.4.6-18.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"httpd-tools-2.4.6-18.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd-tools-2.4.6-18.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mod_ldap-2.4.6-18.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_ldap-2.4.6-18.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mod_proxy_html-2.4.6-18.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_proxy_html-2.4.6-18.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mod_session-2.4.6-18.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_session-2.4.6-18.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mod_ssl-2.4.6-18.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_ssl-2.4.6-18.el7_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-18T14:35:46", "description": "Apache HTTP SERVER PROJECT reports : mod_proxy: Fix crash in Connection header handling which allowed a denial of service attack against a reverse proxy with a threaded MPM.\n\nFix a race condition in scoreboard handling, which could lead to a heap buffer overflow.\n\nmod_deflate: The DEFLATE input filter (inflates request bodies) now limits the length and compression ratio of inflated request bodies to avoid denial of sevice via highly compressed bodies. See directives DeflateInflateLimitRequestBody, DeflateInflateRatioLimit, and DeflateInflateRatioBurst.\n\nmod_cgid: Fix a denial of service against CGI scripts that do not consume stdin that could lead to lingering HTTPD child processes filling up the scoreboard and eventually hanging the server. By default, the client I/O timeout (Timeout directive) now applies to communication with scripts. The CGIDScriptTimeout directive can be used to set a different timeout for communication with scripts.", "cvss3": {}, "published": "2014-07-21T00:00:00", "type": "nessus", "title": "FreeBSD : apache24 -- several vulnerabilities (4364e1f1-0f44-11e4-b090-20cf30e32f6d)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0117", "CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231", "CVE-2014-3523"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:apache24", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_4364E1F10F4411E4B09020CF30E32F6D.NASL", "href": "https://www.tenable.com/plugins/nessus/76614", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76614);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-0117\", \"CVE-2014-0118\", \"CVE-2014-0226\", \"CVE-2014-0231\", \"CVE-2014-3523\");\n\n script_name(english:\"FreeBSD : apache24 -- several vulnerabilities (4364e1f1-0f44-11e4-b090-20cf30e32f6d)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Apache HTTP SERVER PROJECT reports : mod_proxy: Fix crash in\nConnection header handling which allowed a denial of service attack\nagainst a reverse proxy with a threaded MPM.\n\nFix a race condition in scoreboard handling, which could lead to a\nheap buffer overflow.\n\nmod_deflate: The DEFLATE input filter (inflates request bodies) now\nlimits the length and compression ratio of inflated request bodies to\navoid denial of sevice via highly compressed bodies. See directives\nDeflateInflateLimitRequestBody, DeflateInflateRatioLimit, and\nDeflateInflateRatioBurst.\n\nmod_cgid: Fix a denial of service against CGI scripts that do not\nconsume stdin that could lead to lingering HTTPD child processes\nfilling up the scoreboard and eventually hanging the server. By\ndefault, the client I/O timeout (Timeout directive) now applies to\ncommunication with scripts. The CGIDScriptTimeout directive can be\nused to set a different timeout for communication with scripts.\"\n );\n # https://vuxml.freebsd.org/freebsd/4364e1f1-0f44-11e4-b090-20cf30e32f6d.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?36e83f6c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache24\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"apache24<2.4.10\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-18T14:35:46", "description": "Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nA race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the 'apache' user. (CVE-2014-0226)\n\nA NULL pointer dereference flaw was found in the mod_cache httpd module. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP Server was used as a forward proxy with caching. (CVE-2013-4352)\n\nA denial of service flaw was found in the mod_proxy httpd module. A remote attacker could send a specially crafted request to a server configured as a reverse proxy using a threaded Multi-Processing Modules (MPM) that would cause the httpd child process to crash.\n(CVE-2014-0117)\n\nA denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the 'DEFLATE' input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system.\n(CVE-2014-0118)\n\nA denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely. (CVE-2014-0231)\n\nAll httpd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically.", "cvss3": {}, "published": "2014-07-24T00:00:00", "type": "nessus", "title": "CentOS 7 : httpd (CESA-2014:0921)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4352", "CVE-2014-0117", "CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:httpd", "p-cpe:/a:centos:centos:httpd-devel", "p-cpe:/a:centos:centos:httpd-manual", "p-cpe:/a:centos:centos:httpd-tools", "p-cpe:/a:centos:centos:mod_ldap", "p-cpe:/a:centos:centos:mod_proxy_html", "p-cpe:/a:centos:centos:mod_session", "p-cpe:/a:centos:centos:mod_ssl", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2014-0921.NASL", "href": "https://www.tenable.com/plugins/nessus/76716", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0921 and \n# CentOS Errata and Security Advisory 2014:0921 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76716);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-4352\", \"CVE-2014-0117\", \"CVE-2014-0118\", \"CVE-2014-0226\", \"CVE-2014-0231\");\n script_xref(name:\"RHSA\", value:\"2014:0921\");\n\n script_name(english:\"CentOS 7 : httpd (CESA-2014:0921)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated httpd packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 7.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nA race condition flaw, leading to heap-based buffer overflows, was\nfound in the mod_status httpd module. A remote attacker able to access\na status page served by mod_status on a server using a threaded\nMulti-Processing Module (MPM) could send a specially crafted request\nthat would cause the httpd child process to crash or, possibly, allow\nthe attacker to execute arbitrary code with the privileges of the\n'apache' user. (CVE-2014-0226)\n\nA NULL pointer dereference flaw was found in the mod_cache httpd\nmodule. A malicious HTTP server could cause the httpd child process to\ncrash when the Apache HTTP Server was used as a forward proxy with\ncaching. (CVE-2013-4352)\n\nA denial of service flaw was found in the mod_proxy httpd module. A\nremote attacker could send a specially crafted request to a server\nconfigured as a reverse proxy using a threaded Multi-Processing\nModules (MPM) that would cause the httpd child process to crash.\n(CVE-2014-0117)\n\nA denial of service flaw was found in the way httpd's mod_deflate\nmodule handled request body decompression (configured via the\n'DEFLATE' input filter). A remote attacker able to send a request\nwhose body would be decompressed could use this flaw to consume an\nexcessive amount of system memory and CPU on the target system.\n(CVE-2014-0118)\n\nA denial of service flaw was found in the way httpd's mod_cgid module\nexecuted CGI scripts that did not read data from the standard input. A\nremote attacker could submit a specially crafted request that would\ncause the httpd child process to hang indefinitely. (CVE-2014-0231)\n\nAll httpd users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After\ninstalling the updated packages, the httpd daemon will be restarted\nautomatically.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-July/020442.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a5e3a583\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0226\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"httpd-2.4.6-18.el7.centos\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"httpd-devel-2.4.6-18.el7.centos\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"httpd-manual-2.4.6-18.el7.centos\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"httpd-tools-2.4.6-18.el7.centos\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mod_ldap-2.4.6-18.el7.centos\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mod_proxy_html-2.4.6-18.el7.centos\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mod_session-2.4.6-18.el7.centos\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mod_ssl-2.4.6-18.el7.centos\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-tools / mod_ldap / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-18T14:35:33", "description": "From Red Hat Security Advisory 2014:0921 :\n\nUpdated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nA race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the 'apache' user. (CVE-2014-0226)\n\nA NULL pointer dereference flaw was found in the mod_cache httpd module. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP Server was used as a forward proxy with caching. (CVE-2013-4352)\n\nA denial of service flaw was found in the mod_proxy httpd module. A remote attacker could send a specially crafted request to a server configured as a reverse proxy using a threaded Multi-Processing Modules (MPM) that would cause the httpd child process to crash.\n(CVE-2014-0117)\n\nA denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the 'DEFLATE' input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system.\n(CVE-2014-0118)\n\nA denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely. (CVE-2014-0231)\n\nAll httpd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically.", "cvss3": {}, "published": "2014-07-24T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : httpd (ELSA-2014-0921)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4352", "CVE-2014-0117", "CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:httpd", "p-cpe:/a:oracle:linux:httpd-devel", "p-cpe:/a:oracle:linux:httpd-manual", "p-cpe:/a:oracle:linux:httpd-tools", "p-cpe:/a:oracle:linux:mod_ldap", "p-cpe:/a:oracle:linux:mod_proxy_html", "p-cpe:/a:oracle:linux:mod_session", "p-cpe:/a:oracle:linux:mod_ssl", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2014-0921.NASL", "href": "https://www.tenable.com/plugins/nessus/76745", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:0921 and \n# Oracle Linux Security Advisory ELSA-2014-0921 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76745);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-4352\", \"CVE-2014-0117\", \"CVE-2014-0118\", \"CVE-2014-0226\", \"CVE-2014-0231\");\n script_bugtraq_id(68678, 68740, 68742, 68745, 68863);\n script_xref(name:\"RHSA\", value:\"2014:0921\");\n\n script_name(english:\"Oracle Linux 7 : httpd (ELSA-2014-0921)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:0921 :\n\nUpdated httpd packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 7.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nA race condition flaw, leading to heap-based buffer overflows, was\nfound in the mod_status httpd module. A remote attacker able to access\na status page served by mod_status on a server using a threaded\nMulti-Processing Module (MPM) could send a specially crafted request\nthat would cause the httpd child process to crash or, possibly, allow\nthe attacker to execute arbitrary code with the privileges of the\n'apache' user. (CVE-2014-0226)\n\nA NULL pointer dereference flaw was found in the mod_cache httpd\nmodule. A malicious HTTP server could cause the httpd child process to\ncrash when the Apache HTTP Server was used as a forward proxy with\ncaching. (CVE-2013-4352)\n\nA denial of service flaw was found in the mod_proxy httpd module. A\nremote attacker could send a specially crafted request to a server\nconfigured as a reverse proxy using a threaded Multi-Processing\nModules (MPM) that would cause the httpd child process to crash.\n(CVE-2014-0117)\n\nA denial of service flaw was found in the way httpd's mod_deflate\nmodule handled request body decompression (configured via the\n'DEFLATE' input filter). A remote attacker able to send a request\nwhose body would be decompressed could use this flaw to consume an\nexcessive amount of system memory and CPU on the target system.\n(CVE-2014-0118)\n\nA denial of service flaw was found in the way httpd's mod_cgid module\nexecuted CGI scripts that did not read data from the standard input. A\nremote attacker could submit a specially crafted request that would\ncause the httpd child process to hang indefinitely. (CVE-2014-0231)\n\nAll httpd users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After\ninstalling the updated packages, the httpd daemon will be restarted\nautomatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-July/004292.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"httpd-2.4.6-18.0.1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"httpd-devel-2.4.6-18.0.1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"httpd-manual-2.4.6-18.0.1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"httpd-tools-2.4.6-18.0.1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mod_ldap-2.4.6-18.0.1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mod_proxy_html-2.4.6-18.0.1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mod_session-2.4.6-18.0.1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mod_ssl-2.4.6-18.0.1.el7_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-tools / mod_ldap / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-23T14:56:23", "description": "According to its banner, the version of Apache 2.4.x running on the remote host is prior to 2.4.10. It is, therefore, affected by the following vulnerabilities :\n\n - A flaw exists in the 'mod_proxy' module that may allow an attacker to send a specially crafted request to a server configured as a reverse proxy that may cause the child process to crash. This could potentially lead to a denial of service attack. (CVE-2014-0117)\n\n - A flaw exists in the 'mod_deflate' module when request body decompression is configured. This could allow a remote attacker to cause the server to consume significant resources. (CVE-2014-0118)\n\n - A flaw exists in the 'mod_status' module when a publicly accessible server status page is in place. This could allow an attacker to send a specially crafted request designed to cause a heap buffer overflow. (CVE-2014-0226)\n\n - A flaw exists in the 'mod_cgid' module in which CGI scripts that did not consume standard input may be manipulated in order to cause child processes to hang. A remote attacker may be able to abuse this in order to cause a denial of service. (CVE-2014-0231)\n\n - A flaw exists in WinNT MPM versions 2.4.1 to 2.4.9 when using the default AcceptFilter. An attacker may be able to specially craft requests that create a memory leak in the application and may eventually lead to a denial of service attack. (CVE-2014-3523)\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-01-09T00:00:00", "type": "nessus", "title": "Apache 2.4.x < 2.4.10 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0117", "CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231", "CVE-2014-3523"], "modified": "2023-03-14T00:00:00", "cpe": ["cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98906", "href": "https://www.tenable.com/plugins/was/98906", "sourceData": "No source data", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-18T14:35:06", "description": "According to its banner, the version of Apache 2.4.x running on the remote host is prior to 2.4.10. It is, therefore, affected by the following vulnerabilities :\n\n - A flaw exists in the 'mod_proxy' module that may allow an attacker to send a specially crafted request to a server configured as a reverse proxy that may cause the child process to crash. This could potentially lead to a denial of service attack. (CVE-2014-0117)\n\n - A flaw exists in the 'mod_deflate' module when request body decompression is configured. This could allow a remote attacker to cause the server to consume significant resources. (CVE-2014-0118)\n\n - A flaw exists in the 'mod_status' module when a publicly accessible server status page is in place.\n This could allow an attacker to send a specially crafted request designed to cause a heap buffer overflow. (CVE-2014-0226)\n\n - A flaw exists in the 'mod_cgid' module in which CGI scripts that did not consume standard input may be manipulated in order to cause child processes to hang. A remote attacker may be able to abuse this in order to cause a denial of service.\n (CVE-2014-0231)\n\n - A flaw exists in WinNT MPM versions 2.4.1 to 2.4.9 when using the default AcceptFilter. An attacker may be able to specially craft requests that create a memory leak in the application and may eventually lead to a denial of service attack. (CVE-2014-3523)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2014-07-21T00:00:00", "type": "nessus", "title": "Apache 2.4.x < 2.4.10 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0117", "CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231", "CVE-2014-3523"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:http_server"], "id": "APACHE_2_4_10.NASL", "href": "https://www.tenable.com/plugins/nessus/76622", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76622);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2014-0117\",\n \"CVE-2014-0118\",\n \"CVE-2014-0226\",\n \"CVE-2014-0231\",\n \"CVE-2014-3523\"\n );\n script_bugtraq_id(\n 68678,\n 68740,\n 68742,\n 68745,\n 68747\n );\n script_xref(name:\"EDB-ID\", value:\"34133\");\n\n script_name(english:\"Apache 2.4.x < 2.4.10 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server may be affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of Apache 2.4.x running on the\nremote host is prior to 2.4.10. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A flaw exists in the 'mod_proxy' module that may allow\n an attacker to send a specially crafted request to a\n server configured as a reverse proxy that may cause\n the child process to crash. This could potentially\n lead to a denial of service attack. (CVE-2014-0117)\n\n - A flaw exists in the 'mod_deflate' module when request\n body decompression is configured. This could allow a\n remote attacker to cause the server to consume\n significant resources. (CVE-2014-0118)\n\n - A flaw exists in the 'mod_status' module when a\n publicly accessible server status page is in place.\n This could allow an attacker to send a specially\n crafted request designed to cause a heap buffer\n overflow. (CVE-2014-0226)\n\n - A flaw exists in the 'mod_cgid' module in which CGI\n scripts that did not consume standard input may be\n manipulated in order to cause child processes to\n hang. A remote attacker may be able to abuse this\n in order to cause a denial of service.\n (CVE-2014-0231)\n\n - A flaw exists in WinNT MPM versions 2.4.1 to 2.4.9 when\n using the default AcceptFilter. An attacker may be able\n to specially craft requests that create a memory leak in\n the application and may eventually lead to a denial of\n service attack. (CVE-2014-3523)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://archive.apache.org/dist/httpd/CHANGES_2.4.10\");\n script_set_attribute(attribute:\"see_also\", value:\"http://httpd.apache.org/security/vulnerabilities_24.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache version 2.4.10 or later. Alternatively, ensure that\nthe affected modules are not in use.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0226\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:http_server\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"apache_http_version.nasl\", \"apache_http_server_nix_installed.nbin\", \"apache_httpd_win_installed.nbin\");\n script_require_keys(\"installed_sw/Apache\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\n\napp_info = vcf::apache_http_server::combined_get_app_info(app:'Apache');\n\nconstraints = [\n { 'min_version' : '2.3.0', 'fixed_version' : '2.4.10' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-18T14:38:51", "description": "A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the 'apache' user. (CVE-2014-0226)\n\nA denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the 'DEFLATE' input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system.\n(CVE-2014-0118)\n\nA denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely. (CVE-2014-0231)", "cvss3": {}, "published": "2014-10-12T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : httpd (ALAS-2014-388)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:httpd", "p-cpe:/a:amazon:linux:httpd-debuginfo", "p-cpe:/a:amazon:linux:httpd-devel", "p-cpe:/a:amazon:linux:httpd-manual", "p-cpe:/a:amazon:linux:httpd-tools", "p-cpe:/a:amazon:linux:mod_ssl", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2014-388.NASL", "href": "https://www.tenable.com/plugins/nessus/78331", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-388.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78331);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-0118\", \"CVE-2014-0226\", \"CVE-2014-0231\");\n script_xref(name:\"ALAS\", value:\"2014-388\");\n script_xref(name:\"RHSA\", value:\"2014:0920\");\n\n script_name(english:\"Amazon Linux AMI : httpd (ALAS-2014-388)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A race condition flaw, leading to heap-based buffer overflows, was\nfound in the mod_status httpd module. A remote attacker able to access\na status page served by mod_status on a server using a threaded\nMulti-Processing Module (MPM) could send a specially crafted request\nthat would cause the httpd child process to crash or, possibly, allow\nthe attacker to execute arbitrary code with the privileges of the\n'apache' user. (CVE-2014-0226)\n\nA denial of service flaw was found in the way httpd's mod_deflate\nmodule handled request body decompression (configured via the\n'DEFLATE' input filter). A remote attacker able to send a request\nwhose body would be decompressed could use this flaw to consume an\nexcessive amount of system memory and CPU on the target system.\n(CVE-2014-0118)\n\nA denial of service flaw was found in the way httpd's mod_cgid module\nexecuted CGI scripts that did not read data from the standard input. A\nremote attacker could submit a specially crafted request that would\ncause the httpd child process to hang indefinitely. (CVE-2014-0231)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-388.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update httpd' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"httpd-2.2.27-1.3.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-debuginfo-2.2.27-1.3.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-devel-2.2.27-1.3.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-manual-2.2.27-1.3.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-tools-2.2.27-1.3.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod_ssl-2.2.27-1.3.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-18T14:36:01", "description": "Updated httpd packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nA race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the 'apache' user. (CVE-2014-0226)\n\nA denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the 'DEFLATE' input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system.\n(CVE-2014-0118)\n\nA denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely. (CVE-2014-0231)\n\nAll httpd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically.", "cvss3": {}, "published": "2014-07-24T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 : httpd (RHSA-2014:0920)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.5"], "id": "REDHAT-RHSA-2014-0920.NASL", "href": "https://www.tenable.com/plugins/nessus/76749", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0920. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76749);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0118\", \"CVE-2014-0226\", \"CVE-2014-0231\");\n script_xref(name:\"RHSA\", value:\"2014:0920\");\n\n script_name(english:\"RHEL 5 / 6 : httpd (RHSA-2014:0920)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated httpd packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nA race condition flaw, leading to heap-based buffer overflows, was\nfound in the mod_status httpd module. A remote attacker able to access\na status page served by mod_status on a server using a threaded\nMulti-Processing Module (MPM) could send a specially crafted request\nthat would cause the httpd child process to crash or, possibly, allow\nthe attacker to execute arbitrary code with the privileges of the\n'apache' user. (CVE-2014-0226)\n\nA denial of service flaw was found in the way httpd's mod_deflate\nmodule handled request body decompression (configured via the\n'DEFLATE' input filter). A remote attacker able to send a request\nwhose body would be decompressed could use this flaw to consume an\nexcessive amount of system memory and CPU on the target system.\n(CVE-2014-0118)\n\nA denial of service flaw was found in the way httpd's mod_cgid module\nexecuted CGI scripts that did not read data from the standard input. A\nremote attacker could submit a specially crafted request that would\ncause the httpd child process to hang indefinitely. (CVE-2014-0231)\n\nAll httpd users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After\ninstalling the updated packages, the httpd daemon will be restarted\nautomatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0231\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0226\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0920\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"httpd-2.2.3-87.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"httpd-2.2.3-87.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"httpd-2.2.3-87.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"httpd-debuginfo-2.2.3-87.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"httpd-devel-2.2.3-87.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"httpd-manual-2.2.3-87.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"httpd-manual-2.2.3-87.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"httpd-manual-2.2.3-87.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"mod_ssl-2.2.3-87.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"mod_ssl-2.2.3-87.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"mod_ssl-2.2.3-87.el5_10\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"httpd-2.2.15-31.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"httpd-2.2.15-31.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd-2.2.15-31.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"httpd-debuginfo-2.2.15-31.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"httpd-devel-2.2.15-31.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"httpd-manual-2.2.15-31.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"httpd-tools-2.2.15-31.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"httpd-tools-2.2.15-31.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd-tools-2.2.15-31.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"mod_ssl-2.2.15-31.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"mod_ssl-2.2.15-31.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_ssl-2.2.15-31.el6_5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-18T14:36:00", "description": "From Red Hat Security Advisory 2014:0920 :\n\nUpdated httpd packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nA race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the 'apache' user. (CVE-2014-0226)\n\nA denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the 'DEFLATE' input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system.\n(CVE-2014-0118)\n\nA denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely. (CVE-2014-0231)\n\nAll httpd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically.", "cvss3": {}, "published": "2014-07-24T00:00:00", "type": "nessus", "title": "Oracle Linux 5 / 6 : httpd (ELSA-2014-0920)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:httpd", "p-cpe:/a:oracle:linux:httpd-devel", "p-cpe:/a:oracle:linux:httpd-manual", "p-cpe:/a:oracle:linux:httpd-tools", "p-cpe:/a:oracle:linux:mod_ssl", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2014-0920.NASL", "href": "https://www.tenable.com/plugins/nessus/76744", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:0920 and \n# Oracle Linux Security Advisory ELSA-2014-0920 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76744);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0118\", \"CVE-2014-0226\", \"CVE-2014-0231\");\n script_xref(name:\"RHSA\", value:\"2014:0920\");\n\n script_name(english:\"Oracle Linux 5 / 6 : httpd (ELSA-2014-0920)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:0920 :\n\nUpdated httpd packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nA race condition flaw, leading to heap-based buffer overflows, was\nfound in the mod_status httpd module. A remote attacker able to access\na status page served by mod_status on a server using a threaded\nMulti-Processing Module (MPM) could send a specially crafted request\nthat would cause the httpd child process to crash or, possibly, allow\nthe attacker to execute arbitrary code with the privileges of the\n'apache' user. (CVE-2014-0226)\n\nA denial of service flaw was found in the way httpd's mod_deflate\nmodule handled request body decompression (configured via the\n'DEFLATE' input filter). A remote attacker able to send a request\nwhose body would be decompressed could use this flaw to consume an\nexcessive amount of system memory and CPU on the target system.\n(CVE-2014-0118)\n\nA denial of service flaw was found in the way httpd's mod_cgid module\nexecuted CGI scripts that did not read data from the standard input. A\nremote attacker could submit a specially crafted request that would\ncause the httpd child process to hang indefinitely. (CVE-2014-0231)\n\nAll httpd users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After\ninstalling the updated packages, the httpd daemon will be restarted\nautomatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-July/004243.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-July/004246.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"httpd-2.2.3-87.0.1.el5_10\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"httpd-devel-2.2.3-87.0.1.el5_10\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"httpd-manual-2.2.3-87.0.1.el5_10\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"mod_ssl-2.2.3-87.0.1.el5_10\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"httpd-2.2.15-31.0.1.el6_5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"httpd-devel-2.2.15-31.0.1.el6_5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"httpd-manual-2.2.15-31.0.1.el6_5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"httpd-tools-2.2.15-31.0.1.el6_5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"mod_ssl-2.2.15-31.0.1.el6_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-tools / mod_ssl\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-18T14:38:51", "description": "A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the 'apache' user. (CVE-2014-0226)\n\nA denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the 'DEFLATE' input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system.\n(CVE-2014-0118)\n\nA denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely. (CVE-2014-0231)", "cvss3": {}, "published": "2014-10-12T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : httpd24 (ALAS-2014-389)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:httpd24", "p-cpe:/a:amazon:linux:httpd24-debuginfo", "p-cpe:/a:amazon:linux:httpd24-devel", "p-cpe:/a:amazon:linux:httpd24-manual", "p-cpe:/a:amazon:linux:httpd24-tools", "p-cpe:/a:amazon:linux:mod24_ldap", "p-cpe:/a:amazon:linux:mod24_proxy_html", "p-cpe:/a:amazon:linux:mod24_session", "p-cpe:/a:amazon:linux:mod24_ssl", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2014-389.NASL", "href": "https://www.tenable.com/plugins/nessus/78332", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-389.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78332);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-0118\", \"CVE-2014-0226\", \"CVE-2014-0231\");\n script_xref(name:\"ALAS\", value:\"2014-389\");\n\n script_name(english:\"Amazon Linux AMI : httpd24 (ALAS-2014-389)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A race condition flaw, leading to heap-based buffer overflows, was\nfound in the mod_status httpd module. A remote attacker able to access\na status page served by mod_status on a server using a threaded\nMulti-Processing Module (MPM) could send a specially crafted request\nthat would cause the httpd child process to crash or, possibly, allow\nthe attacker to execute arbitrary code with the privileges of the\n'apache' user. (CVE-2014-0226)\n\nA denial of service flaw was found in the way httpd's mod_deflate\nmodule handled request body decompression (configured via the\n'DEFLATE' input filter). A remote attacker able to send a request\nwhose body would be decompressed could use this flaw to consume an\nexcessive amount of system memory and CPU on the target system.\n(CVE-2014-0118)\n\nA denial of service flaw was found in the way httpd's mod_cgid module\nexecuted CGI scripts that did not read data from the standard input. A\nremote attacker could submit a specially crafted request that would\ncause the httpd child process to hang indefinitely. (CVE-2014-0231)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-389.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update httpd24' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-2.4.10-1.59.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-debuginfo-2.4.10-1.59.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-devel-2.4.10-1.59.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-manual-2.4.10-1.59.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-tools-2.4.10-1.59.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_ldap-2.4.10-1.59.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_proxy_html-2.4.10-1.59.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_session-2.4.10-1.59.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_ssl-2.4.10-1.59.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd24 / httpd24-debuginfo / httpd24-devel / httpd24-manual / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-18T14:35:05", "description": "A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the 'apache' user. (CVE-2014-0226)\n\nA denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the 'DEFLATE' input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system.\n(CVE-2014-0118)\n\nA denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely. (CVE-2014-0231)\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "cvss3": {}, "published": "2014-07-24T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : httpd on SL5.x, SL6.x i386/x86_64 (20140723)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:httpd", "p-cpe:/a:fermilab:scientific_linux:httpd-debuginfo", "p-cpe:/a:fermilab:scientific_linux:httpd-devel", "p-cpe:/a:fermilab:scientific_linux:httpd-manual", "p-cpe:/a:fermilab:scientific_linux:httpd-tools", "p-cpe:/a:fermilab:scientific_linux:mod_ssl", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20140723_HTTPD_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/76753", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76753);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0118\", \"CVE-2014-0226\", \"CVE-2014-0231\");\n\n script_name(english:\"Scientific Linux Security Update : httpd on SL5.x, SL6.x i386/x86_64 (20140723)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A race condition flaw, leading to heap-based buffer overflows, was\nfound in the mod_status httpd module. A remote attacker able to access\na status page served by mod_status on a server using a threaded\nMulti-Processing Module (MPM) could send a specially crafted request\nthat would cause the httpd child process to crash or, possibly, allow\nthe attacker to execute arbitrary code with the privileges of the\n'apache' user. (CVE-2014-0226)\n\nA denial of service flaw was found in the way httpd's mod_deflate\nmodule handled request body decompression (configured via the\n'DEFLATE' input filter). A remote attacker able to send a request\nwhose body would be decompressed could use this flaw to consume an\nexcessive amount of system memory and CPU on the target system.\n(CVE-2014-0118)\n\nA denial of service flaw was found in the way httpd's mod_cgid module\nexecuted CGI scripts that did not read data from the standard input. A\nremote attacker could submit a specially crafted request that would\ncause the httpd child process to hang indefinitely. (CVE-2014-0231)\n\nAfter installing the updated packages, the httpd daemon will be\nrestarted automatically.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1407&L=scientific-linux-errata&T=0&P=1884\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6a0123d9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"httpd-2.2.3-87.sl5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"httpd-debuginfo-2.2.3-87.sl5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"httpd-devel-2.2.3-87.sl5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"httpd-manual-2.2.3-87.sl5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"mod_ssl-2.2.3-87.sl5\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"httpd-2.2.15-31.sl6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"httpd-debuginfo-2.2.15-31.sl6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"httpd-devel-2.2.15-31.sl6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"httpd-manual-2.2.15-31.sl6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"httpd-tools-2.2.15-31.sl6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"mod_ssl-2.2.15-31.sl6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-18T14:35:21", "description": "Updated apache package fixes security vulnerabilities :\n\nA race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the apache user (CVE-2014-0226).\n\nA denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the DEFLATE input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system (CVE-2014-0118).\n\nA denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely (CVE-2014-0231).", "cvss3": {}, "published": "2014-07-31T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : apache (MDVSA-2014:142)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:apache", "p-cpe:/a:mandriva:linux:apache-devel", "p-cpe:/a:mandriva:linux:apache-doc", "p-cpe:/a:mandriva:linux:apache-htcacheclean", "p-cpe:/a:mandriva:linux:apache-mod_authn_dbd", "p-cpe:/a:mandriva:linux:apache-mod_cache", "p-cpe:/a:mandriva:linux:apache-mod_dav", "p-cpe:/a:mandriva:linux:apache-mod_dbd", "p-cpe:/a:mandriva:linux:apache-mod_deflate", "p-cpe:/a:mandriva:linux:apache-mod_disk_cache", "p-cpe:/a:mandriva:linux:apache-mod_file_cache", "p-cpe:/a:mandriva:linux:apache-mod_ldap", "p-cpe:/a:mandriva:linux:apache-mod_mem_cache", "p-cpe:/a:mandriva:linux:apache-mod_proxy", "p-cpe:/a:mandriva:linux:apache-mod_proxy_ajp", "p-cpe:/a:mandriva:linux:apache-mod_proxy_scgi", "p-cpe:/a:mandriva:linux:apache-mod_reqtimeout", "p-cpe:/a:mandriva:linux:apache-mod_ssl", "p-cpe:/a:mandriva:linux:apache-mod_suexec", "p-cpe:/a:mandriva:linux:apache-mod_userdir", "p-cpe:/a:mandriva:linux:apache-mpm-event", "p-cpe:/a:mandriva:linux:apache-mpm-itk", "p-cpe:/a:mandriva:linux:apache-mpm-peruser", "p-cpe:/a:mandriva:linux:apache-mpm-prefork", "p-cpe:/a:mandriva:linux:apache-mpm-worker", "p-cpe:/a:mandriva:linux:apache-source", "cpe:/o:mandriva:business_server:1"], "id": "MANDRIVA_MDVSA-2014-142.NASL", "href": "https://www.tenable.com/plugins/nessus/76923", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:142. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76923);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-0118\", \"CVE-2014-0226\", \"CVE-2014-0231\");\n script_bugtraq_id(68678, 68742, 68745);\n script_xref(name:\"MDVSA\", value:\"2014:142\");\n\n script_name(english:\"Mandriva Linux Security Advisory : apache (MDVSA-2014:142)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated apache package fixes security vulnerabilities :\n\nA race condition flaw, leading to heap-based buffer overflows, was\nfound in the mod_status httpd module. A remote attacker able to access\na status page served by mod_status on a server using a threaded\nMulti-Processing Module (MPM) could send a specially crafted request\nthat would cause the httpd child process to crash or, possibly, allow\nthe attacker to execute arbitrary code with the privileges of the\napache user (CVE-2014-0226).\n\nA denial of service flaw was found in the way httpd's mod_deflate\nmodule handled request body decompression (configured via the DEFLATE\ninput filter). A remote attacker able to send a request whose body\nwould be decompressed could use this flaw to consume an excessive\namount of system memory and CPU on the target system (CVE-2014-0118).\n\nA denial of service flaw was found in the way httpd's mod_cgid module\nexecuted CGI scripts that did not read data from the standard input. A\nremote attacker could submit a specially crafted request that would\ncause the httpd child process to hang indefinitely (CVE-2014-0231).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0304.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-htcacheclean\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_authn_dbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_dav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_dbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_deflate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_disk_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_file_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_mem_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_proxy_ajp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_proxy_scgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_reqtimeout\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_userdir\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-itk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-peruser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"apache-2.2.27-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"apache-devel-2.2.27-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"apache-doc-2.2.27-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"apache-htcacheclean-2.2.27-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"apache-mod_authn_dbd-2.2.27-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"apache-mod_cache-2.2.27-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"apache-mod_dav-2.2.27-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"apache-mod_dbd-2.2.27-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"apache-mod_deflate-2.2.27-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"apache-mod_disk_cache-2.2.27-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"apache-mod_file_cache-2.2.27-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"apache-mod_ldap-2.2.27-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"apache-mod_mem_cache-2.2.27-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"apache-mod_proxy-2.2.27-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"apache-mod_proxy_ajp-2.2.27-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"apache-mod_proxy_scgi-2.2.27-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"apache-mod_reqtimeout-2.2.27-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"apache-mod_ssl-2.2.27-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"apache-mod_suexec-2.2.27-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"apache-mod_userdir-2.2.27-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"apache-mpm-event-2.2.27-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"apache-mpm-itk-2.2.27-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"apache-mpm-peruser-2.2.27-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"apache-mpm-prefork-2.2.27-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"apache-mpm-worker-2.2.27-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"apache-source-2.2.27-1.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-18T14:35:45", "description": "Several security issues were found in the Apache HTTP server.\n\n - CVE-2014-0118 The DEFLATE input filter (inflates request bodies) in mod_deflate allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.\n\n - CVE-2014-0226 A race condition was found in mod_status. An attacker able to access a public server status page on a server could send carefully crafted requests which could lead to a heap buffer overflow, causing denial of service, disclosure of sensitive information, or potentially the execution of arbitrary code.\n\n - CVE-2014-0231 A flaw was found in mod_cgid. If a server using mod_cgid hosted CGI scripts which did not consume standard input, a remote attacker could cause child processes to hang indefinitely, leading to denial of service.", "cvss3": {}, "published": "2014-07-26T00:00:00", "type": "nessus", "title": "Debian DSA-2989-1 : apache2 - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:apache2", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-2989.NASL", "href": "https://www.tenable.com/plugins/nessus/76844", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2989. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76844);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-0118\", \"CVE-2014-0226\", \"CVE-2014-0231\");\n script_bugtraq_id(68678, 68742, 68745);\n script_xref(name:\"DSA\", value:\"2989\");\n\n script_name(english:\"Debian DSA-2989-1 : apache2 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several security issues were found in the Apache HTTP server.\n\n - CVE-2014-0118\n The DEFLATE input filter (inflates request bodies) in\n mod_deflate allows remote attackers to cause a denial of\n service (resource consumption) via crafted request data\n that decompresses to a much larger size.\n\n - CVE-2014-0226\n A race condition was found in mod_status. An attacker\n able to access a public server status page on a server\n could send carefully crafted requests which could lead\n to a heap buffer overflow, causing denial of service,\n disclosure of sensitive information, or potentially the\n execution of arbitrary code.\n\n - CVE-2014-0231\n A flaw was found in mod_cgid. If a server using mod_cgid\n hosted CGI scripts which did not consume standard input,\n a remote attacker could cause child processes to hang\n indefinitely, leading to denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-0118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-0226\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-0231\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/apache2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2989\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the apache2 packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 2.2.22-13+deb7u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"apache2\", reference:\"2.2.22-13+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-dbg\", reference:\"2.2.22-13+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-doc\", reference:\"2.2.22-13+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-mpm-event\", reference:\"2.2.22-13+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-mpm-itk\", reference:\"2.2.22-13+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-mpm-prefork\", reference:\"2.2.22-13+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-mpm-worker\", reference:\"2.2.22-13+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-prefork-dev\", reference:\"2.2.22-13+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-suexec\", reference:\"2.2.22-13+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-suexec-custom\", reference:\"2.2.22-13+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-threaded-dev\", reference:\"2.2.22-13+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-utils\", reference:\"2.2.22-13+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2.2-bin\", reference:\"2.2.22-13+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2.2-common\", reference:\"2.2.22-13+deb7u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-18T14:35:32", "description": "Updated httpd packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nA race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the 'apache' user. (CVE-2014-0226)\n\nA denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the 'DEFLATE' input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system.\n(CVE-2014-0118)\n\nA denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely. (CVE-2014-0231)\n\nAll httpd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically.", "cvss3": {}, "published": "2014-07-24T00:00:00", "type": "nessus", "title": "CentOS 5 / 6 : httpd (CESA-2014:0920)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:httpd", "p-cpe:/a:centos:centos:httpd-devel", "p-cpe:/a:centos:centos:httpd-manual", "p-cpe:/a:centos:centos:httpd-tools", "p-cpe:/a:centos:centos:mod_ssl", "cpe:/o:centos:centos:5", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2014-0920.NASL", "href": "https://www.tenable.com/plugins/nessus/76715", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0920 and \n# CentOS Errata and Security Advisory 2014:0920 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76715);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-0118\", \"CVE-2014-0226\", \"CVE-2014-0231\");\n script_xref(name:\"RHSA\", value:\"2014:0920\");\n\n script_name(english:\"CentOS 5 / 6 : httpd (CESA-2014:0920)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated httpd packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nA race condition flaw, leading to heap-based buffer overflows, was\nfound in the mod_status httpd module. A remote attacker able to access\na status page served by mod_status on a server using a threaded\nMulti-Processing Module (MPM) could send a specially crafted request\nthat would cause the httpd child process to crash or, possibly, allow\nthe attacker to execute arbitrary code with the privileges of the\n'apache' user. (CVE-2014-0226)\n\nA denial of service flaw was found in the way httpd's mod_deflate\nmodule handled request body decompression (configured via the\n'DEFLATE' input filter). A remote attacker able to send a request\nwhose body would be decompressed could use this flaw to consume an\nexcessive amount of system memory and CPU on the target system.\n(CVE-2014-0118)\n\nA denial of service flaw was found in the way httpd's mod_cgid module\nexecuted CGI scripts that did not read data from the standard input. A\nremote attacker could submit a specially crafted request that would\ncause the httpd child process to hang indefinitely. (CVE-2014-0231)\n\nAll httpd users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After\ninstalling the updated packages, the httpd daemon will be restarted\nautomatically.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-July/020440.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dd7ee438\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-July/020441.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d737081a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0226\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"httpd-2.2.3-87.el5.centos\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"httpd-devel-2.2.3-87.el5.centos\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"httpd-manual-2.2.3-87.el5.centos\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"mod_ssl-2.2.3-87.el5.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"httpd-2.2.15-31.el6.centos\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"httpd-devel-2.2.15-31.el6.centos\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"httpd-manual-2.2.15-31.el6.centos\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"httpd-tools-2.2.15-31.el6.centos\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"mod_ssl-2.2.15-31.el6.centos\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-tools / mod_ssl\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-10T14:54:58", "description": "The version of IBM HTTP Server running on the remote host is affected by multiple vulnerabilities, as follows:\n\n - Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c. (CVE-2014-0226)\n\n - The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor. (CVE-2014-0231)\n\n - The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size. (CVE-2014-0118)\n\n - The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass 'RequestHeader unset' directives by placing a header in the trailer portion of data sent with chunked transfer coding.\nNOTE: the vendor states 'this is not a security issue in httpd as such.' (CVE-2013-5704)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-15T00:00:00", "type": "nessus", "title": "IBM HTTP Server 8.5.0.0 <= 8.5.5.2 / 8.0.0.0 <= 8.0.0.9 / 7.0.0.0 <= 7.0.0.33 / 6.1.0.0. <= 6.1.0.47 / 6.0.2.0 <= 6.0.2.43 Multiple Vulnerabilities (509275)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5704", "CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:ibm:http_server"], "id": "IBM_HTTP_SERVER_509275.NASL", "href": "https://www.tenable.com/plugins/nessus/144289", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144289);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2013-5704\",\n \"CVE-2014-0118\",\n \"CVE-2014-0226\",\n \"CVE-2014-0231\"\n );\n script_bugtraq_id(\n 66550,\n 68678,\n 68742,\n 68745\n );\n\n script_name(english:\"IBM HTTP Server 8.5.0.0 <= 8.5.5.2 / 8.0.0.0 <= 8.0.0.9 / 7.0.0.0 <= 7.0.0.33 / 6.1.0.0. <= 6.1.0.47 / 6.0.2.0 <= 6.0.2.43 Multiple Vulnerabilities (509275)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of IBM HTTP Server running on the remote host is affected by multiple vulnerabilities, as follows:\n\n - Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to\ncause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential\ninformation or execute arbitrary code, via a crafted request that triggers improper scoreboard handling\nwithin the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker\nfunction in modules/lua/lua_request.c. (CVE-2014-0226)\n\n - The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which\nallows remote attackers to cause a denial of service (process hang) via a request to a CGI script that\ndoes not read from its stdin file descriptor. (CVE-2014-0231)\n\n - The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before\n2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service\n(resource consumption) via crafted request data that decompresses to a much larger size. (CVE-2014-0118)\n\n - The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass 'RequestHeader\nunset' directives by placing a header in the trailer portion of data sent with chunked transfer coding.\nNOTE: the vendor states 'this is not a security issue in httpd as such.' (CVE-2013-5704)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.ibm.com/support/pages/node/509275\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to IBM HTTP Server version 8.5.5.4, 8.0.0.10, 7.0.0.35 or later. Alternatively, upgrade to the minimal fix pack\nlevel required by the interim fix and then apply Interim Fix PI22070.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0226\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:http_server\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ibm_http_server_nix_installed.nbin\");\n script_require_keys(\"installed_sw/IBM HTTP Server (IHS)\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\napp = 'IBM HTTP Server (IHS)';\nfix = 'Interim Fix PI22070';\n\napp_info = vcf::get_app_info(app:app);\nvcf::check_granularity(app_info:app_info, sig_segments:4);\n\n if ('PI22070' >< app_info['Fixes'])\n audit(AUDIT_INST_VER_NOT_VULN, app);\n\nconstraints = [\n { 'min_version' : '8.5.0.0', 'max_version' : '8.5.5.2', 'fixed_display' : '8.5.5.4 or Interim Fix PI22070'},\n { 'min_version' : '8.0.0.0', 'max_version' : '8.0.0.9', 'fixed_display' : '8.0.0.10 or Interim Fix PI22070'},\n { 'min_version' : '7.0.0.0', 'max_version' : '7.0.0.33', 'fixed_display' : '7.0.0.35 or Interim Fix PI22070'},\n { 'min_version' : '6.1.0.0.', 'max_version' : '6.1.0.47', 'fixed_display' : 'Interim Fix PI22070'},\n { 'min_version' : '6.0.2.0', 'max_version' : '6.0.2.43', 'fixed_display' : 'Interim Fix PI22070'}\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T16:35:12", "description": "Versions of Apache HTTP server 2.4.1 to 2.4.4, 2.4.6, 2.4.7, and 2.4.9 are unpatched for the following vulnerabilities:\n\n - Memory consumption denial of service in WinNT MPM, which affects installations on the Windows platform (CVE-2014-3523)\n\n - Race condition in scoreboard handling, which may potentially result in an exploitable heap buffer overflow (CVE-2014-0226)\n\n - Denial of service when the 'mod_deflate' module attempts to process highly compressed bodies (CVE-2014-0118)\n\n - Denial of service in 'mod_cgid' module when certain CGI scripts do not consume standard input and thus linger indefinitely, eventually causing the server to hang (CVE-2014-0231)", "cvss3": {}, "published": "2014-07-29T00:00:00", "type": "nessus", "title": "Apache HTTP Server 2.4.1 to 2.4.4, 2.4.6, 2.4.7, 2.4.9 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231", "CVE-2014-3523"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:apache:http_server:2.4.6"], "id": "8343.PRM", "href": "https://www.tenable.com/plugins/nnm/8343", "sourceData": "Binary data 8343.prm", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:50:47", "description": "CVE-2014-0231: prevent denial of service in mod_cgid.\n\nCVE-2014-0226: prevent denial of service via race in mod_status.\n\nCVE-2014-0118: fix resource consumption via mod_deflate body decompression.\n\nCVE-2013-6438: prevent denial of service via mod_dav incorrect end of string\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-03-26T00:00:00", "type": "nessus", "title": "Debian DLA-66-1 : apache2 security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6438", "CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:apache2", "p-cpe:/a:debian:debian_linux:apache2-dbg", "p-cpe:/a:debian:debian_linux:apache2-doc", "p-cpe:/a:debian:debian_linux:apache2-mpm-event", "p-cpe:/a:debian:debian_linux:apache2-mpm-itk", "p-cpe:/a:debian:debian_linux:apache2-mpm-prefork", "p-cpe:/a:debian:debian_linux:apache2-mpm-worker", "p-cpe:/a:debian:debian_linux:apache2-prefork-dev", "p-cpe:/a:debian:debian_linux:apache2-suexec", "p-cpe:/a:debian:debian_linux:apache2-suexec-custom", "p-cpe:/a:debian:debian_linux:apache2-threaded-dev", "p-cpe:/a:debian:debian_linux:apache2-utils", "p-cpe:/a:debian:debian_linux:apache2.2-bin", "p-cpe:/a:debian:debian_linux:apache2.2-common", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DLA-66.NASL", "href": "https://www.tenable.com/plugins/nessus/82211", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-66-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82211);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-6438\", \"CVE-2014-0118\", \"CVE-2014-0226\", \"CVE-2014-0231\");\n script_bugtraq_id(66303, 68678, 68742, 68745);\n\n script_name(english:\"Debian DLA-66-1 : apache2 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2014-0231: prevent denial of service in mod_cgid.\n\nCVE-2014-0226: prevent denial of service via race in mod_status.\n\nCVE-2014-0118: fix resource consumption via mod_deflate body\ndecompression.\n\nCVE-2013-6438: prevent denial of service via mod_dav incorrect end of\nstring\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2014/09/msg00023.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/apache2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-mpm-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-mpm-itk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-mpm-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-mpm-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-prefork-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-suexec-custom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-threaded-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2.2-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2.2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"apache2\", reference:\"2.2.16-6+squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-dbg\", reference:\"2.2.16-6+squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-doc\", reference:\"2.2.16-6+squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-mpm-event\", reference:\"2.2.16-6+squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-mpm-itk\", reference:\"2.2.16-6+squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-mpm-prefork\", reference:\"2.2.16-6+squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-mpm-worker\", reference:\"2.2.16-6+squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-prefork-dev\", reference:\"2.2.16-6+squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-suexec\", reference:\"2.2.16-6+squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-suexec-custom\", reference:\"2.2.16-6+squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-threaded-dev\", reference:\"2.2.16-6+squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-utils\", reference:\"2.2.16-6+squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2.2-bin\", reference:\"2.2.16-6+squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2.2-common\", reference:\"2.2.16-6+squeeze13\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-18T14:35:32", "description": "Apache HTTP SERVER PROJECT reports :\n\nmod_deflate: The DEFLATE input filter (inflates request bodies) now limits the length and compression ratio of inflated request bodies to avoid denial of service via highly compressed bodies. See directives DeflateInflateLimitRequestBody, DeflateInflateRatioLimit, and DeflateInflateRatioBurst.\n\nmod_cgid: Fix a denial of service against CGI scripts that do not consume stdin that could lead to lingering HTTPD child processes filling up the scoreboard and eventually hanging the server. By default, the client I/O timeout (Timeout directive) now applies to communication with scripts. The CGIDScriptTimeout directive can be used to set a different timeout for communication with scripts.\n\nFix a race condition in scoreboard handling, which could lead to a heap buffer overflow.\n\ncore: HTTP trailers could be used to replace HTTP headers late during request processing, potentially undoing or otherwise confusing modules that examined or modified request headers earlier. Adds 'MergeTrailers' directive to restore legacy behavior.", "cvss3": {}, "published": "2014-07-25T00:00:00", "type": "nessus", "title": "FreeBSD : apache22 -- several vulnerabilities (f927e06c-1109-11e4-b090-20cf30e32f6d)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5704", "CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:apache22", "p-cpe:/a:freebsd:freebsd:apache22-event-mpm", "p-cpe:/a:freebsd:freebsd:apache22-itk-mpm", "p-cpe:/a:freebsd:freebsd:apache22-peruser-mpm", "p-cpe:/a:freebsd:freebsd:apache22-worker-mpm", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_F927E06C110911E4B09020CF30E32F6D.NASL", "href": "https://www.tenable.com/plugins/nessus/76780", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76780);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-5704\", \"CVE-2014-0118\", \"CVE-2014-0226\", \"CVE-2014-0231\");\n\n script_name(english:\"FreeBSD : apache22 -- several vulnerabilities (f927e06c-1109-11e4-b090-20cf30e32f6d)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Apache HTTP SERVER PROJECT reports :\n\nmod_deflate: The DEFLATE input filter (inflates request bodies) now\nlimits the length and compression ratio of inflated request bodies to\navoid denial of service via highly compressed bodies. See directives\nDeflateInflateLimitRequestBody, DeflateInflateRatioLimit, and\nDeflateInflateRatioBurst.\n\nmod_cgid: Fix a denial of service against CGI scripts that do not\nconsume stdin that could lead to lingering HTTPD child processes\nfilling up the scoreboard and eventually hanging the server. By\ndefault, the client I/O timeout (Timeout directive) now applies to\ncommunication with scripts. The CGIDScriptTimeout directive can be\nused to set a different timeout for communication with scripts.\n\nFix a race condition in scoreboard handling, which could lead to a\nheap buffer overflow.\n\ncore: HTTP trailers could be used to replace HTTP headers late during\nrequest processing, potentially undoing or otherwise confusing modules\nthat examined or modified request headers earlier. Adds\n'MergeTrailers' directive to restore legacy behavior.\"\n );\n # https://vuxml.freebsd.org/freebsd/f927e06c-1109-11e4-b090-20cf30e32f6d.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dc305eeb\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache22-event-mpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache22-itk-mpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache22-peruser-mpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache22-worker-mpm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"apache22>2.2.0<2.2.29\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache22-event-mpm>2.2.0<2.2.29\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache22-itk-mpm>2.2.0<2.2.29\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache22-peruser-mpm>2.2.0<2.2.29\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache22-worker-mpm>2.2.0<2.2.29\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:53:10", "description": "The remote host is affected by the vulnerability described in GLSA-201504-03 (Apache: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Apache HTTP Server.\n Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker may be able to execute arbitrary code or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2015-04-13T00:00:00", "type": "nessus", "title": "GLSA-201504-03 : Apache: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5704", "CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:apache", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201504-03.NASL", "href": "https://www.tenable.com/plugins/nessus/82733", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201504-03.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82733);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-5704\", \"CVE-2014-0118\", \"CVE-2014-0226\", \"CVE-2014-0231\");\n script_bugtraq_id(68678, 68742, 68745, 73135);\n script_xref(name:\"GLSA\", value:\"201504-03\");\n\n script_name(english:\"GLSA-201504-03 : Apache: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201504-03\n(Apache: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Apache HTTP Server.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker may be able to execute arbitrary code or cause a\n Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201504-03\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Apache users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/apache-2.2.29'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/apache\", unaffected:make_list(\"ge 2.2.29\"), vulnerable:make_list(\"lt 2.2.29\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Apache\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-18T14:38:04", "description": "According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.28. It is, therefore, affected by the following vulnerabilities :\n\n - A flaw exists within the 'mod_headers' module which allows a remote attacker to inject arbitrary headers.\n This is done by placing a header in the trailer portion of data being sent using chunked transfer encoding.\n (CVE-2013-5704)\n\n - A flaw exists within the 'mod_deflate' module when handling highly compressed bodies. Using a specially crafted request, a remote attacker can exploit this to cause a denial of service by exhausting memory and CPU resources. (CVE-2014-0118)\n\n - The 'mod_status' module contains a race condition that can be triggered when handling the scoreboard. A remote attacker can exploit this to cause a denial of service, execute arbitrary code, or obtain sensitive credential information. (CVE-2014-0226)\n\n - The 'mod_cgid' module lacks a time out mechanism. Using a specially crafted request, a remote attacker can use this flaw to cause a denial of service by causing child processes to linger indefinitely, eventually filling up the scoreboard. (CVE-2014-0231)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2014-09-04T00:00:00", "type": "nessus", "title": "Apache 2.2.x < 2.2.28 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5704", "CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231"], "modified": "2020-04-27T00:00:00", "cpe": ["cpe:/a:apache:http_server"], "id": "APACHE_2_2_29.NASL", "href": "https://www.tenable.com/plugins/nessus/77531", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77531);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/27\");\n\n script_cve_id(\n \"CVE-2013-5704\",\n \"CVE-2014-0118\",\n \"CVE-2014-0226\",\n \"CVE-2014-0231\"\n );\n script_bugtraq_id(\n 66550,\n 68678,\n 68742,\n 68745\n );\n script_xref(name:\"EDB-ID\", value:\"34133\");\n\n script_name(english:\"Apache 2.2.x < 2.2.28 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version in the server response header.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of Apache 2.2.x running on the\nremote host is prior to 2.2.28. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A flaw exists within the 'mod_headers' module which\n allows a remote attacker to inject arbitrary headers.\n This is done by placing a header in the trailer portion\n of data being sent using chunked transfer encoding.\n (CVE-2013-5704)\n\n - A flaw exists within the 'mod_deflate' module when\n handling highly compressed bodies. Using a specially\n crafted request, a remote attacker can exploit this to\n cause a denial of service by exhausting memory and CPU\n resources. (CVE-2014-0118)\n\n - The 'mod_status' module contains a race condition that\n can be triggered when handling the scoreboard. A remote\n attacker can exploit this to cause a denial of service,\n execute arbitrary code, or obtain sensitive credential\n information. (CVE-2014-0226)\n\n - The 'mod_cgid' module lacks a time out mechanism. Using\n a specially crafted request, a remote attacker can use\n this flaw to cause a denial of service by causing child\n processes to linger indefinitely, eventually filling up\n the scoreboard. (CVE-2014-0231)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-14-236/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://archive.apache.org/dist/httpd/CHANGES_2.2.29\");\n script_set_attribute(attribute:\"see_also\", value:\"http://httpd.apache.org/security/vulnerabilities_22.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://swende.se/blog/HTTPChunked.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache version 2.2.29 or later.\n\nNote that version 2.2.28 was never officially released.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0226\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:http_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"apache_http_version.nasl\");\n script_require_keys(\"installed_sw/Apache\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp_name = \"Apache\";\nget_install_count(app_name:app_name, exit_if_zero:TRUE);\nport = get_http_port(default:80);\ninstall = get_single_install(app_name:\"Apache\", port:port, exit_if_unknown_ver:TRUE);\n\n# Check if we could get a version first, then check if it was\n# backported\nversion = get_kb_item_or_exit('www/apache/'+port+'/version', exit_code:1);\nbackported = get_kb_item_or_exit('www/apache/'+port+'/backported', exit_code:1);\n\nif (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, app_name);\nsource = get_kb_item_or_exit('www/apache/'+port+'/source', exit_code:1);\n\n# Check if the version looks like either ServerTokens Major/Minor was used.\nif (version =~ '^2(\\\\.2)?$') audit(AUDIT_VER_NOT_GRANULAR, app_name, port, source);\n\n# This plugin is only concerned with Apache 2.2\nif (version !~ \"^2\\.2[^0-9]\") audit(AUDIT_WRONG_WEB_SERVER, port, app_name + \" 2.2.x\");\n\nfixed = '2.2.28';\ndisplay_fixed = '2.2.29';\nif (ver_compare(ver:version, fix:fixed) == -1)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + display_fixed +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, app_name, port, version);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-18T14:36:35", "description": "Red Hat JBoss Web Server 2.1.0, which fixes multiple security issues and several bugs, is now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nRed Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.\n\nThis release serves as a replacement for Red Hat JBoss Web Server 2.0.1, and includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.1.0 Release Notes, linked to in the References section, for information on the most significant of these changes.\n\nThe following security issues are also fixed with this release :\n\nA race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the 'apache' user. (CVE-2014-0226)\n\nA denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the 'DEFLATE' input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system.\n(CVE-2014-0118)\n\nA denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely. (CVE-2014-0231)\n\nIt was found that several application-provided XML files, such as web.xml, content.xml, *.tld, *.tagx, and *.jspx, resolved external entities, permitting XML External Entity (XXE) attacks. An attacker able to deploy malicious applications to Tomcat could use this flaw to circumvent security restrictions set by the JSM, and gain access to sensitive information on the system. Note that this flaw only affected deployments in which Tomcat is running applications from untrusted sources, such as in a shared hosting environment. (CVE-2013-4590)\n\nIt was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs), and tag plug-in configuration files. The injected XML parser(s) could then bypass the limits imposed on XML external entities and/or gain access to the XML files processed for other web applications deployed on the same Tomcat instance. (CVE-2014-0119)\n\nAll users of Red Hat JBoss Web Server 2.0.1 on Red Hat Enterprise Linux 5 are advised to upgrade to Red Hat JBoss Web Server 2.1.0. The JBoss server process must be restarted for this update to take effect.", "cvss3": {}, "published": "2014-08-23T00:00:00", "type": "nessus", "title": "RHEL 5 : JBoss Web Server (RHSA-2014:1088)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4590", "CVE-2014-0118", "CVE-2014-0119", "CVE-2014-0226", "CVE-2014-0231"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:antlr-eap6", "p-cpe:/a:redhat:enterprise_linux:apache-commons-collections-eap6", "p-cpe:/a:redhat:enterprise_linux:apache-commons-collections-tomcat-eap6", "p-cpe:/a:redhat:enterprise_linux:apache-commons-daemon-eap6", "p-cpe:/a:redhat:enterprise_linux:apache-commons-daemon-jsvc-eap6", "p-cpe:/a:redhat:enterprise_linux:apache-commons-pool-eap6", "p-cpe:/a:redhat:enterprise_linux:apache-commons-pool-tomcat-eap6", "p-cpe:/a:redhat:enterprise_linux:dom4j-eap6", "p-cpe:/a:redhat:enterprise_linux:ecj3", "p-cpe:/a:redhat:enterprise_linux:hibernate4-c3p0-eap6", "p-cpe:/a:redhat:enterprise_linux:hibernate4-core-eap6", "p-cpe:/a:redhat:enterprise_linux:hibernate4-eap6", "p-cpe:/a:redhat:enterprise_linux:hibernate4-entitymanager-eap6", "p-cpe:/a:redhat:enterprise_linux:hibernate4-envers-eap6", "p-cpe:/a:redhat:enterprise_linux:hibernate4-infinispan-eap6", "p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:javassist-eap6", "p-cpe:/a:redhat:enterprise_linux:jboss-logging", "p-cpe:/a:redhat:enterprise_linux:jboss-transaction-api_1.1_spec", "p-cpe:/a:redhat:enterprise_linux:mod_cluster", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-native", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat6", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat7", "p-cpe:/a:redhat:enterprise_linux:mod_jk-ap22", "p-cpe:/a:redhat:enterprise_linux:mod_jk-manual", "p-cpe:/a:redhat:enterprise_linux:mod_rt", "p-cpe:/a:redhat:enterprise_linux:mod_snmp", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "p-cpe:/a:redhat:enterprise_linux:storeconfig-tc6", "p-cpe:/a:redhat:enterprise_linux:storeconfig-tc7", "p-cpe:/a:redhat:enterprise_linux:tomcat-native", "p-cpe:/a:redhat:enterprise_linux:tomcat6", "p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat6-log4j", "p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat7", "p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat7-el-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j", "p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2014-1088.NASL", "href": "https://www.tenable.com/plugins/nessus/77357", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1088. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77357);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-4590\", \"CVE-2014-0118\", \"CVE-2014-0119\", \"CVE-2014-0226\", \"CVE-2014-0231\");\n script_xref(name:\"RHSA\", value:\"2014:1088\");\n\n script_name(english:\"RHEL 5 : JBoss Web Server (RHSA-2014:1088)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Red Hat JBoss Web Server 2.1.0, which fixes multiple security issues\nand several bugs, is now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the\nApache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat\nConnector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and\nthe Tomcat Native library.\n\nThis release serves as a replacement for Red Hat JBoss Web Server\n2.0.1, and includes several bug fixes. Refer to the Red Hat JBoss Web\nServer 2.1.0 Release Notes, linked to in the References section, for\ninformation on the most significant of these changes.\n\nThe following security issues are also fixed with this release :\n\nA race condition flaw, leading to heap-based buffer overflows, was\nfound in the mod_status httpd module. A remote attacker able to access\na status page served by mod_status on a server using a threaded\nMulti-Processing Module (MPM) could send a specially crafted request\nthat would cause the httpd child process to crash or, possibly, allow\nthe attacker to execute arbitrary code with the privileges of the\n'apache' user. (CVE-2014-0226)\n\nA denial of service flaw was found in the way httpd's mod_deflate\nmodule handled request body decompression (configured via the\n'DEFLATE' input filter). A remote attacker able to send a request\nwhose body would be decompressed could use this flaw to consume an\nexcessive amount of system memory and CPU on the target system.\n(CVE-2014-0118)\n\nA denial of service flaw was found in the way httpd's mod_cgid module\nexecuted CGI scripts that did not read data from the standard input. A\nremote attacker could submit a specially crafted request that would\ncause the httpd child process to hang indefinitely. (CVE-2014-0231)\n\nIt was found that several application-provided XML files, such as\nweb.xml, content.xml, *.tld, *.tagx, and *.jspx, resolved external\nentities, permitting XML External Entity (XXE) attacks. An attacker\nable to deploy malicious applications to Tomcat could use this flaw to\ncircumvent security restrictions set by the JSM, and gain access to\nsensitive information on the system. Note that this flaw only affected\ndeployments in which Tomcat is running applications from untrusted\nsources, such as in a shared hosting environment. (CVE-2013-4590)\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by Tomcat to\nprocess XSLTs for the default servlet, JSP documents, tag library\ndescriptors (TLDs), and tag plug-in configuration files. The injected\nXML parser(s) could then bypass the limits imposed on XML external\nentities and/or gain access to the XML files processed for other web\napplications deployed on the same Tomcat instance. (CVE-2014-0119)\n\nAll users of Red Hat JBoss Web Server 2.0.1 on Red Hat Enterprise\nLinux 5 are advised to upgrade to Red Hat JBoss Web Server 2.1.0. The\nJBoss server process must be restarted for this update to take effect.\"\n );\n # https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Web_Server/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?765407e2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1088\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0119\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0231\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0226\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4590\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:antlr-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-commons-collections-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-commons-collections-tomcat-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-commons-daemon-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-commons-daemon-jsvc-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-commons-pool-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-commons-pool-tomcat-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dom4j-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ecj3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-c3p0-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-core-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-entitymanager-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-envers-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-infinispan-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:javassist-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-logging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-transaction-api_1.1_spec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_jk-ap22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_jk-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:storeconfig-tc6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:storeconfig-tc7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1088\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL5\", rpm:\"jws-2\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss Web Server\");\n\n if (rpm_check(release:\"RHEL5\", reference:\"antlr-eap6-2.7.7-17.redhat_4.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"apache-commons-collections-eap6-3.2.1-15.redhat_3.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"apache-commons-collections-tomcat-eap6-3.2.1-15.redhat_3.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"apache-commons-daemon-eap6-1.0.15-5.redhat_1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"apache-commons-daemon-jsvc-eap6-1.0.15-6.redhat_2.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"apache-commons-daemon-jsvc-eap6-1.0.15-6.redhat_2.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"apache-commons-pool-eap6-1.6-7.redhat_6.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"apache-commons-pool-tomcat-eap6-1.6-7.redhat_6.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"dom4j-eap6-1.6.1-20.redhat_6.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"ecj3-3.7.2-9.redhat_3.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate4-c3p0-eap6-4.2.14-3.SP1_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate4-core-eap6-4.2.14-3.SP1_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate4-eap6-4.2.14-3.SP1_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate4-entitymanager-eap6-4.2.14-3.SP1_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate4-envers-eap6-4.2.14-3.SP1_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate4-infinispan-eap6-4.2.14-3.SP1_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"httpd-2.2.26-35.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"httpd-2.2.26-35.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"httpd-devel-2.2.26-35.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"httpd-devel-2.2.26-35.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"httpd-manual-2.2.26-35.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"httpd-manual-2.2.26-35.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"httpd-tools-2.2.26-35.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"httpd-tools-2.2.26-35.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"javassist-eap6-3.18.1-1.GA_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-logging-3.1.4-1.GA_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-transaction-api_1.1_spec-1.0.1-12.Final_redhat_2.2.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"mod_cluster-1.2.9-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"mod_cluster-native-1.2.9-3.Final_redhat_2.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"mod_cluster-native-1.2.9-3.Final_redhat_2.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"mod_cluster-tomcat6-1.2.9-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"mod_cluster-tomcat7-1.2.9-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"mod_jk-ap22-1.2.40-2.redhat_1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"mod_jk-ap22-1.2.40-2.redhat_1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"mod_jk-manual-1.2.40-2.redhat_1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"mod_jk-manual-1.2.40-2.redhat_1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"mod_rt-2.4.1-6.GA.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"mod_rt-2.4.1-6.GA.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"mod_snmp-2.4.1-13.GA.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"mod_snmp-2.4.1-13.GA.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"mod_ssl-2.2.26-35.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"mod_ssl-2.2.26-35.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"storeconfig-tc6-0.0.1-7.Alpha3_redhat_12.3.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"storeconfig-tc7-0.0.1-7.Alpha3_redhat_12.5.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat-native-1.1.30-2.redhat_1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat-native-1.1.30-2.redhat_1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-6.0.41-6_patch_02.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-admin-webapps-6.0.41-6_patch_02.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-docs-webapp-6.0.41-6_patch_02.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-el-2.1-api-6.0.41-6_patch_02.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-javadoc-6.0.41-6_patch_02.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-jsp-2.1-api-6.0.41-6_patch_02.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-lib-6.0.41-6_patch_02.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-log4j-6.0.41-6_patch_02.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-servlet-2.5-api-6.0.41-6_patch_02.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-webapps-6.0.41-6_patch_02.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-7.0.54-6_patch_02.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-admin-webapps-7.0.54-6_patch_02.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-docs-webapp-7.0.54-6_patch_02.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-el-2.2-api-7.0.54-6_patch_02.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-javadoc-7.0.54-6_patch_02.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-jsp-2.2-api-7.0.54-6_patch_02.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-lib-7.0.54-6_patch_02.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-log4j-7.0.54-6_patch_02.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-servlet-3.0-api-7.0.54-6_patch_02.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-webapps-7.0.54-6_patch_02.ep6.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"antlr-eap6 / apache-commons-collections-eap6 / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-18T14:36:35", "description": "This apache2 update fixes the following security issues :\n\n - fix for crash in mod_proxy processing specially crafted requests with reverse proxy configurations that results in a crash and a DoS condition for the server.\n CVE-2014-0117\n\n - new config option CGIDScriptTimeout set to 60s in new file conf.d/cgid-timeout.conf, preventing worker processes hanging forever if a cgi launched from them has stopped reading input from the server (DoS).\n CVE-2014-0231\n\n - Fix for a NULL pointer dereference in mod_cache that causes a crash in caching forwarding configurations, resulting in a DoS condition. CVE-2013-4352\n\n - fix for crash in parsing cookie content, resulting in a DoS against the server CVE-2014-0098\n\n - fix for mod_status race condition in scoreboard handling and consecutive heap overflow and information disclosure if access to mod_status is granted to a potential attacker. CVE-2014-0226\n\n - fix for improper handling of whitespace characters from CDATA sections to mod_dav, leading to a crash and a DoS condition of the apache server process CVE-2013-6438", "cvss3": {}, "published": "2014-08-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : apache2 (openSUSE-SU-2014:1044-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4352", "CVE-2013-6438", "CVE-2014-0098", "CVE-2014-0117", "CVE-2014-0226", "CVE-2014-0231"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2", "p-cpe:/a:novell:opensuse:apache2-debuginfo", "p-cpe:/a:novell:opensuse:apache2-debugsource", "p-cpe:/a:novell:opensuse:apache2-devel", "p-cpe:/a:novell:opensuse:apache2-event", "p-cpe:/a:novell:opensuse:apache2-event-debuginfo", "p-cpe:/a:novell:opensuse:apache2-example-pages", "p-cpe:/a:novell:opensuse:apache2-prefork", "p-cpe:/a:novell:opensuse:apache2-prefork-debuginfo", "p-cpe:/a:novell:opensuse:apache2-utils", "p-cpe:/a:novell:opensuse:apache2-utils-debuginfo", "p-cpe:/a:novell:opensuse:apache2-worker", "p-cpe:/a:novell:opensuse:apache2-worker-debuginfo", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2014-503.NASL", "href": "https://www.tenable.com/plugins/nessus/77292", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-503.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77292);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-4352\", \"CVE-2013-6438\", \"CVE-2014-0098\", \"CVE-2014-0117\", \"CVE-2014-0226\", \"CVE-2014-0231\");\n\n script_name(english:\"openSUSE Security Update : apache2 (openSUSE-SU-2014:1044-1)\");\n script_summary(english:\"Check for the openSUSE-2014-503 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This apache2 update fixes the following security issues :\n\n - fix for crash in mod_proxy processing specially crafted\n requests with reverse proxy configurations that results\n in a crash and a DoS condition for the server.\n CVE-2014-0117\n\n - new config option CGIDScriptTimeout set to 60s in new\n file conf.d/cgid-timeout.conf, preventing worker\n processes hanging forever if a cgi launched from them\n has stopped reading input from the server (DoS).\n CVE-2014-0231\n\n - Fix for a NULL pointer dereference in mod_cache that\n causes a crash in caching forwarding configurations,\n resulting in a DoS condition. CVE-2013-4352\n\n - fix for crash in parsing cookie content, resulting in a\n DoS against the server CVE-2014-0098\n\n - fix for mod_status race condition in scoreboard handling\n and consecutive heap overflow and information disclosure\n if access to mod_status is granted to a potential\n attacker. CVE-2014-0226\n\n - fix for improper handling of whitespace characters from\n CDATA sections to mod_dav, leading to a crash and a DoS\n condition of the apache server process CVE-2013-6438\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=869105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=869106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=887765\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=887767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=887768\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=887771\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-08/msg00031.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-event-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-prefork-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-worker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"apache2-2.4.6-6.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"apache2-debuginfo-2.4.6-6.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"apache2-debugsource-2.4.6-6.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"apache2-devel-2.4.6-6.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"apache2-event-2.4.6-6.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"apache2-event-debuginfo-2.4.6-6.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"apache2-example-pages-2.4.6-6.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"apache2-prefork-2.4.6-6.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"apache2-prefork-debuginfo-2.4.6-6.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"apache2-utils-2.4.6-6.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"apache2-utils-debuginfo-2.4.6-6.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"apache2-worker-2.4.6-6.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"apache2-worker-debuginfo-2.4.6-6.27.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2 / apache2-debuginfo / apache2-debugsource / apache2-devel / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-18T14:36:14", "description": "Red Hat JBoss Web Server 2.1.0, which fixes multiple security issues and several bugs, is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nRed Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.\n\nThis release serves as a replacement for Red Hat JBoss Web Server 2.0.1, and includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.1.0 Release Notes, linked to in the References section, for information on the most significant of these changes.\n\nThe following security issues are also fixed with this release :\n\nA race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the 'apache' user. (CVE-2014-0226)\n\nA denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the 'DEFLATE' input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system.\n(CVE-2014-0118)\n\nA denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely. (CVE-2014-0231)\n\nIt was found that several application-provided XML files, such as web.xml, content.xml, *.tld, *.tagx, and *.jspx, resolved external entities, permitting XML External Entity (XXE) attacks. An attacker able to deploy malicious applications to Tomcat could use this flaw to circumvent security restrictions set by the JSM, and gain access to sensitive information on the system. Note that this flaw only affected deployments in which Tomcat is running applications from untrusted sources, such as in a shared hosting environment. (CVE-2013-4590)\n\nIt was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs), and tag plug-in configuration files. The injected XML parser(s) could then bypass the limits imposed on XML external entities and/or gain access to the XML files processed for other web applications deployed on the same Tomcat instance. (CVE-2014-0119)\n\nAll users of Red Hat JBoss Web Server 2.0.1 on Red Hat Enterprise Linux 6 are advised to upgrade to Red Hat JBoss Web Server 2.1.0. The JBoss server process must be restarted for this update to take effect.", "cvss3": {}, "published": "2014-08-23T00:00:00", "type": "nessus", "title": "RHEL 6 : JBoss Web Server (RHSA-2014:1087)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4590", "CVE-2014-0118", "CVE-2014-0119", "CVE-2014-0226", "CVE-2014-0227", "CVE-2014-0231"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:antlr-eap6", "p-cpe:/a:redhat:enterprise_linux:apache-commons-collections-eap6", "p-cpe:/a:redhat:enterprise_linux:apache-commons-collections-tomcat-eap6", "p-cpe:/a:redhat:enterprise_linux:apache-commons-daemon-eap6", "p-cpe:/a:redhat:enterprise_linux:apache-commons-daemon-jsvc-eap6", "p-cpe:/a:redhat:enterprise_linux:apache-commons-daemon-jsvc-eap6-debuginfo", "p-cpe:/a:redhat:enterprise_linux:apache-commons-logging-eap6", "p-cpe:/a:redhat:enterprise_linux:apache-commons-logging-tomcat-eap6", "p-cpe:/a:redhat:enterprise_linux:apache-commons-pool-eap6", "p-cpe:/a:redhat:enterprise_linux:apache-commons-pool-tomcat-eap6", "p-cpe:/a:redhat:enterprise_linux:dom4j-eap6", "p-cpe:/a:redhat:enterprise_linux:hibernate4-c3p0-eap6", "p-cpe:/a:redhat:enterprise_linux:hibernate4-core-eap6", "p-cpe:/a:redhat:enterprise_linux:hibernate4-eap6", "p-cpe:/a:redhat:enterprise_linux:hibernate4-entitymanager-eap6", "p-cpe:/a:redhat:enterprise_linux:hibernate4-envers-eap6", "p-cpe:/a:redhat:enterprise_linux:hibernate4-infinispan-eap6", "p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:javassist-eap6", "p-cpe:/a:redhat:enterprise_linux:jboss-logging", "p-cpe:/a:redhat:enterprise_linux:jboss-transaction-api_1.1_spec", "p-cpe:/a:redhat:enterprise_linux:mod_cluster", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-native", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-native-debuginfo", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat6", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat7", "p-cpe:/a:redhat:enterprise_linux:mod_jk-ap22", "p-cpe:/a:redhat:enterprise_linux:mod_jk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:mod_jk-manual", "p-cpe:/a:redhat:enterprise_linux:mod_rt", "p-cpe:/a:redhat:enterprise_linux:mod_rt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:mod_snmp", "p-cpe:/a:redhat:enterprise_linux:mod_snmp-debuginfo", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "p-cpe:/a:redhat:enterprise_linux:storeconfig-tc6", "p-cpe:/a:redhat:enterprise_linux:storeconfig-tc7", "p-cpe:/a:redhat:enterprise_linux:tomcat-native", "p-cpe:/a:redhat:enterprise_linux:tomcat-native-debuginfo", "p-cpe:/a:redhat:enterprise_linux:tomcat6", "p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat6-log4j", "p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat7", "p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat7-el-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j", "p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2014-1087.NASL", "href": "https://www.tenable.com/plugins/nessus/77356", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1087. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77356);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-4590\", \"CVE-2014-0118\", \"CVE-2014-0119\", \"CVE-2014-0226\", \"CVE-2014-0227\", \"CVE-2014-0231\");\n script_xref(name:\"RHSA\", value:\"2014:1087\");\n\n script_name(english:\"RHEL 6 : JBoss Web Server (RHSA-2014:1087)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Red Hat JBoss Web Server 2.1.0, which fixes multiple security issues\nand several bugs, is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the\nApache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat\nConnector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and\nthe Tomcat Native library.\n\nThis release serves as a replacement for Red Hat JBoss Web Server\n2.0.1, and includes several bug fixes. Refer to the Red Hat JBoss Web\nServer 2.1.0 Release Notes, linked to in the References section, for\ninformation on the most significant of these changes.\n\nThe following security issues are also fixed with this release :\n\nA race condition flaw, leading to heap-based buffer overflows, was\nfound in the mod_status httpd module. A remote attacker able to access\na status page served by mod_status on a server using a threaded\nMulti-Processing Module (MPM) could send a specially crafted request\nthat would cause the httpd child process to crash or, possibly, allow\nthe attacker to execute arbitrary code with the privileges of the\n'apache' user. (CVE-2014-0226)\n\nA denial of service flaw was found in the way httpd's mod_deflate\nmodule handled request body decompression (configured via the\n'DEFLATE' input filter). A remote attacker able to send a request\nwhose body would be decompressed could use this flaw to consume an\nexcessive amount of system memory and CPU on the target system.\n(CVE-2014-0118)\n\nA denial of service flaw was found in the way httpd's mod_cgid module\nexecuted CGI scripts that did not read data from the standard input. A\nremote attacker could submit a specially crafted request that would\ncause the httpd child process to hang indefinitely. (CVE-2014-0231)\n\nIt was found that several application-provided XML files, such as\nweb.xml, content.xml, *.tld, *.tagx, and *.jspx, resolved external\nentities, permitting XML External Entity (XXE) attacks. An attacker\nable to deploy malicious applications to Tomcat could use this flaw to\ncircumvent security restrictions set by the JSM, and gain access to\nsensitive information on the system. Note that this flaw only affected\ndeployments in which Tomcat is running applications from untrusted\nsources, such as in a shared hosting environment. (CVE-2013-4590)\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by Tomcat to\nprocess XSLTs for the default servlet, JSP documents, tag library\ndescriptors (TLDs), and tag plug-in configuration files. The injected\nXML parser(s) could then bypass the limits imposed on XML external\nentities and/or gain access to the XML files processed for other web\napplications deployed on the same Tomcat instance. (CVE-2014-0119)\n\nAll users of Red Hat JBoss Web Server 2.0.1 on Red Hat Enterprise\nLinux 6 are advised to upgrade to Red Hat JBoss Web Server 2.1.0. The\nJBoss server process must be restarted for this update to take effect.\"\n );\n # https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Web_Server/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?765407e2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4590\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0119\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0226\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0227\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0231\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:antlr-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-commons-collections-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-commons-collections-tomcat-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-commons-daemon-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-commons-daemon-jsvc-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-commons-daemon-jsvc-eap6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-commons-logging-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-commons-logging-tomcat-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-commons-pool-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-commons-pool-tomcat-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dom4j-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-c3p0-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-core-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-entitymanager-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-envers-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-infinispan-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:javassist-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-logging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-transaction-api_1.1_spec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-native-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_jk-ap22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_jk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_jk-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:storeconfig-tc6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:storeconfig-tc7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-native-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1087\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"jws-2\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss Web Server\");\n\n if (rpm_check(release:\"RHEL6\", reference:\"antlr-eap6-2.7.7-17.redhat_4.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"apache-commons-collections-eap6-3.2.1-15.redhat_3.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"apache-commons-collections-tomcat-eap6-3.2.1-15.redhat_3.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"apache-commons-daemon-eap6-1.0.15-5.redhat_1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"apache-commons-daemon-jsvc-eap6-1.0.15-6.redhat_2.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"apache-commons-daemon-jsvc-eap6-1.0.15-6.redhat_2.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"apache-commons-daemon-jsvc-eap6-debuginfo-1.0.15-6.redhat_2.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"apache-commons-daemon-jsvc-eap6-debuginfo-1.0.15-6.redhat_2.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"apache-commons-logging-eap6-1.1.1-7.9_redhat_1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"apache-commons-logging-tomcat-eap6-1.1.1-7.9_redhat_1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"apache-commons-pool-eap6-1.6-7.redhat_6.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"apache-commons-pool-tomcat-eap6-1.6-7.redhat_6.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"dom4j-eap6-1.6.1-20.redhat_6.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"hibernate4-c3p0-eap6-4.2.14-3.SP1_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"hibernate4-core-eap6-4.2.14-3.SP1_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"hibernate4-eap6-4.2.14-3.SP1_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"hibernate4-entitymanager-eap6-4.2.14-3.SP1_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"hibernate4-envers-eap6-4.2.14-3.SP1_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"hibernate4-infinispan-eap6-4.2.14-3.SP1_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"httpd-2.2.26-35.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd-2.2.26-35.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"httpd-debuginfo-2.2.26-35.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd-debuginfo-2.2.26-35.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"httpd-devel-2.2.26-35.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd-devel-2.2.26-35.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"httpd-manual-2.2.26-35.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd-manual-2.2.26-35.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"httpd-tools-2.2.26-35.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd-tools-2.2.26-35.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"javassist-eap6-3.18.1-1.GA_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-logging-3.1.4-1.GA_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-transaction-api_1.1_spec-1.0.1-12.Final_redhat_2.2.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"mod_cluster-1.2.9-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"mod_cluster-native-1.2.9-3.Final_redhat_2.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_cluster-native-1.2.9-3.Final_redhat_2.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"mod_cluster-native-debuginfo-1.2.9-3.Final_redhat_2.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_cluster-native-debuginfo-1.2.9-3.Final_redhat_2.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"mod_cluster-tomcat6-1.2.9-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"mod_cluster-tomcat7-1.2.9-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"mod_jk-ap22-1.2.40-2.redhat_1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_jk-ap22-1.2.40-2.redhat_1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"mod_jk-debuginfo-1.2.40-2.redhat_1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_jk-debuginfo-1.2.40-2.redhat_1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"mod_jk-manual-1.2.40-2.redhat_1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_jk-manual-1.2.40-2.redhat_1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"mod_rt-2.4.1-6.GA.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_rt-2.4.1-6.GA.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"mod_rt-debuginfo-2.4.1-6.GA.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_rt-debuginfo-2.4.1-6.GA.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"mod_snmp-2.4.1-13.GA.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_snmp-2.4.1-13.GA.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"mod_snmp-debuginfo-2.4.1-13.GA.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_snmp-debuginfo-2.4.1-13.GA.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"mod_ssl-2.2.26-35.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_ssl-2.2.26-35.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"storeconfig-tc6-0.0.1-7.Alpha3_redhat_12.3.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"storeconfig-tc7-0.0.1-7.Alpha3_redhat_12.5.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"tomcat-native-1.1.30-2.redhat_1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"tomcat-native-1.1.30-2.redhat_1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"tomcat-native-debuginfo-1.1.30-2.redhat_1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"tomcat-native-debuginfo-1.1.30-2.redhat_1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-6.0.41-5_patch_02.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-admin-webapps-6.0.41-5_patch_02.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-docs-webapp-6.0.41-5_patch_02.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-el-2.1-api-6.0.41-5_patch_02.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-javadoc-6.0.41-5_patch_02.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-jsp-2.1-api-6.0.41-5_patch_02.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-lib-6.0.41-5_patch_02.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-log4j-6.0.41-5_patch_02.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-servlet-2.5-api-6.0.41-5_patch_02.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-webapps-6.0.41-5_patch_02.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-7.0.54-6_patch_02.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-admin-webapps-7.0.54-6_patch_02.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-docs-webapp-7.0.54-6_patch_02.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-el-2.2-api-7.0.54-6_patch_02.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-javadoc-7.0.54-6_patch_02.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-jsp-2.2-api-7.0.54-6_patch_02.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-lib-7.0.54-6_patch_02.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-log4j-7.0.54-6_patch_02.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-servlet-3.0-api-7.0.54-6_patch_02.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-webapps-7.0.54-6_patch_02.ep6.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"antlr-eap6 / apache-commons-collections-eap6 / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:46:35", "description": "The remote host has a version of Oracle Secure Global Desktop that is version 4.63, 4.71, 5.0 or 5.1. It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - Apache HTTP Server\n - Client\n - Gateway JARP module\n - Gateway Reverse Proxy\n - OpenSSL\n - Print Servlet (only in 5.0 / 5.1)\n - SGD SSL Daemon (ttassl)\n - Web Server", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2015-01-22T00:00:00", "type": "nessus", "title": "Oracle Secure Global Desktop Multiple Vulnerabilities (January 2015 CPU) (POODLE)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231", "CVE-2014-3566", "CVE-2014-3567", "CVE-2014-5704"], "modified": "2021-10-25T00:00:00", "cpe": ["cpe:/a:oracle:virtualization_secure_global_desktop"], "id": "ORACLE_SECURE_GLOBAL_DESKTOP_JAN_2015_CPU.NASL", "href": "https://www.tenable.com/plugins/nessus/80912", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80912);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/25\");\n\n script_cve_id(\n \"CVE-2014-0118\",\n \"CVE-2014-0226\",\n \"CVE-2014-0231\",\n \"CVE-2014-3566\",\n \"CVE-2014-3567\",\n \"CVE-2014-5704\"\n );\n script_bugtraq_id(\n 68678,\n 68742,\n 68745,\n 70574,\n 70586\n );\n script_xref(name:\"CERT\", value:\"577193\");\n\n script_name(english:\"Oracle Secure Global Desktop Multiple Vulnerabilities (January 2015 CPU) (POODLE)\");\n script_summary(english:\"Checks the version of Oracle Secure Global Desktop.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a version of Oracle Secure Global Desktop that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host has a version of Oracle Secure Global Desktop that is\nversion 4.63, 4.71, 5.0 or 5.1. It is, therefore, affected by multiple\nvulnerabilities in the following components :\n\n - Apache HTTP Server\n - Client\n - Gateway JARP module\n - Gateway Reverse Proxy\n - OpenSSL\n - Print Servlet (only in 5.0 / 5.1)\n - SGD SSL Daemon (ttassl)\n - Web Server\");\n # https://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?75c6cafb\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2014/10/14/poodle.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/ssl-poodle.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the January 2015 Oracle\nCritical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0226\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:virtualization_secure_global_desktop\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_secure_global_desktop_installed.nbin\");\n script_require_keys(\"Host/Oracle_Secure_Global_Desktop/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\napp = \"Oracle Secure Global Desktop\";\nversion = get_kb_item_or_exit(\"Host/Oracle_Secure_Global_Desktop/Version\");\n\n# this check is for Oracle Secure Global Desktop packages built for Linux platform\nuname = get_kb_item_or_exit(\"Host/uname\");\nif (\"Linux\" >!< uname) audit(AUDIT_OS_NOT, \"Linux\");\n\nfix_required = NULL;\n\nif (version =~ \"^5\\.10($|\\.)\") fix_required = 'Patch_51p5';\nelse if (version =~ \"^5\\.00($|\\.)\") fix_required = 'Patch_50p5';\nelse if (version =~ \"^4\\.71($|\\.)\") fix_required = 'Patch_471p5';\nelse if (version =~ \"^4\\.63($|\\.)\") fix_required = 'Patch_463p5';\n\nif (isnull(fix_required)) audit(AUDIT_INST_VER_NOT_VULN, \"Oracle Secure Global Desktop\", version);\n\npatches = get_kb_list(\"Host/Oracle_Secure_Global_Desktop/Patches\");\n\npatched = FALSE;\nforeach patch (patches)\n{\n if (patch == fix_required)\n {\n patched = TRUE;\n break;\n }\n}\n\nif (patched) audit(AUDIT_INST_VER_NOT_VULN, app, version + ' (with ' + fix_required + ')');\n\nif (report_verbosity > 0)\n{\n report = '\\n Installed version : ' + version +\n '\\n Patch required : ' + fix_required +\n '\\n';\n security_warning(port:0, extra:report);\n}\nelse security_warning(0);\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-18T14:36:28", "description": "Updated Red Hat JBoss Enterprise Application Platform 6.3.0 packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.\n\nA race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the 'apache' user. (CVE-2014-0226)\n\nA denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the 'DEFLATE' input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system.\n(CVE-2014-0118)\n\nA denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely. (CVE-2014-0231)\n\nA flaw was found in the WebSocket08FrameDecoder implementation that could allow a remote attacker to trigger an Out Of Memory Exception by issuing a series of TextWebSocketFrame and ContinuationWebSocketFrames. Depending on the server configuration, this could lead to a denial of service. (CVE-2014-0193)\n\nIt was found that the isCallerInRole() method of the SimpleSecurityManager did not correctly check caller roles. A remote, authenticated attacker could use this flaw to circumvent the caller check in applications that use black list access control based on caller roles. (CVE-2014-3472)\n\nRed Hat would like to thank James Roper of Typesafe for reporting CVE-2014-0193, and CA Technologies for reporting CVE-2014-3472.\n\nThis release of JBoss Enterprise Application Platform also includes bug fixes and enhancements. Documentation for these changes will be available shortly from the JBoss Enterprise Application Platform 6.3.0 Release Notes, linked to in the References.\n\nAll users who require JBoss Enterprise Application Platform 6.3.0 on Red Hat Enterprise Linux 6 should install these new packages. The JBoss server process must be restarted for the update to take effect.", "cvss3": {}, "published": "2014-08-08T00:00:00", "type": "nessus", "title": "RHEL 6 : JBoss EAP (RHSA-2014:1020)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0118", "CVE-2014-0193", "CVE-2014-0226", "CVE-2014-0231", "CVE-2014-3464", "CVE-2014-3472"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:apache-commons-beanutils-eap6", "p-cpe:/a:redhat:enterprise_linux:apache-commons-cli-eap6", "p-cpe:/a:redhat:enterprise_linux:apache-commons-codec-eap6", "p-cpe:/a:redhat:enterprise_linux:apache-commons-collections-eap6", "p-cpe:/a:redhat:enterprise_linux:apache-commons-configuration-eap6", "p-cpe:/a:redhat:enterprise_linux:apache-commons-daemon-jsvc-eap6", "p-cpe:/a:redhat:enterprise_linux:apache-commons-io-eap6", "p-cpe:/a:redhat:enterprise_linux:apache-commons-lang-eap6", "p-cpe:/a:redhat:enterprise_linux:apache-mime4j", "p-cpe:/a:redhat:enterprise_linux:cal10n-eap6", "p-cpe:/a:redhat:enterprise_linux:codehaus-jackson", "p-cpe:/a:redhat:enterprise_linux:codehaus-jackson-core-asl", "p-cpe:/a:redhat:enterprise_linux:codehaus-jackson-jaxrs", "p-cpe:/a:redhat:enterprise_linux:codehaus-jackson-mapper-asl", "p-cpe:/a:redhat:enterprise_linux:codehaus-jackson-xc", "p-cpe:/a:redhat:enterprise_linux:ecj-eap6", "p-cpe:/a:redhat:enterprise_linux:glassfish-jaf", "p-cpe:/a:redhat:enterprise_linux:glassfish-jaxb-eap6", "p-cpe:/a:redhat:enterprise_linux:gnu-getopt-eap6", "p-cpe:/a:redhat:enterprise_linux:guava-libraries", "p-cpe:/a:redhat:enterprise_linux:h2database", "p-cpe:/a:redhat:enterprise_linux:hibernate4-core-eap6", "p-cpe:/a:redhat:enterprise_linux:hibernate4-eap6", "p-cpe:/a:redhat:enterprise_linux:hibernate4-entitymanager-eap6", "p-cpe:/a:redhat:enterprise_linux:hibernate4-envers-eap6", "p-cpe:/a:redhat:enterprise_linux:hibernate4-infinispan-eap6", "p-cpe:/a:redhat:enterprise_linux:hibernate4-validator", "p-cpe:/a:redhat:enterprise_linux:hornetq", "p-cpe:/a:redhat:enterprise_linux:hornetq-native", "p-cpe:/a:redhat:enterprise_linux:httpclient-eap6", "p-cpe:/a:redhat:enterprise_linux:httpcomponents-client-eap6", "p-cpe:/a:redhat:enterprise_linux:httpcomponents-core-eap6", "p-cpe:/a:redhat:enterprise_linux:httpcomponents-project-eap6", "p-cpe:/a:redhat:enterprise_linux:httpcore-eap6", "p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:httpmime-eap6", "p-cpe:/a:redhat:enterprise_linux:infinispan", "p-cpe:/a:redhat:enterprise_linux:infinispan-cachestore-jdbc", "p-cpe:/a:redhat:enterprise_linux:infinispan-cachestore-remote", "p-cpe:/a:redhat:enterprise_linux:infinispan-client-hotrod", "p-cpe:/a:redhat:enterprise_linux:infinispan-core", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-api-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-impl-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-spi-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-core-api-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-core-impl-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-deployers-common-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-jdbc-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-spec-api-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-validator-eap6", "p-cpe:/a:redhat:enterprise_linux:jandex-eap6", "p-cpe:/a:redhat:enterprise_linux:jansi-eap6", "p-cpe:/a:redhat:enterprise_linux:jaxbintros", "p-cpe:/a:redhat:enterprise_linux:jaxen-eap6", "p-cpe:/a:redhat:enterprise_linux:jboss-as-appclient", "p-cpe:/a:redhat:enterprise_linux:jboss-as-cli", "p-cpe:/a:redhat:enterprise_linux:jboss-as-client-all", "p-cpe:/a:redhat:enterprise_linux:jboss-as-clustering", "p-cpe:/a:redhat:enterprise_linux:jboss-as-cmp", "p-cpe:/a:redhat:enterprise_linux:jboss-as-configadmin", "p-cpe:/a:redhat:enterprise_linux:jboss-as-connector", "p-cpe:/a:redhat:enterprise_linux:jboss-as-console", "p-cpe:/a:redhat:enterprise_linux:jboss-as-controller", "p-cpe:/a:redhat:enterprise_linux:jboss-as-controller-client", "p-cpe:/a:redhat:enterprise_linux:jboss-as-core-security", "p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-repository", "p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-scanner", "p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-http", "p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-management", "p-cpe:/a:redhat:enterprise_linux:jboss-as-ee", "p-cpe:/a:redhat:enterprise_linux:jboss-as-ee-deployment", "p-cpe:/a:redhat:enterprise_linux:jboss-as-ejb3", "p-cpe:/a:redhat:enterprise_linux:jboss-as-embedded", "p-cpe:/a:redhat:enterprise_linux:jboss-as-host-controller", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jacorb", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxr", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxrs", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jdr", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jmx", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jpa", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jsf", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jsr77", "p-cpe:/a:redhat:enterprise_linux:jboss-as-logging", "p-cpe:/a:redhat:enterprise_linux:jboss-as-mail", "p-cpe:/a:redhat:enterprise_linux:jboss-as-management-client-content", "p-cpe:/a:redhat:enterprise_linux:jboss-as-messaging", "p-cpe:/a:redhat:enterprise_linux:jboss-as-modcluster", "p-cpe:/a:redhat:enterprise_linux:jboss-as-naming", "p-cpe:/a:redhat:enterprise_linux:jboss-as-network", "p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi", "p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-configadmin", "p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-service", "p-cpe:/a:redhat:enterprise_linux:jboss-as-picketlink", "p-cpe:/a:redhat:enterprise_linux:jboss-as-platform-mbean", "p-cpe:/a:redhat:enterprise_linux:jboss-as-pojo", "p-cpe:/a:redhat:enterprise_linux:jboss-as-process-controller", "p-cpe:/a:redhat:enterprise_linux:jboss-as-protocol", "p-cpe:/a:redhat:enterprise_linux:jboss-as-remoting", "p-cpe:/a:redhat:enterprise_linux:jboss-as-sar", "p-cpe:/a:redhat:enterprise_linux:jboss-as-security", "p-cpe:/a:redhat:enterprise_linux:jboss-as-server", "p-cpe:/a:redhat:enterprise_linux:jboss-as-system-jmx", "p-cpe:/a:redhat:enterprise_linux:jboss-as-threads", "p-cpe:/a:redhat:enterprise_linux:jboss-as-transactions", "p-cpe:/a:redhat:enterprise_linux:jboss-as-version", "p-cpe:/a:redhat:enterprise_linux:jboss-as-web", "p-cpe:/a:redhat:enterprise_linux:jboss-as-webservices", "p-cpe:/a:redhat:enterprise_linux:jboss-as-weld", "p-cpe:/a:redhat:enterprise_linux:jboss-as-xts", "p-cpe:/a:redhat:enterprise_linux:jboss-genericjms", "p-cpe:/a:redhat:enterprise_linux:jboss-hal", "p-cpe:/a:redhat:enterprise_linux:jboss-jaxws-api_2.2_spec", "p-cpe:/a:redhat:enterprise_linux:jboss-jms-api_1.1_spec", "p-cpe:/a:redhat:enterprise_linux:jboss-jstl-api_1.2_spec", "p-cpe:/a:redhat:enterprise_linux:jboss-logging", "p-cpe:/a:redhat:enterprise_linux:jboss-marshalling", "p-cpe:/a:redhat:enterprise_linux:jboss-metadata", "p-cpe:/a:redhat:enterprise_linux:jboss-metadata-appclient", "p-cpe:/a:redhat:enterprise_linux:jboss-metadata-common", "p-cpe:/a:redhat:enterprise_linux:jboss-metadata-ear", "p-cpe:/a:redhat:enterprise_linux:jboss-metadata-ejb", "p-cpe:/a:redhat:enterprise_linux:jboss-metadata-web", "p-cpe:/a:redhat:enterprise_linux:jboss-msc", "p-cpe:/a:redhat:enterprise_linux:jboss-remoting3", "p-cpe:/a:redhat:enterprise_linux:jboss-saaj-api_1.3_spec", "p-cpe:/a:redhat:enterprise_linux:jboss-sasl", "p-cpe:/a:redhat:enterprise_linux:jboss-security-negotiation", "p-cpe:/a:redhat:enterprise_linux:jboss-transaction-api_1.1_spec", "p-cpe:/a:redhat:enterprise_linux:jboss-transaction-spi", "p-cpe:/a:redhat:enterprise_linux:jboss-vfs2", "p-cpe:/a:redhat:enterprise_linux:jbossas-appclient", "p-cpe:/a:redhat:enterprise_linux:jbossas-bundles", "p-cpe:/a:redhat:enterprise_linux:jbossas-core", "p-cpe:/a:redhat:enterprise_linux:jbossas-domain", "p-cpe:/a:redhat:enterprise_linux:jbossas-hornetq-native", "p-cpe:/a:redhat:enterprise_linux:jbossas-javadocs", "p-cpe:/a:redhat:enterprise_linux:jbossas-jbossweb-native", "p-cpe:/a:redhat:enterprise_linux:jbossas-modules-eap", "p-cpe:/a:redhat:enterprise_linux:jbossas-product-eap", "p-cpe:/a:redhat:enterprise_linux:jbossas-standalone", "p-cpe:/a:redhat:enterprise_linux:jbossas-welcome-content-eap", "p-cpe:/a:redhat:enterprise_linux:jbossts", "p-cpe:/a:redhat:enterprise_linux:jbossweb", "p-cpe:/a:redhat:enterprise_linux:jbossws-common", "p-cpe:/a:redhat:enterprise_linux:jbossws-cxf", "p-cpe:/a:redhat:enterprise_linux:jbossws-native", "p-cpe:/a:redhat:enterprise_linux:jbossws-spi", "p-cpe:/a:redhat:enterprise_linux:jdom-eap6", "p-cpe:/a:redhat:enterprise_linux:jettison-eap6", "p-cpe:/a:redhat:enterprise_linux:jgroups", "p-cpe:/a:redhat:enterprise_linux:joda-time-eap6", "p-cpe:/a:redhat:enterprise_linux:jython-eap6", "p-cpe:/a:redhat:enterprise_linux:mod_cluster", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-demo", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-native", "p-cpe:/a:redhat:enterprise_linux:mod_jk-ap22", "p-cpe:/a:redhat:enterprise_linux:mod_rt", "p-cpe:/a:redhat:enterprise_linux:mod_snmp", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "p-cpe:/a:redhat:enterprise_linux:netty", "p-cpe:/a:redhat:enterprise_linux:opensaml", "p-cpe:/a:redhat:enterprise_linux:openws", "p-cpe:/a:redhat:enterprise_linux:picketlink-bindings", "p-cpe:/a:redhat:enterprise_linux:picketlink-federation", "p-cpe:/a:redhat:enterprise_linux:resteasy", "p-cpe:/a:redhat:enterprise_linux:rngom-eap6", "p-cpe:/a:redhat:enterprise_linux:scannotation", "p-cpe:/a:redhat:enterprise_linux:slf4j-eap6", "p-cpe:/a:redhat:enterprise_linux:slf4j-jboss-logmanager", "p-cpe:/a:redhat:enterprise_linux:snakeyaml-eap6", "p-cpe:/a:redhat:enterprise_linux:stilts", "p-cpe:/a:redhat:enterprise_linux:sun-codemodel", "p-cpe:/a:redhat:enterprise_linux:sun-istack-commons", "p-cpe:/a:redhat:enterprise_linux:sun-saaj-1.3-impl", "p-cpe:/a:redhat:enterprise_linux:sun-txw2", "p-cpe:/a:redhat:enterprise_linux:sun-xsom", "p-cpe:/a:redhat:enterprise_linux:tomcat-native", "p-cpe:/a:redhat:enterprise_linux:weld-core", "p-cpe:/a:redhat:enterprise_linux:woodstox-core-eap6", "p-cpe:/a:redhat:enterprise_linux:woodstox-stax2-api-eap6", "p-cpe:/a:redhat:enterprise_linux:ws-commons-neethi", "p-cpe:/a:redhat:enterprise_linux:wsdl4j-eap6", "p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver-eap6", "p-cpe:/a:redhat:enterprise_linux:xmltooling", "p-cpe:/a:redhat:enterprise_linux:xom", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2014-1020.NASL", "href": "https://www.tenable.com/plugins/nessus/77079", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1020. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77079);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0118\", \"CVE-2014-0193\", \"CVE-2014-0226\", \"CVE-2014-0231\", \"CVE-2014-3464\", \"CVE-2014-3472\");\n script_bugtraq_id(67182, 68678, 68742, 68745, 69094, 69332);\n script_xref(name:\"RHSA\", value:\"2014:1020\");\n\n script_name(english:\"RHEL 6 : JBoss EAP (RHSA-2014:1020)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated Red Hat JBoss Enterprise Application Platform 6.3.0 packages\nthat fix multiple security issues, several bugs, and add various\nenhancements are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7.\n\nA race condition flaw, leading to heap-based buffer overflows, was\nfound in the mod_status httpd module. A remote attacker able to access\na status page served by mod_status on a server using a threaded\nMulti-Processing Module (MPM) could send a specially crafted request\nthat would cause the httpd child process to crash or, possibly, allow\nthe attacker to execute arbitrary code with the privileges of the\n'apache' user. (CVE-2014-0226)\n\nA denial of service flaw was found in the way httpd's mod_deflate\nmodule handled request body decompression (configured via the\n'DEFLATE' input filter). A remote attacker able to send a request\nwhose body would be decompressed could use this flaw to consume an\nexcessive amount of system memory and CPU on the target system.\n(CVE-2014-0118)\n\nA denial of service flaw was found in the way httpd's mod_cgid module\nexecuted CGI scripts that did not read data from the standard input. A\nremote attacker could submit a specially crafted request that would\ncause the httpd child process to hang indefinitely. (CVE-2014-0231)\n\nA flaw was found in the WebSocket08FrameDecoder implementation that\ncould allow a remote attacker to trigger an Out Of Memory Exception by\nissuing a series of TextWebSocketFrame and\nContinuationWebSocketFrames. Depending on the server configuration,\nthis could lead to a denial of service. (CVE-2014-0193)\n\nIt was found that the isCallerInRole() method of the\nSimpleSecurityManager did not correctly check caller roles. A remote,\nauthenticated attacker could use this flaw to circumvent the caller\ncheck in applications that use black list access control based on\ncaller roles. (CVE-2014-3472)\n\nRed Hat would like to thank James Roper of Typesafe for reporting\nCVE-2014-0193, and CA Technologies for reporting CVE-2014-3472.\n\nThis release of JBoss Enterprise Application Platform also includes\nbug fixes and enhancements. Documentation for these changes will be\navailable shortly from the JBoss Enterprise Application Platform 6.3.0\nRelease Notes, linked to in the References.\n\nAll users who require JBoss Enterprise Application Platform 6.3.0 on\nRed Hat Enterprise Linux 6 should install these new packages. The\nJBoss server process must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/documentation/en-US/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1020\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0231\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0226\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3472\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-commons-beanutils-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-commons-cli-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-commons-codec-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-commons-collections-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-commons-configuration-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-commons-daemon-jsvc-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-commons-io-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-commons-lang-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-mime4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cal10n-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:codehaus-jackson\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:codehaus-jackson-core-asl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:codehaus-jackson-jaxrs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:codehaus-jackson-mapper-asl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:codehaus-jackson-xc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ecj-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glassfish-jaf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glassfish-jaxb-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnu-getopt-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:guava-libraries\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:h2database\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-core-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-entitymanager-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-envers-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-infinispan-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-validator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hornetq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hornetq-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpclient-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpcomponents-client-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpcomponents-core-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpcomponents-project-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpcore-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpmime-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infinispan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infinispan-cachestore-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infinispan-cachestore-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infinispan-client-hotrod\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infinispan-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-api-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-impl-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-spi-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-core-api-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-core-impl-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-deployers-common-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-jdbc-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-spec-api-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-validator-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jandex-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jansi-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jaxbintros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jaxen-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-appclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-client-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-clustering\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-cmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-configadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-connector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-controller\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-controller-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-core-security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-repository\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-scanner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-http\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-management\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-ee\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-ee-deployment\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-ejb3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-host-controller\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jacorb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxrs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jdr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jpa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jsf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jsr77\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-logging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-management-client-content\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-messaging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-modcluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-naming\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-configadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-service\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-picketlink\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-platform-mbean\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-pojo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-process-controller\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-protocol\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-remoting\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-sar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-system-jmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-threads\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-transactions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-version\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-webservices\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-weld\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-xts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-genericjms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-hal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jaxws-api_2.2_spec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jms-api_1.1_spec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jstl-api_1.2_spec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-logging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-marshalling\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-metadata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-metadata-appclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-metadata-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-metadata-ear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-metadata-ejb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-metadata-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-msc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-remoting3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-saaj-api_1.3_spec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-sasl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-security-negotiation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-transaction-api_1.1_spec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-transaction-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-vfs2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-appclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-domain\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-hornetq-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-javadocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-jbossweb-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-modules-eap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-product-eap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-standalone\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-welcome-content-eap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-cxf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jdom-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jettison-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jgroups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:joda-time-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jython-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_jk-ap22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netty\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:opensaml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-bindings\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-federation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rngom-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:scannotation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:slf4j-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:slf4j-jboss-logmanager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:snakeyaml-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:stilts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sun-codemodel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sun-istack-commons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sun-saaj-1.3-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sun-txw2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sun-xsom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:weld-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:woodstox-core-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:woodstox-stax2-api-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ws-commons-neethi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wsdl4j-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xmltooling\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xom\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1020\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"jbossas-welcome-content-eap\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss EAP\");\n\n if (rpm_check(release:\"RHEL6\", reference:\"apache-commons-beanutils-eap6-1.8.3-7.redhat_6.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"apache-commons-cli-eap6-1.2-6.redhat_4.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"apache-commons-codec-eap6-1.4-16.redhat_3.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"apache-commons-collections-eap6-3.2.1-15.redhat_3.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"apache-commons-configuration-eap6-1.6-1.redhat_3.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"apache-commons-daemon-jsvc-eap6-1.0.15-6.redhat_2.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"apache-commons-daemon-jsvc-eap6-1.0.15-6.redhat_2.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"apache-commons-io-eap6-2.1-8.redhat_3.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"apache-commons-lang-eap6-2.6-8.redhat_3.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"apache-mime4j-0.6-10.redhat_3.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"cal10n-eap6-0.7.3-2.redhat_4.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"codehaus-jackson-1.9.9-7.redhat_3.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"codehaus-jackson-core-asl-1.9.9-7.redhat_3.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"codehaus-jackson-jaxrs-1.9.9-7.redhat_3.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"codehaus-jackson-mapper-asl-1.9.9-7.redhat_3.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"codehaus-jackson-xc-1.9.9-7.redhat_3.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ecj-eap6-4.3.1-3.redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"glassfish-jaf-1.1.1-16.redhat_2.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"glassfish-jaxb-eap6-2.2.5-20.redhat_8.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"gnu-getopt-eap6-1.0.13-1.redhat_4.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"guava-libraries-13.0.1-3.redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"h2database-1.3.168-7.redhat_4.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"hibernate4-core-eap6-4.2.14-2.SP1_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"hibernate4-eap6-4.2.14-2.SP1_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"hibernate4-entitymanager-eap6-4.2.14-2.SP1_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"hibernate4-envers-eap6-4.2.14-2.SP1_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"hibernate4-infinispan-eap6-4.2.14-2.SP1_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"hibernate4-validator-4.3.1-2.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"hornetq-2.3.20-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"hornetq-native-2.3.20-2.Final_redhat_1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"hornetq-native-2.3.20-2.Final_redhat_1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"httpclient-eap6-4.2.1-10.redhat_1.3.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"httpcomponents-client-eap6-4.2.1-10.redhat_1.3.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"httpcomponents-core-eap6-4.2.1-10.redhat_1.3.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"httpcomponents-project-eap6-6-10.redhat_1.3.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"httpcore-eap6-4.2.1-10.redhat_1.3.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"httpd-2.2.26-35.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd-2.2.26-35.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"httpd-devel-2.2.26-35.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd-devel-2.2.26-35.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"httpd-manual-2.2.26-35.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd-manual-2.2.26-35.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"httpd-tools-2.2.26-35.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd-tools-2.2.26-35.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"httpmime-eap6-4.2.1-10.redhat_1.3.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"infinispan-5.2.10-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"infinispan-cachestore-jdbc-5.2.10-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"infinispan-cachestore-remote-5.2.10-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"infinispan-client-hotrod-5.2.10-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"infinispan-core-5.2.10-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ironjacamar-common-api-eap6-1.0.26-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ironjacamar-common-impl-eap6-1.0.26-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ironjacamar-common-spi-eap6-1.0.26-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ironjacamar-core-api-eap6-1.0.26-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ironjacamar-core-impl-eap6-1.0.26-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ironjacamar-deployers-common-eap6-1.0.26-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ironjacamar-eap6-1.0.26-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ironjacamar-jdbc-eap6-1.0.26-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ironjacamar-spec-api-eap6-1.0.26-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ironjacamar-validator-eap6-1.0.26-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jandex-eap6-1.0.3-3.Final_redhat_2.2.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jansi-eap6-1.9-2.redhat_4.3.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jaxbintros-1.0.2-17.GA_redhat_6.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jaxen-eap6-1.1.3-2.redhat_4.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-appclient-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-cli-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-client-all-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-clustering-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-cmp-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-configadmin-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-connector-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-console-2.2.8-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-controller-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-controller-client-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-core-security-7.4.0-15.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-deployment-repository-7.4.0-14.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-deployment-scanner-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-domain-http-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-domain-management-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-ee-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-ee-deployment-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-ejb3-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-embedded-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-host-controller-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-jacorb-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-jaxr-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-jaxrs-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-jdr-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-jmx-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-jpa-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-jsf-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-jsr77-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-logging-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-mail-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-management-client-content-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-messaging-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-modcluster-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-naming-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-network-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-osgi-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-osgi-configadmin-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-osgi-service-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-picketlink-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-platform-mbean-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-pojo-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-process-controller-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-protocol-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-remoting-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-sar-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-security-7.4.0-14.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-server-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-system-jmx-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-threads-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-transactions-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-version-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-web-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-webservices-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-weld-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-xts-7.4.0-13.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-genericjms-1.0.5-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-hal-2.2.8-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-jaxws-api_2.2_spec-2.0.2-4.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-jms-api_1.1_spec-1.0.1-8.Final_redhat_2.2.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-jstl-api_1.2_spec-1.0.6-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-logging-3.1.4-1.GA_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-marshalling-1.4.6-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-metadata-7.1.0-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-metadata-appclient-7.1.0-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-metadata-common-7.1.0-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-metadata-ear-7.1.0-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-metadata-ejb-7.1.0-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-metadata-web-7.1.0-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-msc-1.1.5-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-remoting3-3.3.1-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-saaj-api_1.3_spec-1.0.3-3.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-sasl-1.0.4-2.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-security-negotiation-2.3.3-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-transaction-api_1.1_spec-1.0.1-10.Final_redhat_2.2.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-transaction-spi-7.1.0-2.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-vfs2-3.2.5-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-appclient-7.4.0-15.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-bundles-7.4.0-15.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-core-7.4.0-16.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-domain-7.4.0-15.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"jbossas-hornetq-native-2.3.20-2.Final_redhat_1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbossas-hornetq-native-2.3.20-2.Final_redhat_1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-javadocs-7.4.0-20.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"jbossas-jbossweb-native-1.1.30-2.redhat_1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbossas-jbossweb-native-1.1.30-2.redhat_1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-modules-eap-7.4.0-38.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-product-eap-7.4.0-19.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-standalone-7.4.0-15.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-welcome-content-eap-7.4.0-17.Final_redhat_19.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossts-4.17.21-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossweb-7.4.8-4.Final_redhat_4.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossws-common-2.3.0-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossws-cxf-4.3.0-3.Final_redhat_3.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossws-native-4.2.0-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossws-spi-2.3.0-2.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jdom-eap6-1.1.2-6.redhat_4.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jettison-eap6-1.3.1-3.redhat_4.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jgroups-3.2.13-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"joda-time-eap6-1.6.2-1.redhat_4.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jython-eap6-2.5.2-6.redhat_3.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"mod_cluster-1.2.9-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"mod_cluster-demo-1.2.9-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"mod_cluster-native-1.2.9-3.Final_redhat_2.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_cluster-native-1.2.9-3.Final_redhat_2.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"mod_jk-ap22-1.2.40-2.redhat_1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_jk-ap22-1.2.40-2.redhat_1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"mod_rt-2.4.1-5.GA.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_rt-2.4.1-5.GA.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"mod_snmp-2.4.1-8.GA.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_snmp-2.4.1-8.GA.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"mod_ssl-2.2.26-35.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_ssl-2.2.26-35.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"netty-3.6.9-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"opensaml-2.5.3-4.redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"openws-1.4.4-3.redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"picketlink-bindings-2.5.3-8.SP10_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"picketlink-federation-2.5.3-9.SP10_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"resteasy-2.3.8-4.Final_redhat_3.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rngom-eap6-201103-2.redhat_3.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"scannotation-1.0.3-6.redhat_4.2.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"slf4j-eap6-1.7.2-13.redhat_3.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"slf4j-jboss-logmanager-1.0.3-1.GA_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"snakeyaml-eap6-1.8-1.redhat_2.2.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"stilts-0.1.26-13.redhat_4.2.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"sun-codemodel-2.6-4.redhat_2.2.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"sun-istack-commons-2.6.1-10.redhat_2.2.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"sun-saaj-1.3-impl-1.3.16-9.redhat_3.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"sun-txw2-20110809-7.redhat_4.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"sun-xsom-20110809-7.redhat_3.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"tomcat-native-1.1.30-2.redhat_1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"tomcat-native-1.1.30-2.redhat_1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"weld-core-1.1.23-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"woodstox-core-eap6-4.2.0-12.redhat_4.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"woodstox-stax2-api-eap6-3.1.3-3.redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ws-commons-neethi-3.0.2-8.redhat_3.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"wsdl4j-eap6-1.6.3-1.redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"xml-commons-resolver-eap6-1.2-17.redhat_9.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"xmltooling-1.3.4-6.redhat_3.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"xom-1.2.7-3.redhat_4.1.ep6.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache-commons-beanutils-eap6 / apache-commons-cli-eap6 / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-18T14:36:26", "description": "Updated Red Hat JBoss Enterprise Application Platform 6.3.0 packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.\n\nA race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the 'apache' user. (CVE-2014-0226)\n\nA denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the 'DEFLATE' input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system.\n(CVE-2014-0118)\n\nA denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely. (CVE-2014-0231)\n\nA flaw was found in the WebSocket08FrameDecoder implementation that could allow a remote attacker to trigger an Out Of Memory Exception by issuing a series of TextWebSocketFrame and ContinuationWebSocketFrames. Depending on the server configuration, this could lead to a denial of service. (CVE-2014-0193)\n\nIt was found that the isCallerInRole() method of the SimpleSecurityManager did not correctly check caller roles. A remote, authenticated attacker could use this flaw to circumvent the caller check in applications that use black list access control based on caller roles. (CVE-2014-3472)\n\nRed Hat would like to thank James Roper of Typesafe for reporting CVE-2014-0193, and CA Technologies for reporting CVE-2014-3472.\n\nThis release of JBoss Enterprise Application Platform also includes bug fixes and enhancements. Documentation for these changes will be available shortly from the JBoss Enterprise Application Platform 6.3.0 Release Notes, linked to in the References.\n\nAll users who require JBoss Enterprise Application Platform 6.3.0 on Red Hat Enterprise Linux 5 should install these new packages. The JBoss server process must be restarted for the update to take effect.", "cvss3": {}, "published": "2014-08-08T00:00:00", "type": "nessus", "title": "RHEL 5 : JBoss EAP (RHSA-2014:1019)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0118", "CVE-2014-0193", "CVE-2014-0226", "CVE-2014-0231", "CVE-2014-3464", "CVE-2014-3472"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:apache-commons-beanutils-eap6", "p-cpe:/a:redhat:enterprise_linux:apache-commons-cli-eap6", "p-cpe:/a:redhat:enterprise_linux:apache-commons-codec-eap6", "p-cpe:/a:redhat:enterprise_linux:apache-commons-collections-eap6", "p-cpe:/a:redhat:enterprise_linux:apache-commons-configuration-eap6", "p-cpe:/a:redhat:enterprise_linux:apache-commons-daemon-jsvc-eap6", "p-cpe:/a:redhat:enterprise_linux:apache-commons-io-eap6", "p-cpe:/a:redhat:enterprise_linux:apache-commons-lang-eap6", "p-cpe:/a:redhat:enterprise_linux:apache-mime4j", "p-cpe:/a:redhat:enterprise_linux:cal10n-eap6", "p-cpe:/a:redhat:enterprise_linux:codehaus-jackson", "p-cpe:/a:redhat:enterprise_linux:codehaus-jackson-core-asl", "p-cpe:/a:redhat:enterprise_linux:codehaus-jackson-jaxrs", "p-cpe:/a:redhat:enterprise_linux:codehaus-jackson-mapper-asl", "p-cpe:/a:redhat:enterprise_linux:codehaus-jackson-xc", "p-cpe:/a:redhat:enterprise_linux:ecj-eap6", "p-cpe:/a:redhat:enterprise_linux:glassfish-jaxb-eap6", "p-cpe:/a:redhat:enterprise_linux:gnu-getopt-eap6", "p-cpe:/a:redhat:enterprise_linux:guava-libraries", "p-cpe:/a:redhat:enterprise_linux:h2database", "p-cpe:/a:redhat:enterprise_linux:hibernate4-core-eap6", "p-cpe:/a:redhat:enterprise_linux:hibernate4-eap6", "p-cpe:/a:redhat:enterprise_linux:hibernate4-entitymanager-eap6", "p-cpe:/a:redhat:enterprise_linux:hibernate4-envers-eap6", "p-cpe:/a:redhat:enterprise_linux:hibernate4-infinispan-eap6", "p-cpe:/a:redhat:enterprise_linux:hibernate4-validator", "p-cpe:/a:redhat:enterprise_linux:hornetq", "p-cpe:/a:redhat:enterprise_linux:hornetq-native", "p-cpe:/a:redhat:enterprise_linux:httpclient-eap6", "p-cpe:/a:redhat:enterprise_linux:httpcomponents-client-eap6", "p-cpe:/a:redhat:enterprise_linux:httpcomponents-core-eap6", "p-cpe:/a:redhat:enterprise_linux:httpcomponents-project-eap6", "p-cpe:/a:redhat:enterprise_linux:httpcore-eap6", "p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:httpmime-eap6", "p-cpe:/a:redhat:enterprise_linux:infinispan", "p-cpe:/a:redhat:enterprise_linux:infinispan-cachestore-jdbc", "p-cpe:/a:redhat:enterprise_linux:infinispan-cachestore-remote", "p-cpe:/a:redhat:enterprise_linux:infinispan-client-hotrod", "p-cpe:/a:redhat:enterprise_linux:infinispan-core", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-api-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-impl-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-spi-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-core-api-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-core-impl-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-deployers-common-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-jdbc-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-spec-api-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-validator-eap6", "p-cpe:/a:redhat:enterprise_linux:jandex-eap6", "p-cpe:/a:redhat:enterprise_linux:jansi-eap6", "p-cpe:/a:redhat:enterprise_linux:jaxbintros", "p-cpe:/a:redhat:enterprise_linux:jaxen-eap6", "p-cpe:/a:redhat:enterprise_linux:jboss-as-appclient", "p-cpe:/a:redhat:enterprise_linux:jboss-as-cli", "p-cpe:/a:redhat:enterprise_linux:jboss-as-client-all", "p-cpe:/a:redhat:enterprise_linux:jboss-as-clustering", "p-cpe:/a:redhat:enterprise_linux:jboss-as-cmp", "p-cpe:/a:redhat:enterprise_linux:jboss-as-configadmin", "p-cpe:/a:redhat:enterprise_linux:jboss-as-connector", "p-cpe:/a:redhat:enterprise_linux:jboss-as-console", "p-cpe:/a:redhat:enterprise_linux:jboss-as-controller", "p-cpe:/a:redhat:enterprise_linux:jboss-as-controller-client", "p-cpe:/a:redhat:enterprise_linux:jboss-as-core-security", "p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-repository", "p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-scanner", "p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-http", "p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-management", "p-cpe:/a:redhat:enterprise_linux:jboss-as-ee", "p-cpe:/a:redhat:enterprise_linux:jboss-as-ee-deployment", "p-cpe:/a:redhat:enterprise_linux:jboss-as-ejb3", "p-cpe:/a:redhat:enterprise_linux:jboss-as-embedded", "p-cpe:/a:redhat:enterprise_linux:jboss-as-host-controller", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jacorb", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxr", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxrs", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jdr", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jmx", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jpa", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jsf", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jsr77", "p-cpe:/a:redhat:enterprise_linux:jboss-as-logging", "p-cpe:/a:redhat:enterprise_linux:jboss-as-mail", "p-cpe:/a:redhat:enterprise_linux:jboss-as-management-client-content", "p-cpe:/a:redhat:enterprise_linux:jboss-as-messaging", "p-cpe:/a:redhat:enterprise_linux:jboss-as-modcluster", "p-cpe:/a:redhat:enterprise_linux:jboss-as-naming", "p-cpe:/a:redhat:enterprise_linux:jboss-as-network", "p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi", "p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-configadmin", "p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-service", "p-cpe:/a:redhat:enterprise_linux:jboss-as-picketlink", "p-cpe:/a:redhat:enterprise_linux:jboss-as-platform-mbean", "p-cpe:/a:redhat:enterprise_linux:jboss-as-pojo", "p-cpe:/a:redhat:enterprise_linux:jboss-as-process-controller", "p-cpe:/a:redhat:enterprise_linux:jboss-as-protocol", "p-cpe:/a:redhat:enterprise_linux:jboss-as-remoting", "p-cpe:/a:redhat:enterprise_linux:jboss-as-sar", "p-cpe:/a:redhat:enterprise_linux:jboss-as-security", "p-cpe:/a:redhat:enterprise_linux:jboss-as-server", "p-cpe:/a:redhat:enterprise_linux:jboss-as-system-jmx", "p-cpe:/a:redhat:enterprise_linux:jboss-as-threads", "p-cpe:/a:redhat:enterprise_linux:jboss-as-transactions", "p-cpe:/a:redhat:enterprise_linux:jboss-as-version", "p-cpe:/a:redhat:enterprise_linux:jboss-as-web", "p-cpe:/a:redhat:enterprise_linux:jboss-as-webservices", "p-cpe:/a:redhat:enterprise_linux:jboss-as-weld", "p-cpe:/a:redhat:enterprise_linux:jboss-as-xts", "p-cpe:/a:redhat:enterprise_linux:jboss-genericjms", "p-cpe:/a:redhat:enterprise_linux:jboss-hal", "p-cpe:/a:redhat:enterprise_linux:jboss-jaxws-api_2.2_spec", "p-cpe:/a:redhat:enterprise_linux:jboss-jms-api_1.1_spec", "p-cpe:/a:redhat:enterprise_linux:jboss-jstl-api_1.2_spec", "p-cpe:/a:redhat:enterprise_linux:jboss-logging", "p-cpe:/a:redhat:enterprise_linux:jboss-marshalling", "p-cpe:/a:redhat:enterprise_linux:jboss-metadata", "p-cpe:/a:redhat:enterprise_linux:jboss-metadata-appclient", "p-cpe:/a:redhat:enterprise_linux:jboss-metadata-common", "p-cpe:/a:redhat:enterprise_linux:jboss-metadata-ear", "p-cpe:/a:redhat:enterprise_linux:jboss-metadata-ejb", "p-cpe:/a:redhat:enterprise_linux:jboss-metadata-web", "p-cpe:/a:redhat:enterprise_linux:jboss-msc", "p-cpe:/a:redhat:enterprise_linux:jboss-remoting3", "p-cpe:/a:redhat:enterprise_linux:jboss-saaj-api_1.3_spec", "p-cpe:/a:redhat:enterprise_linux:jboss-sasl", "p-cpe:/a:redhat:enterprise_linux:jboss-security-negotiation", "p-cpe:/a:redhat:enterprise_linux:jboss-transaction-api_1.1_spec", "p-cpe:/a:redhat:enterprise_linux:jboss-transaction-spi", "p-cpe:/a:redhat:enterprise_linux:jboss-vfs2", "p-cpe:/a:redhat:enterprise_linux:jbossas-appclient", "p-cpe:/a:redhat:enterprise_linux:jbossas-bundles", "p-cpe:/a:redhat:enterprise_linux:jbossas-core", "p-cpe:/a:redhat:enterprise_linux:jbossas-domain", "p-cpe:/a:redhat:enterprise_linux:jbossas-hornetq-native", "p-cpe:/a:redhat:enterprise_linux:jbossas-javadocs", "p-cpe:/a:redhat:enterprise_linux:jbossas-jbossweb-native", "p-cpe:/a:redhat:enterprise_linux:jbossas-modules-eap", "p-cpe:/a:redhat:enterprise_linux:jbossas-product-eap", "p-cpe:/a:redhat:enterprise_linux:jbossas-standalone", "p-cpe:/a:redhat:enterprise_linux:jbossas-welcome-content-eap", "p-cpe:/a:redhat:enterprise_linux:jbossts", "p-cpe:/a:redhat:enterprise_linux:jbossweb", "p-cpe:/a:redhat:enterprise_linux:jbossws-common", "p-cpe:/a:redhat:enterprise_linux:jbossws-cxf", "p-cpe:/a:redhat:enterprise_linux:jbossws-native", "p-cpe:/a:redhat:enterprise_linux:jbossws-spi", "p-cpe:/a:redhat:enterprise_linux:jdom-eap6", "p-cpe:/a:redhat:enterprise_linux:jettison-eap6", "p-cpe:/a:redhat:enterprise_linux:jgroups", "p-cpe:/a:redhat:enterprise_linux:joda-time-eap6", "p-cpe:/a:redhat:enterprise_linux:jython-eap6", "p-cpe:/a:redhat:enterprise_linux:mod_cluster", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-demo", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-native", "p-cpe:/a:redhat:enterprise_linux:mod_jk-ap22", "p-cpe:/a:redhat:enterprise_linux:mod_rt", "p-cpe:/a:redhat:enterprise_linux:mod_snmp", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "p-cpe:/a:redhat:enterprise_linux:netty", "p-cpe:/a:redhat:enterprise_linux:opensaml", "p-cpe:/a:redhat:enterprise_linux:openws", "p-cpe:/a:redhat:enterprise_linux:picketlink-bindings", "p-cpe:/a:redhat:enterprise_linux:picketlink-federation", "p-cpe:/a:redhat:enterprise_linux:resteasy", "p-cpe:/a:redhat:enterprise_linux:rngom-eap6", "p-cpe:/a:redhat:enterprise_linux:scannotation", "p-cpe:/a:redhat:enterprise_linux:slf4j", "p-cpe:/a:redhat:enterprise_linux:slf4j-eap6", "p-cpe:/a:redhat:enterprise_linux:slf4j-jboss-logmanager", "p-cpe:/a:redhat:enterprise_linux:snakeyaml-eap6", "p-cpe:/a:redhat:enterprise_linux:stilts", "p-cpe:/a:redhat:enterprise_linux:sun-codemodel", "p-cpe:/a:redhat:enterprise_linux:sun-istack-commons", "p-cpe:/a:redhat:enterprise_linux:sun-saaj-1.3-impl", "p-cpe:/a:redhat:enterprise_linux:sun-txw2", "p-cpe:/a:redhat:enterprise_linux:sun-xsom", "p-cpe:/a:redhat:enterprise_linux:tomcat-native", "p-cpe:/a:redhat:enterprise_linux:weld-core", "p-cpe:/a:redhat:enterprise_linux:woodstox-core-eap6", "p-cpe:/a:redhat:enterprise_linux:woodstox-stax2-api-eap6", "p-cpe:/a:redhat:enterprise_linux:ws-commons-neethi", "p-cpe:/a:redhat:enterprise_linux:wsdl4j-eap6", "p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver-eap6", "p-cpe:/a:redhat:enterprise_linux:xmltooling", "p-cpe:/a:redhat:enterprise_linux:xom", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2014-1019.NASL", "href": "https://www.tenable.com/plugins/nessus/77078", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1019. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77078);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0118\", \"CVE-2014-0193\", \"CVE-2014-0226\", \"CVE-2014-0231\", \"CVE-2014-3464\", \"CVE-2014-3472\");\n script_bugtraq_id(69094, 69332);\n script_xref(name:\"RHSA\", value:\"2014:1019\");\n\n script_name(english:\"RHEL 5 : JBoss EAP (RHSA-2014:1019)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated Red Hat JBoss Enterprise Application Platform 6.3.0 packages\nthat fix multiple security issues, several bugs, and add various\nenhancements are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7.\n\nA race condition flaw, leading to heap-based buffer overflows, was\nfound in the mod_status httpd module. A remote attacker able to access\na status page served by mod_status on a server using a threaded\nMulti-Processing Module (MPM) could send a specially crafted request\nthat would cause the httpd child process to crash or, possibly, allow\nthe attacker to execute arbitrary code with the privileges of the\n'apache' user. (CVE-2014-0226)\n\nA denial of service flaw was found in the way httpd's mod_deflate\nmodule handled request body decompression (configured via the\n'DEFLATE' input filter). A remote attacker able to send a request\nwhose body would be decompressed could use this flaw to consume an\nexcessive amount of system memory and CPU on the target system.\n(CVE-2014-0118)\n\nA denial of service flaw was found in the way httpd's mod_cgid module\nexecuted CGI scripts that did not read data from the standard input. A\nremote attacker could submit a specially crafted request that would\ncause the httpd child process to hang indefinitely. (CVE-2014-0231)\n\nA flaw was found in the WebSocket08FrameDecoder implementation that\ncould allow a remote attacker to trigger an Out Of Memory Exception by\nissuing a series of TextWebSocketFrame and\nContinuationWebSocketFrames. Depending on the server configuration,\nthis could lead to a denial of service. (CVE-2014-0193)\n\nIt was found that the isCallerInRole() method of the\nSimpleSecurityManager did not correctly check caller roles. A remote,\nauthenticated attacker could use this flaw to circumvent the caller\ncheck in applications that use black list access control based on\ncaller roles. (CVE-2014-3472)\n\nRed Hat would like to thank James Roper of Typesafe for reporting\nCVE-2014-0193, and CA Technologies for reporting CVE-2014-3472.\n\nThis release of JBoss Enterprise Application Platform also includes\nbug fixes and enhancements. Documentation for these changes will be\navailable shortly from the JBoss Enterprise Application Platform 6.3.0\nRelease Notes, linked to in the References.\n\nAll users who require JBoss Enterprise Application Platform 6.3.0 on\nRed Hat Enterprise Linux 5 should install these new packages. The\nJBoss server process must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0226\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0231\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3464\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3472\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/documentation/en-US/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1019\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-commons-beanutils-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-commons-cli-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-commons-codec-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-commons-collections-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-commons-configuration-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-commons-daemon-jsvc-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-commons-io-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-commons-lang-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-mime4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cal10n-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:codehaus-jackson\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:codehaus-jackson-core-asl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:codehaus-jackson-jaxrs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:codehaus-jackson-mapper-asl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:codehaus-jackson-xc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ecj-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glassfish-jaxb-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnu-getopt-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:guava-libraries\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:h2database\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-core-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-entitymanager-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-envers-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-infinispan-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-validator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hornetq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hornetq-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpclient-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpcomponents-client-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpcomponents-core-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpcomponents-project-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpcore-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpmime-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infinispan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infinispan-cachestore-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infinispan-cachestore-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infinispan-client-hotrod\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infinispan-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-api-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-impl-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-spi-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-core-api-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-core-impl-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-deployers-common-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-jdbc-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-spec-api-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-validator-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jandex-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jansi-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jaxbintros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jaxen-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-appclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-client-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-clustering\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-cmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-configadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-connector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-controller\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-controller-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-core-security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-repository\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-scanner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-http\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-management\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-ee\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-ee-deployment\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-ejb3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-host-controller\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jacorb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxrs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jdr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jpa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jsf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jsr77\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-logging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-management-client-content\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-messaging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-modcluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-naming\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-configadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-service\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-picketlink\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-platform-mbean\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-pojo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-process-controller\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-protocol\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-remoting\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-sar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-system-jmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-threads\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-transactions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-version\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-webservices\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-weld\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-xts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-genericjms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-hal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jaxws-api_2.2_spec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jms-api_1.1_spec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jstl-api_1.2_spec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-logging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-marshalling\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-metadata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-metadata-appclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-metadata-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-metadata-ear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-metadata-ejb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-metadata-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-msc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-remoting3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-saaj-api_1.3_spec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-sasl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-security-negotiation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-transaction-api_1.1_spec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-transaction-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-vfs2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-appclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-domain\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-hornetq-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-javadocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-jbossweb-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-modules-eap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-product-eap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-standalone\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-welcome-content-eap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-cxf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jdom-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jettison-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jgroups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:joda-time-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jython-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_jk-ap22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netty\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:opensaml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-bindings\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketlink-federation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rngom-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:scannotation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:slf4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:slf4j-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:slf4j-jboss-logmanager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:snakeyaml-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:stilts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sun-codemodel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sun-istack-commons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sun-saaj-1.3-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sun-txw2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sun-xsom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:weld-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:woodstox-core-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:woodstox-stax2-api-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ws-commons-neethi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wsdl4j-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xmltooling\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xom\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1019\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL5\", rpm:\"jbossas-welcome-content-eap\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss EAP\");\n\n if (rpm_check(release:\"RHEL5\", reference:\"apache-commons-beanutils-eap6-1.8.3-7.redhat_6.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"apache-commons-cli-eap6-1.2-6.redhat_4.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"apache-commons-codec-eap6-1.4-16.redhat_3.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"apache-commons-collections-eap6-3.2.1-15.redhat_3.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"apache-commons-configuration-eap6-1.6-1.redhat_3.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"apache-commons-daemon-jsvc-eap6-1.0.15-6.redhat_2.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"apache-commons-daemon-jsvc-eap6-1.0.15-6.redhat_2.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"apache-commons-io-eap6-2.1-8.redhat_3.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"apache-commons-lang-eap6-2.6-8.redhat_3.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"apache-mime4j-0.6-10.redhat_3.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"cal10n-eap6-0.7.3-2.redhat_4.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"codehaus-jackson-1.9.9-7.redhat_3.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"codehaus-jackson-core-asl-1.9.9-7.redhat_3.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"codehaus-jackson-jaxrs-1.9.9-7.redhat_3.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"codehaus-jackson-mapper-asl-1.9.9-7.redhat_3.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"codehaus-jackson-xc-1.9.9-7.redhat_3.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"ecj-eap6-4.3.1-3.redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"glassfish-jaxb-eap6-2.2.5-20.redhat_8.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"gnu-getopt-eap6-1.0.13-1.redhat_4.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"guava-libraries-13.0.1-3.redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"h2database-1.3.168-7.redhat_4.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate4-core-eap6-4.2.14-2.SP1_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate4-eap6-4.2.14-2.SP1_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate4-entitymanager-eap6-4.2.14-2.SP1_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate4-envers-eap6-4.2.14-2.SP1_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate4-infinispan-eap6-4.2.14-2.SP1_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate4-validator-4.3.1-2.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hornetq-2.3.20-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"hornetq-native-2.3.20-2.Final_redhat_1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"hornetq-native-2.3.20-2.Final_redhat_1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"httpclient-eap6-4.2.1-10.redhat_1.3.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"httpcomponents-client-eap6-4.2.1-10.redhat_1.3.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"httpcomponents-core-eap6-4.2.1-10.redhat_1.3.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"httpcomponents-project-eap6-6-10.redhat_1.3.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"httpcore-eap6-4.2.1-10.redhat_1.3.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"httpd-2.2.26-35.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"httpd-2.2.26-35.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"httpd-devel-2.2.26-35.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"httpd-devel-2.2.26-35.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"httpd-manual-2.2.26-35.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"httpd-manual-2.2.26-35.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"httpd-tools-2.2.26-35.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"httpd-tools-2.2.26-35.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"httpmime-eap6-4.2.1-10.redhat_1.3.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"infinispan-5.2.10-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"infinispan-cachestore-jdbc-5.2.10-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"infinispan-cachestore-remote-5.2.10-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"infinispan-client-hotrod-5.2.10-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"infinispan-core-5.2.10-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"ironjacamar-common-api-eap6-1.0.26-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"ironjacamar-common-impl-eap6-1.0.26-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"ironjacamar-common-spi-eap6-1.0.26-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"ironjacamar-core-api-eap6-1.0.26-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"ironjacamar-core-impl-eap6-1.0.26-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"ironjacamar-deployers-common-eap6-1.0.26-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"ironjacamar-eap6-1.0.26-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"ironjacamar-jdbc-eap6-1.0.26-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"ironjacamar-spec-api-eap6-1.0.26-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"ironjacamar-validator-eap6-1.0.26-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jandex-eap6-1.0.3-3.Final_redhat_2.2.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jansi-eap6-1.9-2.redhat_4.3.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jaxbintros-1.0.2-17.GA_redhat_6.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jaxen-eap6-1.1.3-2.redhat_4.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-appclient-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-cli-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-client-all-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-clustering-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-cmp-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-configadmin-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-connector-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-console-2.2.8-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-controller-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-controller-client-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-core-security-7.4.0-15.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-deployment-repository-7.4.0-14.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-deployment-scanner-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-domain-http-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-domain-management-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-ee-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-ee-deployment-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-ejb3-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-embedded-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-host-controller-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-jacorb-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-jaxr-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-jaxrs-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-jdr-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-jmx-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-jpa-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-jsf-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-jsr77-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-logging-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-mail-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-management-client-content-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-messaging-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-modcluster-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-naming-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-network-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-osgi-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-osgi-configadmin-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-osgi-service-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-picketlink-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-platform-mbean-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-pojo-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-process-controller-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-protocol-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-remoting-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-sar-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-security-7.4.0-14.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-server-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-system-jmx-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-threads-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-transactions-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-version-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-web-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-webservices-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-weld-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-xts-7.4.0-13.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-genericjms-1.0.5-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-hal-2.2.8-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-jaxws-api_2.2_spec-2.0.2-4.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-jms-api_1.1_spec-1.0.1-8.Final_redhat_2.2.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-jstl-api_1.2_spec-1.0.6-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-logging-3.1.4-1.GA_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-marshalling-1.4.6-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-metadata-7.1.0-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-metadata-appclient-7.1.0-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-metadata-common-7.1.0-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-metadata-ear-7.1.0-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-metadata-ejb-7.1.0-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-metadata-web-7.1.0-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-msc-1.1.5-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-remoting3-3.3.1-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-saaj-api_1.3_spec-1.0.3-3.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-sasl-1.0.4-2.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-security-negotiation-2.3.3-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-transaction-api_1.1_spec-1.0.1-10.Final_redhat_2.2.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-transaction-spi-7.1.0-2.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-vfs2-3.2.5-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-appclient-7.4.0-15.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-bundles-7.4.0-15.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-core-7.4.0-16.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-domain-7.4.0-15.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"jbossas-hornetq-native-2.3.20-2.Final_redhat_1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"jbossas-hornetq-native-2.3.20-2.Final_redhat_1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-javadocs-7.4.0-20.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"jbossas-jbossweb-native-1.1.30-2.redhat_1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"jbossas-jbossweb-native-1.1.30-2.redhat_1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-modules-eap-7.4.0-38.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-product-eap-7.4.0-19.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-standalone-7.4.0-15.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-welcome-content-eap-7.4.0-17.Final_redhat_19.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossts-4.17.21-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-7.4.8-4.Final_redhat_4.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossws-common-2.3.0-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossws-cxf-4.3.0-3.Final_redhat_3.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossws-native-4.2.0-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossws-spi-2.3.0-2.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jdom-eap6-1.1.2-6.redhat_4.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jettison-eap6-1.3.1-3.redhat_4.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jgroups-3.2.13-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"joda-time-eap6-1.6.2-1.redhat_4.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jython-eap6-2.5.2-6.redhat_3.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"mod_cluster-1.2.9-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"mod_cluster-demo-1.2.9-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"mod_cluster-native-1.2.9-3.Final_redhat_2.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"mod_cluster-native-1.2.9-3.Final_redhat_2.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"mod_jk-ap22-1.2.40-2.redhat_1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"mod_jk-ap22-1.2.40-2.redhat_1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"mod_rt-2.4.1-3.GA.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"mod_rt-2.4.1-3.GA.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"mod_snmp-2.4.1-7.GA.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"mod_snmp-2.4.1-7.GA.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"mod_ssl-2.2.26-35.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"mod_ssl-2.2.26-35.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"netty-3.6.9-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"opensaml-2.5.3-4.redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"openws-1.4.4-3.redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"picketlink-bindings-2.5.3-8.SP10_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"picketlink-federation-2.5.3-9.SP10_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"resteasy-2.3.8-4.Final_redhat_3.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rngom-eap6-201103-2.redhat_3.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"scannotation-1.0.3-6.redhat_4.2.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"slf4j-1.7.2-13.redhat_3.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"slf4j-eap6-1.7.2-13.redhat_3.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"slf4j-jboss-logmanager-1.0.3-1.GA_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"snakeyaml-eap6-1.8-1.redhat_2.2.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"stilts-0.1.26-13.redhat_4.2.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"sun-codemodel-2.6-4.redhat_2.2.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"sun-istack-commons-2.6.1-10.redhat_2.2.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"sun-saaj-1.3-impl-1.3.16-9.redhat_3.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"sun-txw2-20110809-7.redhat_4.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"sun-xsom-20110809-7.redhat_3.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat-native-1.1.30-2.redhat_1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat-native-1.1.30-2.redhat_1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"weld-core-1.1.23-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"woodstox-core-eap6-4.2.0-12.redhat_4.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"woodstox-stax2-api-eap6-3.1.3-3.redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"ws-commons-neethi-3.0.2-8.redhat_3.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"wsdl4j-eap6-1.6.3-1.redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xml-commons-resolver-eap6-1.2-17.redhat_9.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xmltooling-1.3.4-6.redhat_3.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"xom-1.2.7-3.redhat_4.1.ep6.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache-commons-beanutils-eap6 / apache-commons-cli-eap6 / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:51:42", "description": "Updated apache packages fix security vulnerabilities :\n\nApache HTTPD before 2.4.9 was vulnerable to a denial of service in mod_dav when handling DAV_WRITE requests (CVE-2013-6438).\n\nApache HTTPD before 2.4.9 was vulnerable to a denial of service when logging cookies (CVE-2014-0098).\n\nA race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the apache user (CVE-2014-0226).\n\nA denial of service flaw was found in the mod_proxy httpd module. A remote attacker could send a specially crafted request to a server configured as a reverse proxy using a threaded Multi-Processing Modules (MPM) that would cause the httpd child process to crash (CVE-2014-0117).\n\nA denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the DEFLATE input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system (CVE-2014-0118).\n\nA denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely (CVE-2014-0231).\n\nA NULL pointer dereference flaw was found in the way the mod_cache httpd module handled Content-Type headers. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP server was configured to proxy to a server with caching enabled (CVE-2014-3581).\n\nmod_lua.c in the mod_lua module in the Apache HTTP Server through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory (CVE-2014-8109).\n\nIn the mod_lua module in the Apache HTTP Server through 2.4.10, a maliciously crafted websockets PING after a script calls r:wsupgrade() can cause a child process crash (CVE-2015-0228).\n\nA flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header restrictions defined with mod_headers (CVE-2013-5704).\n\nNote: With this update, httpd has been modified to not merge HTTP Trailer headers with other HTTP request headers. A newly introduced configuration directive MergeTrailers can be used to re-enable the old method of processing Trailer headers, which also re-introduces the aforementioned flaw.\n\nThis update also fixes the following bug :\n\nPrior to this update, the mod_proxy_wstunnel module failed to set up an SSL connection when configured to use a back end server using the wss: URL scheme, causing proxied connections to fail. In these updated packages, SSL is used when proxying to wss: back end servers (rhbz#1141950).", "cvss3": {}, "published": "2015-03-30T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : apache (MDVSA-2015:093)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5704", "CVE-2013-6438", "CVE-2014-0098", "CVE-2014-0117", "CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231", "CVE-2014-3581", "CVE-2014-5704", "CVE-2014-8109", "CVE-2015-0228"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:apache", "p-cpe:/a:mandriva:linux:apache-devel", "p-cpe:/a:mandriva:linux:apache-doc", "p-cpe:/a:mandriva:linux:apache-htcacheclean", "p-cpe:/a:mandriva:linux:apache-mod_cache", "p-cpe:/a:mandriva:linux:apache-mod_dav", "p-cpe:/a:mandriva:linux:apache-mod_dbd", "p-cpe:/a:mandriva:linux:apache-mod_ldap", "p-cpe:/a:mandriva:linux:apache-mod_proxy", "p-cpe:/a:mandriva:linux:apache-mod_proxy_html", "p-cpe:/a:mandriva:linux:apache-mod_session", "p-cpe:/a:mandriva:linux:apache-mod_ssl", "p-cpe:/a:mandriva:linux:apache-mod_suexec", "p-cpe:/a:mandriva:linux:apache-mod_userdir", "cpe:/o:mandriva:business_server:2"], "id": "MANDRIVA_MDVSA-2015-093.NASL", "href": "https://www.tenable.com/plugins/nessus/82346", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:093. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82346);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-6438\", \"CVE-2014-0098\", \"CVE-2014-0117\", \"CVE-2014-0118\", \"CVE-2014-0226\", \"CVE-2014-0231\", \"CVE-2014-3581\", \"CVE-2014-5704\", \"CVE-2014-8109\", \"CVE-2015-0228\");\n script_xref(name:\"MDVSA\", value:\"2015:093\");\n\n script_name(english:\"Mandriva Linux Security Advisory : apache (MDVSA-2015:093)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated apache packages fix security vulnerabilities :\n\nApache HTTPD before 2.4.9 was vulnerable to a denial of service in\nmod_dav when handling DAV_WRITE requests (CVE-2013-6438).\n\nApache HTTPD before 2.4.9 was vulnerable to a denial of service when\nlogging cookies (CVE-2014-0098).\n\nA race condition flaw, leading to heap-based buffer overflows, was\nfound in the mod_status httpd module. A remote attacker able to access\na status page served by mod_status on a server using a threaded\nMulti-Processing Module (MPM) could send a specially crafted request\nthat would cause the httpd child process to crash or, possibly, allow\nthe attacker to execute arbitrary code with the privileges of the\napache user (CVE-2014-0226).\n\nA denial of service flaw was found in the mod_proxy httpd module. A\nremote attacker could send a specially crafted request to a server\nconfigured as a reverse proxy using a threaded Multi-Processing\nModules (MPM) that would cause the httpd child process to crash\n(CVE-2014-0117).\n\nA denial of service flaw was found in the way httpd's mod_deflate\nmodule handled request body decompression (configured via the DEFLATE\ninput filter). A remote attacker able to send a request whose body\nwould be decompressed could use this flaw to consume an excessive\namount of system memory and CPU on the target system (CVE-2014-0118).\n\nA denial of service flaw was found in the way httpd's mod_cgid module\nexecuted CGI scripts that did not read data from the standard input. A\nremote attacker could submit a specially crafted request that would\ncause the httpd child process to hang indefinitely (CVE-2014-0231).\n\nA NULL pointer dereference flaw was found in the way the mod_cache\nhttpd module handled Content-Type headers. A malicious HTTP server\ncould cause the httpd child process to crash when the Apache HTTP\nserver was configured to proxy to a server with caching enabled\n(CVE-2014-3581).\n\nmod_lua.c in the mod_lua module in the Apache HTTP Server through\n2.4.10 does not support an httpd configuration in which the same Lua\nauthorization provider is used with different arguments within\ndifferent contexts, which allows remote attackers to bypass intended\naccess restrictions in opportunistic circumstances by leveraging\nmultiple Require directives, as demonstrated by a configuration that\nspecifies authorization for one group to access a certain directory,\nand authorization for a second group to access a second directory\n(CVE-2014-8109).\n\nIn the mod_lua module in the Apache HTTP Server through 2.4.10, a\nmaliciously crafted websockets PING after a script calls r:wsupgrade()\ncan cause a child process crash (CVE-2015-0228).\n\nA flaw was found in the way httpd handled HTTP Trailer headers when\nprocessing requests using chunked encoding. A malicious client could\nuse Trailer headers to set additional HTTP headers after header\nprocessing was performed by other modules. This could, for example,\nlead to a bypass of header restrictions defined with mod_headers\n(CVE-2013-5704).\n\nNote: With this update, httpd has been modified to not merge HTTP\nTrailer headers with other HTTP request headers. A newly introduced\nconfiguration directive MergeTrailers can be used to re-enable the old\nmethod of processing Trailer headers, which also re-introduces the\naforementioned flaw.\n\nThis update also fixes the following bug :\n\nPrior to this update, the mod_proxy_wstunnel module failed to set up\nan SSL connection when configured to use a back end server using the\nwss: URL scheme, causing proxied connections to fail. In these updated\npackages, SSL is used when proxying to wss: back end servers\n(rhbz#1141950).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0135.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0305.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0527.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2015-0011.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2015-0099.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-htcacheclean\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_dav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_dbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_userdir\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"apache-2.4.12-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"apache-devel-2.4.12-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", reference:\"apache-doc-2.4.12-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"apache-htcacheclean-2.4.12-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"apache-mod_cache-2.4.12-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"apache-mod_dav-2.4.12-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"apache-mod_dbd-2.4.12-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"apache-mod_ldap-2.4.12-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"apache-mod_proxy-2.4.12-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"apache-mod_proxy_html-2.4.12-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"apache-mod_session-2.4.12-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"apache-mod_ssl-2.4.12-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"apache-mod_suexec-2.4.12-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"apache-mod_userdir-2.4.12-1.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-18T14:36:17", "description": "This apache2 update fixes the following security issues :\n\n - CRIME types of attack, based on size and timing analysis of compressed content, are now mitigated by the new SSLCompression directive, set to 'no' in /etc/apache2/ssl-global.conf\n\n - ssl-global.conf: SSLHonorCipherOrder set to on\n\n - SSLCipherSuite updates to vhosts.d/vhost-ssl.template and apache2-default-vhost-ssl.conf\n\n - new config option CGIDScriptTimeout set to 60s in new file conf.d/cgid-timeout.conf, preventing worker processes hanging forever if a cgi launched from them has stopped reading input from the server. (bnc#887768, CVE-2014-0231)\n\n - fix for mod_status race condition in scoreboard handling and consecutive heap overflow and information disclosure if access to mod_status is granted to a potential attacker. (bnc#887765, CVE-2014-0226)\n\n - fixed improperly handled whitespace characters in CDATA sections of requests to mod_dav can lead to a crash, resulting in a DoS against the server. (bnc#869105, CVE-2013-6438)\n\n - fix for crash in parsing cookie content, resulting in a DoS against the server. (bnc#869106, CVE-2014-0098)", "cvss3": {}, "published": "2014-08-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : apache2 (openSUSE-SU-2014:1045-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6438", "CVE-2014-0098", "CVE-2014-0226", "CVE-2014-0231"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2", "p-cpe:/a:novell:opensuse:apache2-debuginfo", "p-cpe:/a:novell:opensuse:apache2-debugsource", "p-cpe:/a:novell:opensuse:apache2-devel", "p-cpe:/a:novell:opensuse:apache2-event", "p-cpe:/a:novell:opensuse:apache2-event-debuginfo", "p-cpe:/a:novell:opensuse:apache2-example-pages", "p-cpe:/a:novell:opensuse:apache2-itk", "p-cpe:/a:novell:opensuse:apache2-itk-debuginfo", "p-cpe:/a:novell:opensuse:apache2-prefork", "p-cpe:/a:novell:opensuse:apache2-prefork-debuginfo", "p-cpe:/a:novell:opensuse:apache2-utils", "p-cpe:/a:novell:opensuse:apache2-utils-debuginfo", "p-cpe:/a:novell:opensuse:apache2-worker", "p-cpe:/a:novell:opensuse:apache2-worker-debuginfo", "cpe:/o:novell:opensuse:12.3"], "id": "OPENSUSE-2014-502.NASL", "href": "https://www.tenable.com/plugins/nessus/77291", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-502.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77291);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-6438\", \"CVE-2014-0098\", \"CVE-2014-0226\", \"CVE-2014-0231\");\n\n script_name(english:\"openSUSE Security Update : apache2 (openSUSE-SU-2014:1045-1)\");\n script_summary(english:\"Check for the openSUSE-2014-502 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This apache2 update fixes the following security issues :\n\n - CRIME types of attack, based on size and timing analysis\n of compressed content, are now mitigated by the new\n SSLCompression directive, set to 'no' in\n /etc/apache2/ssl-global.conf\n\n - ssl-global.conf: SSLHonorCipherOrder set to on\n\n - SSLCipherSuite updates to vhosts.d/vhost-ssl.template\n and apache2-default-vhost-ssl.conf\n\n - new config option CGIDScriptTimeout set to 60s in new\n file conf.d/cgid-timeout.conf, preventing worker\n processes hanging forever if a cgi launched from them\n has stopped reading input from the server. (bnc#887768,\n CVE-2014-0231)\n\n - fix for mod_status race condition in scoreboard handling\n and consecutive heap overflow and information disclosure\n if access to mod_status is granted to a potential\n attacker. (bnc#887765, CVE-2014-0226)\n\n - fixed improperly handled whitespace characters in CDATA\n sections of requests to mod_dav can lead to a crash,\n resulting in a DoS against the server. (bnc#869105,\n CVE-2013-6438)\n\n - fix for crash in parsing cookie content, resulting in a\n DoS against the server. (bnc#869106, CVE-2014-0098)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=869105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=869106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=887765\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=887768\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-08/msg00032.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-event-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-itk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-itk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-prefork-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-worker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-2.2.22-10.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-debuginfo-2.2.22-10.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-debugsource-2.2.22-10.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-devel-2.2.22-10.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-event-2.2.22-10.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-event-debuginfo-2.2.22-10.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-example-pages-2.2.22-10.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-itk-2.2.22-10.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-itk-debuginfo-2.2.22-10.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-prefork-2.2.22-10.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-prefork-debuginfo-2.2.22-10.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-utils-2.2.22-10.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-utils-debuginfo-2.2.22-10.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-worker-2.2.22-10.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-worker-debuginfo-2.2.22-10.12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2 / apache2-debuginfo / apache2-debugsource / apache2-devel / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-18T14:36:56", "description": "This update for the Apache Web Server provides the following fixes :\n\n - Fixed a heap-based buffer overflow on apache module mod_status. (bnc#887765, CVE-2014-0226)\n\n - Properly remove whitespace characters from CDATA sections to avoid remote denial of service by crashing the Apache Server process. (bnc#869105, CVE-2013-6438)\n\n - Correction to parsing of cookie content; this can lead to a crash with a specially designed cookie sent to the server. (bnc#869106, CVE-2014-0098)\n\n - ECC support should not be missing. (bnc#859916) This update also introduces a new configuration parameter CGIDScriptTimeout, which defaults to the value of parameter Timeout. CGIDScriptTimeout is set to 60s if mod_cgid is loaded/active, via /etc/apache2/conf.d/cgid-timeout.conf. The new directive and its effect prevent request workers to be eaten until starvation if cgi programs do not send output back to the server within the timeout set by CGIDScriptTimeout.\n (bnc#887768, CVE-2014-0231)", "cvss3": {}, "published": "2014-08-07T00:00:00", "type": "nessus", "title": "SuSE 11.3 Security Update : Apache Web Server (SAT Patch Number 9542)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6438", "CVE-2014-0098", "CVE-2014-0226", "CVE-2014-0231"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:apache2", "p-cpe:/a:novell:suse_linux:11:apache2-doc", "p-cpe:/a:novell:suse_linux:11:apache2-example-pages", "p-cpe:/a:novell:suse_linux:11:apache2-prefork", "p-cpe:/a:novell:suse_linux:11:apache2-utils", "p-cpe:/a:novell:suse_linux:11:apache2-worker", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_APACHE2-140721.NASL", "href": "https://www.tenable.com/plugins/nessus/77048", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77048);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-6438\", \"CVE-2014-0098\", \"CVE-2014-0226\", \"CVE-2014-0231\");\n\n script_name(english:\"SuSE 11.3 Security Update : Apache Web Server (SAT Patch Number 9542)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Apache Web Server provides the following fixes :\n\n - Fixed a heap-based buffer overflow on apache module\n mod_status. (bnc#887765, CVE-2014-0226)\n\n - Properly remove whitespace characters from CDATA\n sections to avoid remote denial of service by crashing\n the Apache Server process. (bnc#869105, CVE-2013-6438)\n\n - Correction to parsing of cookie content; this can lead\n to a crash with a specially designed cookie sent to the\n server. (bnc#869106, CVE-2014-0098)\n\n - ECC support should not be missing. (bnc#859916) This\n update also introduces a new configuration parameter\n CGIDScriptTimeout, which defaults to the value of\n parameter Timeout. CGIDScriptTimeout is set to 60s if\n mod_cgid is loaded/active, via\n /etc/apache2/conf.d/cgid-timeout.conf. The new directive\n and its effect prevent request workers to be eaten until\n starvation if cgi programs do not send output back to\n the server within the timeout set by CGIDScriptTimeout.\n (bnc#887768, CVE-2014-0231)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=859916\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=869105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=869106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=887765\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=887768\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6438.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0098.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0226.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0231.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 9542.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"apache2-2.2.12-1.46.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"apache2-doc-2.2.12-1.46.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"apache2-example-pages-2.2.12-1.46.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"apache2-prefork-2.2.12-1.46.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"apache2-utils-2.2.12-1.46.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"apache2-worker-2.2.12-1.46.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-18T14:38:36", "description": "The remote host is running a version of IBM WebSphere Application Server 7.0 prior to Fix Pack 35. It is, therefore, affected by the following vulnerabilities :\n\n - Multiple errors exist related to the included IBM HTTP server that could allow remote code execution or denial of service. (CVE-2013-5704, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231 / PI22070)\n\n - An error exists related to HTTP header handling that could allow the disclosure of sensitive information.\n (CVE-2014-3021 / PI08268)\n\n - An unspecified error exists that could allow the disclosure of sensitive information.\n (CVE-2014-3083 / PI17768)\n\n - An unspecified input-validation errors exist related to the 'Admin Console' that could allow cross-site scripting and cross-site request forgery attacks.\n (CVE-2014-4770, CVE-2014-4816 / PI23055)", "cvss3": {}, "published": "2014-10-21T00:00:00", "type": "nessus", "title": "IBM WebSphere Application Server 7.0 < Fix Pack 35 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5704", "CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231", "CVE-2014-3021", "CVE-2014-3083", "CVE-2014-4770", "CVE-2014-4816"], "modified": "2018-08-06T00:00:00", "cpe": ["cpe:/a:ibm:websphere_application_server"], "id": "WEBSPHERE_7_0_0_35.NASL", "href": "https://www.tenable.com/plugins/nessus/78604", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78604);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/08/06 14:03:16\");\n\n script_cve_id(\n \"CVE-2013-5704\",\n \"CVE-2014-0118\",\n \"CVE-2014-0226\",\n \"CVE-2014-0231\",\n \"CVE-2014-3021\",\n \"CVE-2014-3083\",\n \"CVE-2014-4770\",\n \"CVE-2014-4816\"\n );\n script_bugtraq_id(\n 66550,\n 68678,\n 68742,\n 68745,\n 69298,\n 69980,\n 69981,\n 70582\n );\n script_xref(name:\"CERT\", value:\"573356\");\n\n script_name(english:\"IBM WebSphere Application Server 7.0 < Fix Pack 35 Multiple Vulnerabilities\");\n script_summary(english:\"Reads the version number from the SOAP port.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote application server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of IBM WebSphere Application\nServer 7.0 prior to Fix Pack 35. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - Multiple errors exist related to the included IBM HTTP\n server that could allow remote code execution or denial\n of service. (CVE-2013-5704, CVE-2014-0118,\n CVE-2014-0226, CVE-2014-0231 / PI22070)\n\n - An error exists related to HTTP header handling that\n could allow the disclosure of sensitive information.\n (CVE-2014-3021 / PI08268)\n\n - An unspecified error exists that could allow the\n disclosure of sensitive information.\n (CVE-2014-3083 / PI17768)\n\n - An unspecified input-validation errors exist related to\n the 'Admin Console' that could allow cross-site\n scripting and cross-site request forgery attacks.\n (CVE-2014-4770, CVE-2014-4816 / PI23055)\");\n # Advisory\n script_set_attribute(attribute:\"see_also\", value:\"https://www-304.ibm.com/support/docview.wss?uid=swg21684612\");\n # Download\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg27004980#ver70\");\n # https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_potential_security_vulnerabilities_fixed_in_ibm_websphere_application_server_7_0_0_35?lang=en_us\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?834c5fca\");\n # APAR PI17768 (Sensitive Info disclosure: CVE-2014-3083)\n script_set_attribute(attribute:\"see_also\", value:\"https://www-304.ibm.com/support/docview.wss?uid=swg24038178\");\n # APAR PI22070 (Multiple vulnerabilities fixed in IBM HTTP Server)\n script_set_attribute(attribute:\"see_also\", value:\"https://www-304.ibm.com/support/docview.wss?uid=swg21672428\");\n # APAR PI23055 Sec bulletin for CVE-2014-4770 and CVE-2014-4816 (XSS and XSRF)\n script_set_attribute(attribute:\"see_also\", value:\"https://www-304.ibm.com/support/docview.wss?uid=swg21682767\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Fix Pack 35 (7.0.0.35) or later.\n\nNote that the following interim fixes are available :\n\n - CVE-2013-5704, CVE-2014-0118, CVE-2014-0226, and\n CVE-2014-0231 are corrected in IF PI22070.\n - CVE-2014-3083 is corrected in IF PI17768.\n - CVE-2014-4770 and CVE-2014-4816 are corrected in\n IF PI23055.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_application_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"websphere_detect.nasl\");\n script_require_keys(\"www/WebSphere\");\n script_require_ports(\"Services/www\", 8880, 8881);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:8880, embedded:0);\n\nversion = get_kb_item_or_exit(\"www/WebSphere/\"+port+\"/version\");\nif (version !~ \"^7\\.0([^0-9]|$)\") audit(AUDIT_NOT_LISTEN, \"IBM WebSphere Application Server 7.0\", port);\nif (version =~ \"^[0-9]+(\\.[0-9]+)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"IBM WebSphere Application Server\", port, version);\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif (ver[0] == 7 && ver[1] == 0 && ver[2] == 0 && ver[3] < 35)\n{\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n set_kb_item(name:'www/'+port+'/XSRF', value:TRUE);\n\n if (report_verbosity > 0)\n {\n source = get_kb_item_or_exit(\"www/WebSphere/\"+port+\"/source\");\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 7.0.0.35' +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"IBM WebSphere Application Server\", port, version);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T16:35:13", "description": "Versions of Apache HTTP server 2.4.6, 2.4.7, and 2.4.9 are unpatched for the following vulnerability:\n\n - A crash in Connection header handling, which can lead to denial of service against a reverse proxy (CVE-2014-0117)", "cvss3": {}, "published": "2014-07-29T00:00:00", "type": "nessus", "title": "Apache HTTP Server 2.4.6, 2.4.7, 2.4.9 Vulnerability", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0117"], "modified": "2018-09-16T00:00:00", "cpe": ["cpe:/a:apache:http_server:2.4.6"], "id": "700213.PRM", "href": "https://www.tenable.com/plugins/nnm/700213", "sourceData": "Binary data 700213.prm", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:55:31", "description": "This apache2 update fixes the following security issues :\n\n - log_cookie mod_log_config.c remote denial of service (CVE-2014-0098, bnc#869106)\n\n - mod_dav denial of service (CVE-2013-6438, bnc#869105)\n\n - mod_cgid denial of service (CVE-2014-0231, bnc#887768)\n\n - mod_status heap-based buffer overflow (CVE-2014-0226, bnc#887765)\n\n - mod_rewrite: escape logdata to avoid terminal escapes (CVE-2013-1862, bnc#829057)\n\n - mod_dav: segfault in merge request (CVE-2013-1896, bnc#829056)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-05-20T00:00:00", "type": "nessus", "title": "SUSE SLES10 Security Update : apache2 (SUSE-SU-2014:1082-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1862", "CVE-2013-1896", "CVE-2013-6438", "CVE-2014-0098", "CVE-2014-0226", "CVE-2014-0231"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2", "p-cpe:/a:novell:suse_linux:apache2-devel", "p-cpe:/a:novell:suse_linux:apache2-doc", "p-cpe:/a:novell:suse_linux:apache2-example-pages", "p-cpe:/a:novell:suse_linux:apache2-prefork", "p-cpe:/a:novell:suse_linux:apache2-worker", "cpe:/o:novell:suse_linux:10"], "id": "SUSE_SU-2014-1082-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83632", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2014:1082-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83632);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-1862\", \"CVE-2013-1896\", \"CVE-2013-6438\", \"CVE-2014-0098\", \"CVE-2014-0226\", \"CVE-2014-0231\");\n script_bugtraq_id(59826, 61129, 66303, 68678, 68742);\n\n script_name(english:\"SUSE SLES10 Security Update : apache2 (SUSE-SU-2014:1082-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This apache2 update fixes the following security issues :\n\n - log_cookie mod_log_config.c remote denial of service\n (CVE-2014-0098, bnc#869106)\n\n - mod_dav denial of service (CVE-2013-6438, bnc#869105)\n\n - mod_cgid denial of service (CVE-2014-0231, bnc#887768)\n\n - mod_status heap-based buffer overflow (CVE-2014-0226,\n bnc#887765)\n\n - mod_rewrite: escape logdata to avoid terminal escapes\n (CVE-2013-1862, bnc#829057)\n\n - mod_dav: segfault in merge request (CVE-2013-1896,\n bnc#829056)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=829056\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=829057\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=869105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=869106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=887765\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=887768\"\n );\n # https://download.suse.com/patch/finder/?keywords=0593c1f59d8a810c00150b05cea3af2f\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f5b7cbe3\"\n );\n # https://download.suse.com/patch/finder/?keywords=0ddc907bde6fcbad1e94944d867f60dd\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6a6a193a\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-1862/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-1896/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-6438/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-0098/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-0226/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-0231/\"\n );\n # https://www.suse.com/support/update/announcement/2014/suse-su-20141082-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?59a14554\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2 packages\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/06/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES10)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES10\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES10\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES10 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"apache2-2.2.3-16.50.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"apache2-devel-2.2.3-16.50.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"apache2-doc-2.2.3-16.50.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"apache2-example-pages-2.2.3-16.50.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"apache2-prefork-2.2.3-16.50.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"apache2-worker-2.2.3-16.50.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"apache2-2.2.3-16.32.51.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"apache2-devel-2.2.3-16.32.51.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"apache2-doc-2.2.3-16.32.51.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"apache2-example-pages-2.2.3-16.32.51.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"apache2-prefork-2.2.3-16.32.51.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"apache2-worker-2.2.3-16.32.51.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:59:15", "description": "The remote host is running a version of NSM (Network and Security Manager) Server that is prior to 2012.2R9. It is, therefore, affected by multiple vulnerabilities in the bundled version of Apache HTTP Server :\n\n - A flaw exists due to improper escaping of filenames in 406 and 300 HTTP responses. A remote attacker can exploit this, by uploading a file with a specially crafted name, to inject arbitrary HTTP headers or conduct cross-site scripting attacks. (CVE-2008-0456)\n\n - Multiple cross-site scripting vulnerabilities exist in the mod_negotiation module due to improper sanitization of input passed via filenames. An attacker can exploit this to execute arbitrary script code in a user's browser. (CVE-2012-2687)\n\n - Multiple cross-site scripting vulnerabilities exist in the mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules due to improper validation of input passed via the URL or hostnames. An attacker can exploit this to execute arbitrary script code in a user's browser. (CVE-2012-3499)\n\n - A cross-site scripting vulnerability exists in the mod_proxy_balancer module due to improper validation of input passed via the URL or hostnames. An attacker can exploit this to execute arbitrary script code in a user's browser. (CVE-2012-4558)\n\n - A flaw exists in the do_rewritelog() function due to improper sanitization of escape sequences written to log files. A remote attacker can exploit this, via a specially crafted HTTP request, to execute arbitrary commands. (CVE-2013-1862)\n\n - A denial of service vulnerability exists in mod_dav.c due to improper validation to determine if DAV is enabled for a URI. A remote attacker can exploit this, via a specially crafted MERGE request, to cause a segmentation fault, resulting in a denial of service condition. (CVE-2013-1896)\n\n - A denial of service vulnerability exists in the dav_xml_get_cdata() function due to improper removal of whitespace characters from CDATA sections. A remote attacker can exploit this, via a specially crafted DAV WRITE request, to cause a daemon crash, resulting in a denial of service condition. (CVE-2013-6438)\n\n - A flaw exists in log_cookie() function due to the logging of cookies with an unassigned value. A remote attacker can exploit this, via a specially crafted request, to cause a segmentation fault, resulting in a denial of service condition. (CVE-2014-0098)\n\n - A flaw exists in the deflate_in_filter() function when request body decompression is configured. A remote attacker can exploit this, via a specially crafted request, to exhaust available memory and CPU resources, resulting in a denial of service condition.\n (CVE-2014-0118)\n\n - A race condition exists in the mod_status module due to improper validation of user-supplied input when handling the scoreboard. A remote attacker can exploit this, via a crafted request, to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2014-0226)\n\n - A flaw exists in the mod_cgid module due to the lack of a timeout mechanism. A remote attacker can exploit this, via a request to a CGI script that does not read from its stdin file descriptor, to cause a denial of service condition. (CVE-2014-0231)", "cvss3": {}, "published": "2015-07-20T00:00:00", "type": "nessus", "title": "Juniper NSM < 2012.2R9 Apache HTTP Server Multiple Vulnerabilities (JSA10685) (credentialed check)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-0456", "CVE-2012-2687", "CVE-2012-3499", "CVE-2012-4558", "CVE-2013-1862", "CVE-2013-1896", "CVE-2013-6438", "CVE-2014-0098", "CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231"], "modified": "2018-07-12T00:00:00", "cpe": ["cpe:/a:juniper:network_and_security_manager"], "id": "JUNIPER_NSM_JSA10685_CRED.NASL", "href": "https://www.tenable.com/plugins/nessus/84878", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84878);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/12 19:01:16\");\n\n script_cve_id(\n \"CVE-2008-0456\",\n \"CVE-2012-2687\",\n \"CVE-2012-3499\",\n \"CVE-2012-4558\",\n \"CVE-2013-1862\",\n \"CVE-2013-1896\",\n \"CVE-2013-6438\",\n \"CVE-2014-0098\",\n \"CVE-2014-0118\",\n \"CVE-2014-0226\",\n \"CVE-2014-0231\"\n );\n script_bugtraq_id(\n 27409,\n 55131,\n 58165,\n 58165,\n 59826,\n 61129,\n 66303,\n 66303,\n 68678,\n 68742,\n 68745\n );\n\n script_name(english:\"Juniper NSM < 2012.2R9 Apache HTTP Server Multiple Vulnerabilities (JSA10685) (credentialed check)\");\n script_summary(english:\"Checks the versions of NSM servers.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of NSM (Network and Security\nManager) Server that is prior to 2012.2R9. It is, therefore, affected\nby multiple vulnerabilities in the bundled version of Apache HTTP\nServer :\n\n - A flaw exists due to improper escaping of filenames in\n 406 and 300 HTTP responses. A remote attacker can\n exploit this, by uploading a file with a specially\n crafted name, to inject arbitrary HTTP headers or\n conduct cross-site scripting attacks. (CVE-2008-0456)\n\n - Multiple cross-site scripting vulnerabilities exist in\n the mod_negotiation module due to improper sanitization\n of input passed via filenames. An attacker can exploit\n this to execute arbitrary script code in a user's\n browser. (CVE-2012-2687)\n\n - Multiple cross-site scripting vulnerabilities exist in\n the mod_info, mod_status, mod_imagemap, mod_ldap, and\n mod_proxy_ftp modules due to improper validation of\n input passed via the URL or hostnames. An attacker can\n exploit this to execute arbitrary script code in a\n user's browser. (CVE-2012-3499)\n\n - A cross-site scripting vulnerability exists in the\n mod_proxy_balancer module due to improper validation of\n input passed via the URL or hostnames. An attacker can\n exploit this to execute arbitrary script code in a\n user's browser. (CVE-2012-4558)\n\n - A flaw exists in the do_rewritelog() function due to\n improper sanitization of escape sequences written to log\n files. A remote attacker can exploit this, via a\n specially crafted HTTP request, to execute arbitrary\n commands. (CVE-2013-1862)\n\n - A denial of service vulnerability exists in mod_dav.c\n due to improper validation to determine if DAV is\n enabled for a URI. A remote attacker can exploit this,\n via a specially crafted MERGE request, to cause a\n segmentation fault, resulting in a denial of service\n condition. (CVE-2013-1896)\n\n - A denial of service vulnerability exists in the\n dav_xml_get_cdata() function\n due to improper removal of whitespace characters from\n CDATA sections. A remote attacker can exploit this,\n via a specially crafted DAV WRITE request, to cause a\n daemon crash, resulting in a denial of service\n condition. (CVE-2013-6438)\n\n - A flaw exists in log_cookie() function due to the\n logging of cookies with an unassigned value. A remote\n attacker can exploit this, via a specially crafted\n request, to cause a segmentation fault, resulting in a\n denial of service condition. (CVE-2014-0098)\n\n - A flaw exists in the deflate_in_filter() function when\n request body decompression is configured. A remote\n attacker can exploit this, via a specially crafted\n request, to exhaust available memory and CPU resources,\n resulting in a denial of service condition.\n (CVE-2014-0118)\n\n - A race condition exists in the mod_status module due to\n improper validation of user-supplied input when handling\n the scoreboard. A remote attacker can exploit this, via\n a crafted request, to cause a heap-based buffer\n overflow, resulting in a denial of service condition or\n the execution of arbitrary code. (CVE-2014-0226)\n\n - A flaw exists in the mod_cgid module due to the lack of\n a timeout mechanism. A remote attacker can exploit this,\n via a request to a CGI script that does not read from\n its stdin file descriptor, to cause a denial of service\n condition. (CVE-2014-0231)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10685\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Juniper NSM version 2012.2R9 or later. Alternatively,\napply Upgrade Package v4.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/01/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:juniper:network_and_security_manager\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"juniper_nsm_servers_installed.nasl\");\n script_require_keys(\"Juniper_NSM_VerDetected\");\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nkb_base = \"Host/NSM/\";\n\nget_kb_item_or_exit(\"Juniper_NSM_VerDetected\");\n\nkb_list = make_list();\n\ntemp = get_kb_list(\"Juniper_NSM_GuiSvr/*/build\");\n\nif (!isnull(temp) && max_index(keys(temp)) > 0)\n kb_list = make_list(kb_list, keys(temp));\n\ntemp = get_kb_list(\"Host/NSM/*/build\");\nif (!isnull(temp) && max_index(keys(temp)) > 0)\n kb_list = make_list(kb_list, keys(temp));\n\nif (max_index(kb_list) == 0) audit(AUDIT_NOT_INST, \"Juniper NSM Servers\");\n\nreport = '';\n\nentry = branch(kb_list);\n\nport = 0;\nkb_base = '';\n\nif (\"Juniper_NSM_GuiSvr\" >< entry)\n{\n port = entry - \"Juniper_NSM_GuiSvr/\" - \"/build\";\n kb_base = \"Juniper_NSM_GuiSvr/\" + port + \"/\";\n\n report_str1 = \"Remote GUI server version : \";\n report_str2 = \"Fixed version : \";\n}\nelse\n{\n kb_base = entry - \"build\";\n if (\"guiSvr\" >< kb_base)\n {\n report_str1 = \"Local GUI server version : \";\n report_str2 = \"Fixed version : \";\n }\n else\n {\n report_str1 = \"Local device server version : \";\n report_str2 = \"Fixed version : \";\n }\n}\n\nbuild = get_kb_item_or_exit(entry);\nversion = get_kb_item_or_exit(kb_base + 'version');\n\nversion_disp = version + \" (\" + build + \")\";\n\n# NSM 2012.2R9 or later\n# replace r or R with . for easier version comparison\n# in 2010 and 2011 versions they use S instead of R\nversion_num = ereg_replace(pattern:\"(r|R|s|S)\", replace:\".\", string:version);\n\n# remove trailing . if it exists\nversion_num = ereg_replace(pattern:\"\\.$\", replace:\"\", string:version_num);\n\nfix_disp = \"2012.2R9\";\nfix_num = \"2012.2.9\";\nif (ver_compare(ver:version_num, fix:fix_num, strict:FALSE) < 0)\n{\n if (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n if (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\n if (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n flag = 0;\n\n if (rpm_check(release:\"CentOS-5\", reference:\"httpd-2.2.3-91.el5.centos\")) flag++;\n if (rpm_check(release:\"CentOS-5\", reference:\"mod_ssl-2.2.3-91.el5.centos\")) flag++;\n\n if (flag)\n {\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n\n if (report_verbosity > 0)\n {\n report = '\\n ' + report_str1 + version_disp +\n '\\n ' + report_str2 + fix_disp +\n '\\n' + rpm_report_get();\n security_warning(extra:report, port:port);\n }\n else security_warning(port:port);\n }\n else audit(AUDIT_INST_VER_NOT_VULN, \"Juniper NSM\", version_disp);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"Juniper NSM\", version_disp);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:59:34", "description": "The remote host is running a version of NSM (Network and Security Manager) Server that is prior to 2012.2R9. It is, therefore, affected by multiple vulnerabilities in the bundled version of Apache HTTP Server :\n\n - A flaw exists due to improper escaping of filenames in 406 and 300 HTTP responses. A remote attacker can exploit this, by uploading a file with a specially crafted name, to inject arbitrary HTTP headers or conduct cross-site scripting attacks. (CVE-2008-0456)\n\n - Multiple cross-site scripting vulnerabilities exist in the mod_negotiation module due to improper sanitization of input passed via filenames. An attacker can exploit this to execute arbitrary script code in a user's browser. (CVE-2012-2687)\n\n - Multiple cross-site scripting vulnerabilities exist in the mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules due to improper validation of input passed via the URL or hostnames. An attacker can exploit this to execute arbitrary script code in a user's browser. (CVE-2012-3499)\n\n - A cross-site scripting vulnerability exists in the mod_proxy_balancer module due to improper validation of input passed via the URL or hostnames. An attacker can exploit this to execute arbitrary script code in a user's browser. (CVE-2012-4558)\n\n - A flaw exists in the do_rewritelog() function due to improper sanitization of escape sequences written to log files. A remote attacker can exploit this, via a specially crafted HTTP request, to execute arbitrary commands. (CVE-2013-1862)\n\n - A denial of service vulnerability exists in mod_dav.c due to improper validation to determine if DAV is enabled for a URI. A remote attacker can exploit this, via a specially crafted MERGE request, to cause a segmentation fault, resulting in a denial of service condition. (CVE-2013-1896)\n\n - A denial of service vulnerability exists in the dav_xml_get_cdata() function due to improper removal of whitespace characters from CDATA sections. A remote attacker can exploit this, via a specially crafted DAV WRITE request, to cause a daemon crash, resulting in a denial of service condition. (CVE-2013-6438)\n\n - A flaw exists in log_cookie() function due to the logging of cookies with an unassigned value. A remote attacker can exploit this, via a specially crafted request, to cause a segmentation fault, resulting in a denial of service condition. (CVE-2014-0098)\n\n - A flaw exists in the deflate_in_filter() function when request body decompression is configured. A remote attacker can exploit this, via a specially crafted request, to exhaust available memory and CPU resources, resulting in a denial of service condition.\n (CVE-2014-0118)\n\n - A race condition exists in the mod_status module due to improper validation of user-supplied input when handling the scoreboard. A remote attacker can exploit this, via a crafted request, to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2014-0226)\n\n - A flaw exists in the mod_cgid module due to the lack of a timeout mechanism. A remote attacker can exploit this, via a request to a CGI script that does not read from its stdin file descriptor, to cause a denial of service condition. (CVE-2014-0231)", "cvss3": {}, "published": "2015-07-20T00:00:00", "type": "nessus", "title": "Juniper NSM < 2012.2R9 Apache HTTP Server Multiple Vulnerabilities (JSA10685)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-0456", "CVE-2012-2687", "CVE-2012-3499", "CVE-2012-4558", "CVE-2013-1862", "CVE-2013-1896", "CVE-2013-6438", "CVE-2014-0098", "CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:juniper:network_and_security_manager"], "id": "JUNIPER_NSM_JSA10685.NASL", "href": "https://www.tenable.com/plugins/nessus/84877", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84877);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2008-0456\",\n \"CVE-2012-2687\",\n \"CVE-2012-3499\",\n \"CVE-2012-4558\",\n \"CVE-2013-1862\",\n \"CVE-2013-1896\",\n \"CVE-2013-6438\",\n \"CVE-2014-0098\",\n \"CVE-2014-0118\",\n \"CVE-2014-0226\",\n \"CVE-2014-0231\"\n );\n script_bugtraq_id(\n 27409,\n 55131,\n 58165,\n 59826,\n 61129,\n 66303,\n 68678,\n 68742,\n 68745\n );\n\n script_name(english:\"Juniper NSM < 2012.2R9 Apache HTTP Server Multiple Vulnerabilities (JSA10685)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of NSM (Network and Security\nManager) Server that is prior to 2012.2R9. It is, therefore, affected\nby multiple vulnerabilities in the bundled version of Apache HTTP\nServer :\n\n - A flaw exists due to improper escaping of filenames in\n 406 and 300 HTTP responses. A remote attacker can\n exploit this, by uploading a file with a specially\n crafted name, to inject arbitrary HTTP headers or\n conduct cross-site scripting attacks. (CVE-2008-0456)\n\n - Multiple cross-site scripting vulnerabilities exist in\n the mod_negotiation module due to improper sanitization\n of input passed via filenames. An attacker can exploit\n this to execute arbitrary script code in a user's\n browser. (CVE-2012-2687)\n\n - Multiple cross-site scripting vulnerabilities exist in\n the mod_info, mod_status, mod_imagemap, mod_ldap, and\n mod_proxy_ftp modules due to improper validation of\n input passed via the URL or hostnames. An attacker can\n exploit this to execute arbitrary script code in a\n user's browser. (CVE-2012-3499)\n\n - A cross-site scripting vulnerability exists in the\n mod_proxy_balancer module due to improper validation of\n input passed via the URL or hostnames. An attacker can\n exploit this to execute arbitrary script code in a\n user's browser. (CVE-2012-4558)\n\n - A flaw exists in the do_rewritelog() function due to\n improper sanitization of escape sequences written to log\n files. A remote attacker can exploit this, via a\n specially crafted HTTP request, to execute arbitrary\n commands. (CVE-2013-1862)\n\n - A denial of service vulnerability exists in mod_dav.c\n due to improper validation to determine if DAV is\n enabled for a URI. A remote attacker can exploit this,\n via a specially crafted MERGE request, to cause a\n segmentation fault, resulting in a denial of service\n condition. (CVE-2013-1896)\n\n - A denial of service vulnerability exists in the\n dav_xml_get_cdata() function\n due to improper removal of whitespace characters from\n CDATA sections. A remote attacker can exploit this,\n via a specially crafted DAV WRITE request, to cause a\n daemon crash, resulting in a denial of service\n condition. (CVE-2013-6438)\n\n - A flaw exists in log_cookie() function due to the\n logging of cookies with an unassigned value. A remote\n attacker can exploit this, via a specially crafted\n request, to cause a segmentation fault, resulting in a\n denial of service condition. (CVE-2014-0098)\n\n - A flaw exists in the deflate_in_filter() function when\n request body decompression is configured. A remote\n attacker can exploit this, via a specially crafted\n request, to exhaust available memory and CPU resources,\n resulting in a denial of service condition.\n (CVE-2014-0118)\n\n - A race condition exists in the mod_status module due to\n improper validation of user-supplied input when handling\n the scoreboard. A remote attacker can exploit this, via\n a crafted request, to cause a heap-based buffer\n overflow, resulting in a denial of service condition or\n the execution of arbitrary code. (CVE-2014-0226)\n\n - A flaw exists in the mod_cgid module due to the lack of\n a timeout mechanism. A remote attacker can exploit this,\n via a request to a CGI script that does not read from\n its stdin file descriptor, to cause a denial of service\n condition. (CVE-2014-0231)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10685\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Juniper NSM version 2012.2R9 or later. Alternatively,\napply Upgrade Package v4.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/01/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/20\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:juniper:network_and_security_manager\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"os_fingerprint.nasl\", \"juniper_nsm_gui_svr_detect.nasl\");\n script_require_keys(\"Juniper_NSM_VerDetected\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"global_settings.inc\");\n\nkb_base = \"Host/NSM/\";\n\n# Since we can't detect the package change remotely this needs to be paranoid.\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nget_kb_item_or_exit(\"Juniper_NSM_VerDetected\");\n\nkb_list = make_list();\n\ntemp = get_kb_list(\"Juniper_NSM_GuiSvr/*/build\");\n\nif (!isnull(temp) && max_index(keys(temp)) > 0)\n kb_list = make_list(kb_list, keys(temp));\n\ntemp = get_kb_list(\"Host/NSM/*/build\");\nif (!isnull(temp) && max_index(keys(temp)) > 0)\n kb_list = make_list(kb_list, keys(temp));\n\nif (max_index(kb_list) == 0) audit(AUDIT_NOT_INST, \"Juniper NSM Servers\");\n\nreport = '';\n\nentry = branch(kb_list);\n\nport = 0;\nkb_base = '';\n\nif (\"Juniper_NSM_GuiSvr\" >< entry)\n{\n port = entry - \"Juniper_NSM_GuiSvr/\" - \"/build\";\n kb_base = \"Juniper_NSM_GuiSvr/\" + port + \"/\";\n\n report_str1 = \"Remote GUI server version : \";\n report_str2 = \"Fixed version : \";\n}\nelse\n{\n kb_base = entry - \"build\";\n if (\"guiSvr\" >< kb_base)\n {\n report_str1 = \"Local GUI server version : \";\n report_str2 = \"Fixed version : \";\n }\n else\n {\n report_str1 = \"Local device server version : \";\n report_str2 = \"Fixed version : \";\n }\n}\n\nbuild = get_kb_item_or_exit(entry);\nversion = get_kb_item_or_exit(kb_base + 'version');\n\nversion_disp = version + \" (\" + build + \")\";\n\n# NSM 2012.2R9 or later\n# replace r or R with . for easier version comparison\n# in 2010 and 2011 versions they use S instead of R\nversion_num = ereg_replace(pattern:\"(r|R|s|S)\", replace:\".\", string:version);\n\n# remove trailing . if it exists\nversion_num = ereg_replace(pattern:\"\\.$\", replace:\"\", string:version_num);\n\nfix_disp = \"2012.2R9\";\nfix_num = \"2012.2.9\";\nif (ver_compare(ver:version_num, fix:fix_num, strict:FALSE) < 0)\n{\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n\n if (report_verbosity > 0)\n {\n report = '\\n ' + report_str1 + version_disp +\n '\\n ' + report_str2 + fix_disp +\n '\\n';\n security_warning(extra:report, port:port);\n }\n else security_warning(port:port);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"Juniper NSM\", version_disp);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:47:34", "description": "The IBM WebSphere Application Server running on the remote host is version 8.5 prior to Fix Pack 8.5.5.4. It is, therefore, affected by the following vulnerabilities :\n\n - Multiple errors exist related to the included IBM HTTP server that can allow remote code execution or denial of service. (CVE-2013-5704, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231 / PI22070)\n\n - An unspecified error exists related to HTTP headers that can allow information disclosure. (CVE-2014-3021 / PI08268)\n\n - An error exists related to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A man-in-the-middle attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. This is also known as the 'POODLE' issue. (CVE-2014-3566 / PI28435, PI28436, PI28437)\n\n - An unspecified input validation errors exist related to the administrative console that can allow cross-site scripting and cross-site request forgery attacks.\n (CVE-2014-4770, CVE-2014-4816 / PI23055)\n\n - An unspecified error exists that can allow OpenID and OpenID Connect cookies to be spoofed, allowing information disclosure. (CVE-2014-6164 / PI23430)\n\n - An error exists related to the Communications Enabled Applications (CEA) service that can allow XML External Entity Injection (XXE) attacks leading to information disclosure. This only occurs if CEA is enabled. By default this is disabled. (CVE-2014-6166 / PI25310)\n\n - An input validation error exists related to session input using URL rewriting that can allow cross-site scripting attacks. (CVE-2014-6167 / PI23819)\n\n - An error exists related to the administrative console that can allow 'click-jacking' attacks. (CVE-2014-6174 / PI27152)\n\n - An error exists related to deployment descriptor security constraints and ServletSecurity annotations on a servlet that can allow privilege escalation. Note that this issue only affects the 'Liberty Profile'.\n (CVE-2014-8890 / PI29911)", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2015-01-07T00:00:00", "type": "nessus", "title": "IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.4 Multiple Vulnerabilities (POODLE)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5704", "CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231", "CVE-2014-3021", "CVE-2014-3566", "CVE-2014-4770", "CVE-2014-4816", "CVE-2014-6164", "CVE-2014-6166", "CVE-2014-6167", "CVE-2014-6174", "CVE-2014-8890"], "modified": "2019-11-25T00:00:00", "cpe": ["cpe:/a:ibm:websphere_application_server"], "id": "WEBSPHERE_8_5_5_4.NASL", "href": "https://www.tenable.com/plugins/nessus/80398", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80398);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2013-5704\",\n \"CVE-2014-0118\",\n \"CVE-2014-0226\",\n \"CVE-2014-0231\",\n \"CVE-2014-3021\",\n \"CVE-2014-3566\",\n \"CVE-2014-4770\",\n \"CVE-2014-4816\",\n \"CVE-2014-6164\",\n \"CVE-2014-6166\",\n \"CVE-2014-6167\",\n \"CVE-2014-6174\",\n \"CVE-2014-8890\"\n );\n script_bugtraq_id(\n 66550,\n 68678,\n 68742,\n 68745,\n 69980,\n 69981,\n 70239,\n 70574,\n 70582,\n 71834,\n 71836,\n 71837,\n 71850\n );\n script_xref(name:\"CERT\", value:\"577193\");\n\n script_name(english:\"IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.4 Multiple Vulnerabilities (POODLE)\");\n script_summary(english:\"Reads the version number from the SOAP port.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote application server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The IBM WebSphere Application Server running on the remote host is\nversion 8.5 prior to Fix Pack 8.5.5.4. It is, therefore, affected by\nthe following vulnerabilities :\n\n - Multiple errors exist related to the included IBM HTTP\n server that can allow remote code execution or denial\n of service. (CVE-2013-5704, CVE-2014-0118,\n CVE-2014-0226, CVE-2014-0231 / PI22070)\n\n - An unspecified error exists related to HTTP headers\n that can allow information disclosure. (CVE-2014-3021\n / PI08268)\n\n - An error exists related to the way SSL 3.0 handles\n padding bytes when decrypting messages encrypted using\n block ciphers in cipher block chaining (CBC) mode. A\n man-in-the-middle attacker can decrypt a selected byte\n of a cipher text in as few as 256 tries if they are able\n to force a victim application to repeatedly send the\n same data over newly created SSL 3.0 connections. This\n is also known as the 'POODLE' issue. (CVE-2014-3566 /\n PI28435, PI28436, PI28437)\n\n - An unspecified input validation errors exist related to\n the administrative console that can allow cross-site\n scripting and cross-site request forgery attacks.\n (CVE-2014-4770, CVE-2014-4816 / PI23055)\n\n - An unspecified error exists that can allow OpenID and\n OpenID Connect cookies to be spoofed, allowing\n information disclosure. (CVE-2014-6164 / PI23430)\n\n - An error exists related to the Communications Enabled\n Applications (CEA) service that can allow XML External\n Entity Injection (XXE) attacks leading to information\n disclosure. This only occurs if CEA is enabled. By\n default this is disabled. (CVE-2014-6166 / PI25310)\n\n - An input validation error exists related to session\n input using URL rewriting that can allow cross-site\n scripting attacks. (CVE-2014-6167 / PI23819)\n\n - An error exists related to the administrative console\n that can allow 'click-jacking' attacks. (CVE-2014-6174 /\n PI27152)\n\n - An error exists related to deployment descriptor\n security constraints and ServletSecurity annotations on\n a servlet that can allow privilege escalation. Note that\n this issue only affects the 'Liberty Profile'.\n (CVE-2014-8890 / PI29911)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21690185\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-304.ibm.com/support/docview.wss?uid=swg21672428\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg24038539\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg27036319#8554\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21687173\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-14-236/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2014/10/14/poodle.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/ssl-poodle.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Fix Pack 4 for (8.5.5.4) or later.\n\nNote that the following Interim Fixes are available :\n\n - CVE-2013-5704, CVE-2014-0118, CVE-2014-0226, and\n CVE-2014-0231 are corrected in IF PI22070.\n\n - CVE-2014-3566 is corrected in various IFs.\n Consult IBM document 'swg21687173' for details.\n\n - CVE-2014-4770 and CVE-2014-4816 are corrected in\n IF PI23055.\n\n - CVE-2014-6166 is corrected in IF PI25310.\n\n - CVE-2014-8890 is corrected in IF PI29911.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0226\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_application_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"websphere_detect.nasl\");\n script_require_keys(\"www/WebSphere\");\n script_require_ports(\"Services/www\", 8880, 8881);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:8880, embedded:0);\n\nversion = get_kb_item_or_exit(\"www/WebSphere/\"+port+\"/version\");\nsource = get_kb_item_or_exit(\"www/WebSphere/\"+port+\"/source\");\n\napp_name = \"IBM WebSphere Application Server\";\n\nif (version !~ \"^8\\.5([^0-9]|$)\")\n audit(AUDIT_NOT_LISTEN, app_name + \" 8.5\", port);\n\nif (version =~ \"^[0-9]+(\\.[0-9]+)?$\")\n audit(AUDIT_VER_NOT_GRANULAR, app_name, port, version);\n\nfixed = '8.5.5.4';\n\nif (ver_compare(ver:version, fix:fixed, strict:FALSE) < 0)\n{\n set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n set_kb_item(name: 'www/'+port+'/XSRF', value: TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, app_name, port, version);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-18T14:41:56", "description": "This apache version update fixes various security and non security issues.\n\n - Updated to the 2.2.29\n\n - Changes between 2.2.22 and 2.2.29:\n http://www.apache.org/dist/httpd/CHANGES_2.2\n\n - The following patches are no longer needed and were removed :\n\n - httpd-2.2.x-bnc798733-SNI_ignorecase.diff\n\n - httpd-2.2.x-bnc806458-mod_imagemap-xss.diff\n\n - httpd-2.2.x-bnc806458-mod_info_ap_get_server_name-xss.diff\n\n - httpd-2.2.x-bnc806458-mod_proxy_ftp-xss.diff\n\n - httpd-2.2.x-bnc806458-util_ldap_cache_mgr-xss.diff\n\n - httpd-2.2.x-bnc807152-mod_balancer_handler_xss.diff\n\n - httpd-mod_deflate_head.patch\n\n - httpd-new_pcre.patch\n\n - httpd-2.2.22-SSLCompression_CRIME_mitigation.patch\n\n - httpd-2.2.19-linux3.patch\n\n - httpd-2.2.x-bnc829056-CVE-2013-1896-pr1482522-mod_dav.diff\n\n - httpd-2.2.x-bnc829057-CVE-2013-1862-mod_rewrite_terminal_escape_sequences.diff\n\n - httpd-2.2.x-bnc869105-CVE-2013-6438-mod_dav-dos.diff\n\n - httpd-2.2.x-bnc869106-CVE-2014-0098-log_cookie_c.diff\n\n - httpd-2.2.x-bnc887765-CVE-2014-0226-mod_status_race.diff\n\n - httpd-2.2.x-bnc887768-CVE-2014-0231_mod_cgid_DoS_via_no_stdin_read.diff\n\n - httpd-2.2.x-bnc777260-CVE-2012-2687-mod_negotiation_filename_xss.diff\n\n - httpd-2.2.x-CVE-2011-3368-server_protocl_c.diff\n\n - The following patches were updated for the current Apache version :\n\n - apache2-mod_ssl_npn.patch\n\n - httpd-2.0.54-envvars.dif\n\n - httpd-2.2.x-bnc690734.patch\n\n - ssl-mode-release-buffers.patch\n\n - bnc#871310 fixed in Apache httpd 2.2.29", "cvss3": {}, "published": "2014-12-16T00:00:00", "type": "nessus", "title": "openSUSE Security Update : apache2 (openSUSE-SU-2014:1647-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3368", "CVE-2012-2687", "CVE-2013-1862", "CVE-2013-1896", "CVE-2013-6438", "CVE-2014-0098", "CVE-2014-0226", "CVE-2014-0231"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2", "p-cpe:/a:novell:opensuse:apache2-debuginfo", "p-cpe:/a:novell:opensuse:apache2-debugsource", "p-cpe:/a:novell:opensuse:apache2-devel", "p-cpe:/a:novell:opensuse:apache2-event", "p-cpe:/a:novell:opensuse:apache2-event-debuginfo", "p-cpe:/a:novell:opensuse:apache2-example-pages", "p-cpe:/a:novell:opensuse:apache2-itk", "p-cpe:/a:novell:opensuse:apache2-itk-debuginfo", "p-cpe:/a:novell:opensuse:apache2-prefork", "p-cpe:/a:novell:opensuse:apache2-prefork-debuginfo", "p-cpe:/a:novell:opensuse:apache2-utils", "p-cpe:/a:novell:opensuse:apache2-utils-debuginfo", "p-cpe:/a:novell:opensuse:apache2-worker", "p-cpe:/a:novell:opensuse:apache2-worker-debuginfo", "cpe:/o:novell:opensuse:12.3"], "id": "OPENSUSE-2014-770.NASL", "href": "https://www.tenable.com/plugins/nessus/80043", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-770.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80043);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-3368\", \"CVE-2012-2687\", \"CVE-2013-1862\", \"CVE-2013-1896\", \"CVE-2013-6438\", \"CVE-2014-0098\", \"CVE-2014-0226\", \"CVE-2014-0231\");\n\n script_name(english:\"openSUSE Security Update : apache2 (openSUSE-SU-2014:1647-1)\");\n script_summary(english:\"Check for the openSUSE-2014-770 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This apache version update fixes various security and non security\nissues.\n\n - Updated to the 2.2.29\n\n - Changes between 2.2.22 and 2.2.29:\n http://www.apache.org/dist/httpd/CHANGES_2.2\n\n - The following patches are no longer needed and were\n removed :\n\n - httpd-2.2.x-bnc798733-SNI_ignorecase.diff\n\n - httpd-2.2.x-bnc806458-mod_imagemap-xss.diff\n\n - httpd-2.2.x-bnc806458-mod_info_ap_get_server_name-xss.diff\n\n - httpd-2.2.x-bnc806458-mod_proxy_ftp-xss.diff\n\n - httpd-2.2.x-bnc806458-util_ldap_cache_mgr-xss.diff\n\n - httpd-2.2.x-bnc807152-mod_balancer_handler_xss.diff\n\n - httpd-mod_deflate_head.patch\n\n - httpd-new_pcre.patch\n\n - httpd-2.2.22-SSLCompression_CRIME_mitigation.patch\n\n - httpd-2.2.19-linux3.patch\n\n - httpd-2.2.x-bnc829056-CVE-2013-1896-pr1482522-mod_dav.diff\n\n - httpd-2.2.x-bnc829057-CVE-2013-1862-mod_rewrite_terminal_escape_sequences.diff\n\n - httpd-2.2.x-bnc869105-CVE-2013-6438-mod_dav-dos.diff\n\n - httpd-2.2.x-bnc869106-CVE-2014-0098-log_cookie_c.diff\n\n - httpd-2.2.x-bnc887765-CVE-2014-0226-mod_status_race.diff\n\n - httpd-2.2.x-bnc887768-CVE-2014-0231_mod_cgid_DoS_via_no_stdin_read.diff\n\n - httpd-2.2.x-bnc777260-CVE-2012-2687-mod_negotiation_filename_xss.diff\n\n - httpd-2.2.x-CVE-2011-3368-server_protocl_c.diff\n\n - The following patches were updated for the current\n Apache version :\n\n - apache2-mod_ssl_npn.patch\n\n - httpd-2.0.54-envvars.dif\n\n - httpd-2.2.x-bnc690734.patch\n\n - ssl-mode-release-buffers.patch\n\n - bnc#871310 fixed in Apache httpd 2.2.29\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.apache.org/dist/httpd/CHANGES_2.2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=871310\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-12/msg00065.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-event-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-itk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-itk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-prefork-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-worker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-2.2.29-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-debuginfo-2.2.29-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-debugsource-2.2.29-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-devel-2.2.29-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-event-2.2.29-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-event-debuginfo-2.2.29-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-example-pages-2.2.29-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-itk-2.2.29-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-itk-debuginfo-2.2.29-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-prefork-2.2.29-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-prefork-debuginfo-2.2.29-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-utils-2.2.29-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-utils-debuginfo-2.2.29-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-worker-2.2.29-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-worker-debuginfo-2.2.29-10.16.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2 / apache2-debuginfo / apache2-debugsource / apache2-devel / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:49:57", "description": "The remote host is running IBM WebSphere Application Server version 8.0 prior to Fix Pack 10. It is, therefore, affected by the following vulnerabilities :\n\n - Multiple errors exist related to the included IBM HTTP server that can allow remote code execution or denial of service. (CVE-2013-5704, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231 / PI22070)\n\n - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076 / PI19700)\n\n - An unspecified error exists related to HTTP headers that can allow information disclosure. (CVE-2014-3021 / PI08268)\n\n - An unspecified error caused by improper account creation with the Virtual Member Manager SPI Admin Task 'addFileRegistryAccount' can allow remote attackers to bypass security restrictions. (CVE-2014-3070 / PI16765)\n\n - An information disclosure vulnerability exists due to a failure to restrict access to resources located within the web application. A remote attacker can exploit this to obtain configuration data and other sensitive information. (CVE-2014-3083 / PI17768, PI30579 )\n\n - A man-in-the-middle (MitM) information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. MitM attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566 / PI28435, PI28436, PI28437)\n\n - An unspecified flaw in the Load Balancer for IPv4 Dispatcher component allows a remote attacker to cause a denial of service. (CVE-2014-4764 / PI21189)\n\n - An unspecified input validation error exists related to the administrative console that can allow cross-site scripting and cross-site request forgery attacks.\n (CVE-2014-4770, CVE-2014-4816 / PI23055)\n\n - An error exists related to the Communications Enabled Applications (CEA) service that can allow XML External Entity Injection (XXE) attacks leading to information disclosure. This only occurs if CEA is enabled, and by default this is disabled. (CVE-2014-6166 / PI25310)\n\n - An input validation error exists related to session input using URL rewriting that can allow cross-site scripting attacks. (CVE-2014-6167 / PI23819)\n\n - An error exists related to the administrative console that can allow click-jacking attacks. (CVE-2014-6174 / PI27152)", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2015-02-18T00:00:00", "type": "nessus", "title": "IBM WebSphere Application Server 8.0 < Fix Pack 10 Multiple Vulnerabilities (POODLE)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5704", "CVE-2014-0076", "CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231", "CVE-2014-3021", "CVE-2014-3070", "CVE-2014-3083", "CVE-2014-3566", "CVE-2014-4764", "CVE-2014-4770", "CVE-2014-4816", "CVE-2014-6166", "CVE-2014-6167", "CVE-2014-6174"], "modified": "2019-11-25T00:00:00", "cpe": ["cpe:/a:ibm:websphere_application_server"], "id": "WEBSPHERE_8_0_0_10.NASL", "href": "https://www.tenable.com/plugins/nessus/81401", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81401);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2013-5704\",\n \"CVE-2014-0076\",\n \"CVE-2014-0118\",\n \"CVE-2014-0226\",\n \"CVE-2014-0231\",\n \"CVE-2014-3021\",\n \"CVE-2014-3070\",\n \"CVE-2014-3083\",\n \"CVE-2014-3566\",\n \"CVE-2014-4764\",\n \"CVE-2014-4770\",\n \"CVE-2014-4816\",\n \"CVE-2014-6166\",\n \"CVE-2014-6167\",\n \"CVE-2014-6174\"\n );\n script_bugtraq_id(\n 66363,\n 66550,\n 68678,\n 68742,\n 68745,\n 69296,\n 69298,\n 69301,\n 69980,\n 69981,\n 70239,\n 70574,\n 70582,\n 71836,\n 71850\n );\n script_xref(name:\"CERT\", value:\"577193\");\n\n script_name(english:\"IBM WebSphere Application Server 8.0 < Fix Pack 10 Multiple Vulnerabilities (POODLE)\");\n script_summary(english:\"Reads the version number from the SOAP port.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote application server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running IBM WebSphere Application Server version\n8.0 prior to Fix Pack 10. It is, therefore, affected by the following\nvulnerabilities :\n\n - Multiple errors exist related to the included IBM HTTP\n server that can allow remote code execution or denial\n of service. (CVE-2013-5704, CVE-2014-0118,\n CVE-2014-0226, CVE-2014-0231 / PI22070)\n\n - An error exists related to the implementation of the\n Elliptic Curve Digital Signature Algorithm (ECDSA) that\n could allow nonce disclosure via the 'FLUSH+RELOAD'\n cache side-channel attack. (CVE-2014-0076 / PI19700)\n\n - An unspecified error exists related to HTTP headers that\n can allow information disclosure. (CVE-2014-3021 /\n PI08268)\n\n - An unspecified error caused by improper account creation\n with the Virtual Member Manager SPI Admin Task\n 'addFileRegistryAccount' can allow remote attackers to\n bypass security restrictions. (CVE-2014-3070 / PI16765)\n\n - An information disclosure vulnerability exists due to a\n failure to restrict access to resources located within\n the web application. A remote attacker can exploit this\n to obtain configuration data and other sensitive\n information. (CVE-2014-3083 / PI17768, PI30579 )\n\n - A man-in-the-middle (MitM) information disclosure\n vulnerability known as POODLE. The vulnerability is due\n to the way SSL 3.0 handles padding bytes when decrypting\n messages encrypted using block ciphers in cipher block\n chaining (CBC) mode. MitM attackers can decrypt a\n selected byte of a cipher text in as few as 256 tries if\n they are able to force a victim application to\n repeatedly send the same data over newly created SSL 3.0\n connections. (CVE-2014-3566 / PI28435, PI28436, PI28437)\n\n - An unspecified flaw in the Load Balancer for IPv4\n Dispatcher component allows a remote attacker to cause\n a denial of service. (CVE-2014-4764 / PI21189)\n\n - An unspecified input validation error exists related to\n the administrative console that can allow cross-site\n scripting and cross-site request forgery attacks.\n (CVE-2014-4770, CVE-2014-4816 / PI23055)\n\n - An error exists related to the Communications Enabled\n Applications (CEA) service that can allow XML External\n Entity Injection (XXE) attacks leading to information\n disclosure. This only occurs if CEA is enabled, and by\n default this is disabled. (CVE-2014-6166 / PI25310)\n\n - An input validation error exists related to session\n input using URL rewriting that can allow cross-site\n scripting attacks. (CVE-2014-6167 / PI23819)\n\n - An error exists related to the administrative console\n that can allow click-jacking attacks. (CVE-2014-6174 /\n PI27152)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg24039242\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg27022958#80010\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-304.ibm.com/support/docview.wss?uid=swg21672428\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21687173\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-304.ibm.com/support/docview.wss?uid=swg21682767\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Fix Pack 10 for version 8.0 (8.0.0.10) or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0226\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_application_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"websphere_detect.nasl\");\n script_require_keys(\"www/WebSphere\");\n script_require_ports(\"Services/www\", 8880, 8881);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:8880, embedded:0);\n\napp_name = \"IBM WebSphere Application Server\";\n\nversion = get_kb_item_or_exit(\"www/WebSphere/\"+port+\"/version\");\nif (version !~ \"^8\\.0([^0-9]|$)\") audit(AUDIT_NOT_LISTEN, app_name + \" 8.0\", port);\nif (version =~ \"^[0-9]+(\\.[0-9]+)?$\") audit(AUDIT_VER_NOT_GRANULAR, app_name, port, version);\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif (ver[0] == 8 && ver[1] == 0 && ver[2] == 0 && ver[3] < 10)\n{\n set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n set_kb_item(name: 'www/'+port+'/XSRF', value: TRUE);\n\n if (report_verbosity > 0)\n {\n source = get_kb_item_or_exit(\"www/WebSphere/\"+port+\"/source\");\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 8.0.0.10' +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, app_name, port, version);\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-18T14:36:27", "description": "The remote host is affected by the vulnerability described in GLSA-201408-12 (Apache HTTP Server: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been found in Apache HTTP Server. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could send a specially crafted request to possibly execute arbitrary code, cause Denial of Service, or obtain sensitive information.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2014-08-30T00:00:00", "type": "nessus", "title": "GLSA-201408-12 : Apache HTTP Server: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6438", "CVE-2014-0098", "CVE-2014-0226"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:apache", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201408-12.NASL", "href": "https://www.tenable.com/plugins/nessus/77456", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201408-12.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77456);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-6438\", \"CVE-2014-0098\", \"CVE-2014-0226\");\n script_bugtraq_id(66303, 68678);\n script_xref(name:\"GLSA\", value:\"201408-12\");\n\n script_name(english:\"GLSA-201408-12 : Apache HTTP Server: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201408-12\n(Apache HTTP Server: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been found in Apache HTTP Server. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could send a specially crafted request to possibly\n execute arbitrary code, cause Denial of Service, or obtain sensitive\n information.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201408-12\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Apache HTTP Server users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/apache-2.2.27-r4'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/apache\", unaffected:make_list(\"ge 2.2.27-r4\"), vulnerable:make_list(\"lt 2.2.27-r4\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Apache HTTP Server\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-23T02:31:42", "description": "According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.(CVE-2014-0098)\n\n - A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the 'apache' user.(CVE-2014-0226)\n\n - It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning.(CVE-2016-8743)\n\n - A NULL pointer dereference flaw was found in the way the mod_cache httpd module handled Content-Type headers. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP server was configured to proxy to a server with caching enabled.(CVE-2014-3581)\n\n - Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding.\n A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks.(CVE-2015-3183)\n\n - In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.(CVE-2017-15710)\n\n - A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request.(CVE-2017-3169)\n\n - It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.(CVE-2016-5387)\n\n - A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash.(CVE-2017-7679)\n\n - A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache.\n The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.(CVE-2018-1303)\n\n - It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server.(CVE-2017-9788)\n\n - A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header restrictions defined with mod_headers.(CVE-2013-5704)\n\n - A buffer over-read flaw was found in the httpd's ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request.(CVE-2017-7668)\n\n - A race condition was found in mod_auth_digest when the web server was running in a threaded MPM configuration.\n It could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.(CVE-2019-0217)\n\n - A NULL pointer dereference flaw was found in the mod_cache httpd module. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP Server was used as a forward proxy with caching.\n (CVE-2013-4352)\n\n - he dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request. (CVE-2013-6438)\n\n - A denial of service flaw was found in the mod_proxy httpd module. A remote attacker could send a specially crafted request to a server configured as a reverse proxy using a threaded Multi-Processing Modules (MPM) that would cause the httpd child process to crash.\n (CVE-2014-0117)\n\n - A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the 'DEFLATE' input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system.(CVE-2014-0118)\n\n - A denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely.(CVE-2014-0231)\n\n - It was discovered that in httpd 2.4, the internal API function ap_some_auth_required() could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied. (CVE-2015-3185)\n\n - It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack. (CVE-2016-0736)\n\n - It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication.(CVE-2016-2161)\n\n - It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd.(CVE-2017-3167)\n\n - A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\n - In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection. (CVE-2018-1312)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.1.0 : httpd (EulerOS-SA-2019-1419)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4352", "CVE-2013-5704", "CVE-2013-6438", "CVE-2014-0098", "CVE-2014-0117", "CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231", "CVE-2014-3581", "CVE-2015-3183", "CVE-2015-3185", "CVE-2016-0736", "CVE-2016-2161", "CVE-2016-5387", "CVE-2016-8743", "CVE-2017-15710", "CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7668", "CVE-2017-7679", "CVE-2017-9788", "CVE-2017-9798", "CVE-2018-1303", "CVE-2018-1312", "CVE-2019-0217"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-tools", "p-cpe:/a:huawei:euleros:mod_ssl", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1419.NASL", "href": "https://www.tenable.com/plugins/nessus/124922", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124922);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2013-4352\",\n \"CVE-2013-5704\",\n \"CVE-2013-6438\",\n \"CVE-2014-0098\",\n \"CVE-2014-0117\",\n \"CVE-2014-0118\",\n \"CVE-2014-0226\",\n \"CVE-2014-0231\",\n \"CVE-2014-3581\",\n \"CVE-2015-3183\",\n \"CVE-2015-3185\",\n \"CVE-2016-0736\",\n \"CVE-2016-2161\",\n \"CVE-2016-5387\",\n \"CVE-2016-8743\",\n \"CVE-2017-15710\",\n \"CVE-2017-3167\",\n \"CVE-2017-3169\",\n \"CVE-2017-7668\",\n \"CVE-2017-7679\",\n \"CVE-2017-9788\",\n \"CVE-2017-9798\",\n \"CVE-2018-1303\",\n \"CVE-2018-1312\",\n \"CVE-2019-0217\"\n );\n script_bugtraq_id(\n 66303,\n 66550,\n 68678,\n 68740,\n 68742,\n 68745,\n 68863,\n 69248,\n 71656,\n 75963,\n 75965\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : httpd (EulerOS-SA-2019-1419)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the httpd packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - The log_cookie function in mod_log_config.c in the\n mod_log_config module in the Apache HTTP Server before\n 2.4.8 allows remote attackers to cause a denial of\n service (segmentation fault and daemon crash) via a\n crafted cookie that is not properly handled during\n truncation.(CVE-2014-0098)\n\n - A race condition flaw, leading to heap-based buffer\n overflows, was found in the mod_status httpd module. A\n remote attacker able to access a status page served by\n mod_status on a server using a threaded\n Multi-Processing Module (MPM) could send a specially\n crafted request that would cause the httpd child\n process to crash or, possibly, allow the attacker to\n execute arbitrary code with the privileges of the\n 'apache' user.(CVE-2014-0226)\n\n - It was discovered that the HTTP parser in httpd\n incorrectly allowed certain characters not permitted by\n the HTTP protocol specification to appear unencoded in\n HTTP request headers. If httpd was used in conjunction\n with a proxy or backend server that interpreted those\n characters differently, a remote attacker could\n possibly use this flaw to inject data into HTTP\n responses, resulting in proxy cache\n poisoning.(CVE-2016-8743)\n\n - A NULL pointer dereference flaw was found in the way\n the mod_cache httpd module handled Content-Type\n headers. A malicious HTTP server could cause the httpd\n child process to crash when the Apache HTTP server was\n configured to proxy to a server with caching\n enabled.(CVE-2014-3581)\n\n - Multiple flaws were found in the way httpd parsed HTTP\n requests and responses using chunked transfer encoding.\n A remote attacker could use these flaws to create a\n specially crafted request, which httpd would decode\n differently from an HTTP proxy software in front of it,\n possibly leading to HTTP request smuggling\n attacks.(CVE-2015-3183)\n\n - In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and\n 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with\n AuthLDAPCharsetConfig, uses the Accept-Language header\n value to lookup the right charset encoding when\n verifying the user's credentials. If the header value\n is not present in the charset conversion table, a\n fallback mechanism is used to truncate it to a two\n characters value to allow a quick retry (for example,\n 'en-US' is truncated to 'en'). A header value of less\n than two characters forces an out of bound write of one\n NUL byte to a memory location that is not part of the\n string. In the worst case, quite unlikely, the process\n would crash which could be used as a Denial of Service\n attack. In the more likely case, this memory is already\n reserved for future use and the issue has no effect at\n all.(CVE-2017-15710)\n\n - A NULL pointer dereference flaw was found in the\n httpd's mod_ssl module. A remote attacker could use\n this flaw to cause an httpd child process to crash if\n another module used by httpd called a certain API\n function during the processing of an HTTPS\n request.(CVE-2017-3169)\n\n - It was discovered that httpd used the value of the\n Proxy header from HTTP requests to initialize the\n HTTP_PROXY environment variable for CGI scripts, which\n in turn was incorrectly used by certain HTTP client\n implementations to configure the proxy for outgoing\n HTTP requests. A remote attacker could possibly use\n this flaw to redirect HTTP requests performed by a CGI\n script to an attacker-controlled proxy via a malicious\n HTTP request.(CVE-2016-5387)\n\n - A buffer over-read flaw was found in the httpd's\n mod_mime module. A user permitted to modify httpd's\n MIME configuration could use this flaw to cause httpd\n child process to crash.(CVE-2017-7679)\n\n - A specially crafted HTTP request header could have\n crashed the Apache HTTP Server prior to version 2.4.30\n due to an out of bound read while preparing data to be\n cached in shared memory. It could be used as a Denial\n of Service attack against users of mod_cache_socache.\n The vulnerability is considered as low risk since\n mod_cache_socache is not widely used, mod_cache_disk is\n not concerned by this vulnerability.(CVE-2018-1303)\n\n - It was discovered that the httpd's mod_auth_digest\n module did not properly initialize memory before using\n it when processing certain headers related to digest\n authentication. A remote attacker could possibly use\n this flaw to disclose potentially sensitive information\n or cause httpd child process to crash by sending\n specially crafted requests to a server.(CVE-2017-9788)\n\n - A flaw was found in the way httpd handled HTTP Trailer\n headers when processing requests using chunked\n encoding. A malicious client could use Trailer headers\n to set additional HTTP headers after header processing\n was performed by other modules. This could, for\n example, lead to a bypass of header restrictions\n defined with mod_headers.(CVE-2013-5704)\n\n - A buffer over-read flaw was found in the httpd's\n ap_find_token() function. A remote attacker could use\n this flaw to cause httpd child process to crash via a\n specially crafted HTTP request.(CVE-2017-7668)\n\n - A race condition was found in mod_auth_digest when the\n web server was running in a threaded MPM configuration.\n It could allow a user with valid credentials to\n authenticate using another username, bypassing\n configured access control restrictions.(CVE-2019-0217)\n\n - A NULL pointer dereference flaw was found in the\n mod_cache httpd module. A malicious HTTP server could\n cause the httpd child process to crash when the Apache\n HTTP Server was used as a forward proxy with caching.\n (CVE-2013-4352)\n\n - he dav_xml_get_cdata function in main/util.c in the\n mod_dav module in the Apache HTTP Server before 2.4.8\n does not properly remove whitespace characters from\n CDATA sections, which allows remote attackers to cause\n a denial of service (daemon crash) via a crafted DAV\n WRITE request. (CVE-2013-6438)\n\n - A denial of service flaw was found in the mod_proxy\n httpd module. A remote attacker could send a specially\n crafted request to a server configured as a reverse\n proxy using a threaded Multi-Processing Modules (MPM)\n that would cause the httpd child process to crash.\n (CVE-2014-0117)\n\n - A denial of service flaw was found in the way httpd's\n mod_deflate module handled request body decompression\n (configured via the 'DEFLATE' input filter). A remote\n attacker able to send a request whose body would be\n decompressed could use this flaw to consume an\n excessive amount of system memory and CPU on the target\n system.(CVE-2014-0118)\n\n - A denial of service flaw was found in the way httpd's\n mod_cgid module executed CGI scripts that did not read\n data from the standard input. A remote attacker could\n submit a specially crafted request that would cause the\n httpd child process to hang\n indefinitely.(CVE-2014-0231)\n\n - It was discovered that in httpd 2.4, the internal API\n function ap_some_auth_required() could incorrectly\n indicate that a request was authenticated even when no\n authentication was used. An httpd module using this API\n function could consequently allow access that should\n have been denied. (CVE-2015-3185)\n\n - It was discovered that the mod_session_crypto module of\n httpd did not use any mechanisms to verify integrity of\n the encrypted session data stored in the user's\n browser. A remote attacker could use this flaw to\n decrypt and modify session data using a padding oracle\n attack. (CVE-2016-0736)\n\n - It was discovered that the mod_auth_digest module of\n httpd did not properly check for memory allocation\n failures. A remote attacker could use this flaw to\n cause httpd child processes to repeatedly crash if the\n server used HTTP digest authentication.(CVE-2016-2161)\n\n - It was discovered that the use of httpd's\n ap_get_basic_auth_pw() API function outside of the\n authentication phase could lead to authentication\n bypass. A remote attacker could possibly use this flaw\n to bypass required authentication if the API was used\n incorrectly by one of the modules used by\n httpd.(CVE-2017-3167)\n\n - A use-after-free flaw was found in the way httpd\n handled invalid and previously unregistered HTTP\n methods specified in the Limit directive used in an\n .htaccess file. A remote attacker could possibly use\n this flaw to disclose portions of the server memory, or\n cause httpd child process to crash. (CVE-2017-9798)\n\n - In Apache httpd 2.2.0 to 2.4.29, when generating an\n HTTP Digest authentication challenge, the nonce sent to\n prevent reply attacks was not correctly generated using\n a pseudo-random seed. In a cluster of servers using a\n common Digest authentication configuration, HTTP\n requests could be replayed across servers by an\n attacker without detection. (CVE-2018-1312)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1419\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4b195f8e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"httpd-2.4.6-80.1.h6\",\n \"httpd-tools-2.4.6-80.1.h6\",\n \"mod_ssl-2.4.6-80.1.h6\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:37:07", "description": "This update for apache2 fixes the following issues :\n\n - Allow disabling SNI on proxy connections using 'SetEnv proxy-disable-sni 1' in the configuration files.\n (bsc#1052830)\n\n - Allow ECDH again in mod_ssl, it had been incorrectly disabled with the 2.2.34 update. (bsc#1064561) Following security issue has been fixed :\n\n - CVE-2017-9798: A use-after-free in the OPTIONS command could be used by attackers to disclose memory of the apache server process, when htaccess uses incorrect Limit statement. (bsc#1058058) Additionally, references to the following security issues, fixed by the previous version-update of apache2 to Apache HTTPD 2.2.34 have been added :\n\n - CVE-2017-7668: The HTTP strict parsing introduced a bug in token list parsing, which allowed ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may have be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.\n (bsc#1045061)\n\n - CVE-2017-3169: mod_ssl may have de-referenced a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port allowing for DoS. (bsc#1045062)\n\n - CVE-2017-3167: Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may have lead to authentication requirements being bypassed. (bsc#1045065)\n\n - CVE-2017-7679: mod_mime could have read one byte past the end of a buffer when sending a malicious Content-Type response header. (bsc#1045060)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-10-31T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : apache2 (SUSE-SU-2017:2907-1) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2699", "CVE-2010-0425", "CVE-2012-0021", "CVE-2014-0118", "CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7668", "CVE-2017-7679", "CVE-2017-9798"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2", "p-cpe:/a:novell:suse_linux:apache2-devel", "p-cpe:/a:novell:suse_linux:apache2-doc", "p-cpe:/a:novell:suse_linux:apache2-example-pages", "p-cpe:/a:novell:suse_linux:apache2-prefork", "p-cpe:/a:novell:suse_linux:apache2-utils", "p-cpe:/a:novell:suse_linux:apache2-worker", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2017-2907-1.NASL", "href": "https://www.tenable.com/plugins/nessus/104270", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2907-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104270);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2009-2699\", \"CVE-2010-0425\", \"CVE-2012-0021\", \"CVE-2014-0118\", \"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7668\", \"CVE-2017-7679\", \"CVE-2017-9798\");\n script_bugtraq_id(36596, 38494, 51705, 68745);\n\n script_name(english:\"SUSE SLES11 Security Update : apache2 (SUSE-SU-2017:2907-1) (Optionsbleed)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for apache2 fixes the following issues :\n\n - Allow disabling SNI on proxy connections using 'SetEnv\n proxy-disable-sni 1' in the configuration files.\n (bsc#1052830)\n\n - Allow ECDH again in mod_ssl, it had been incorrectly\n disabled with the 2.2.34 update. (bsc#1064561) Following\n security issue has been fixed :\n\n - CVE-2017-9798: A use-after-free in the OPTIONS command\n could be used by attackers to disclose memory of the\n apache server process, when htaccess uses incorrect\n Limit statement. (bsc#1058058) Additionally, references\n to the following security issues, fixed by the previous\n version-update of apache2 to Apache HTTPD 2.2.34 have\n been added :\n\n - CVE-2017-7668: The HTTP strict parsing introduced a bug\n in token list parsing, which allowed ap_find_token() to\n search past the end of its input string. By maliciously\n crafting a sequence of request headers, an attacker may\n have be able to cause a segmentation fault, or to force\n ap_find_token() to return an incorrect value.\n (bsc#1045061)\n\n - CVE-2017-3169: mod_ssl may have de-referenced a NULL\n pointer when third-party modules call\n ap_hook_process_connection() during an HTTP request to\n an HTTPS port allowing for DoS. (bsc#1045062)\n\n - CVE-2017-3167: Use of the ap_get_basic_auth_pw() by\n third-party modules outside of the authentication phase\n may have lead to authentication requirements being\n bypassed. (bsc#1045065)\n\n - CVE-2017-7679: mod_mime could have read one byte past\n the end of a buffer when sending a malicious\n Content-Type response header. (bsc#1045060)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2009-2699/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2010-0425/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2012-0021/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-0118/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3167/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3169/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7668/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7679/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9798/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172907-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?084963fe\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Studio Onsite 1.3:zypper in -t patch slestso13-apache2-13331=1\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-apache2-13331=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-apache2-13331=1\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-apache2-13331=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-apache2-13331=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-apache2-13331=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-apache2-13331=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/10/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/31\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"apache2-2.2.34-70.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"apache2-doc-2.2.34-70.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"apache2-example-pages-2.2.34-70.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"apache2-prefork-2.2.34-70.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"apache2-utils-2.2.34-70.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"apache2-worker-2.2.34-70.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"apache2-2.2.34-70.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"apache2-devel-2.2.34-70.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"apache2-doc-2.2.34-70.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"apache2-example-pages-2.2.34-70.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"apache2-prefork-2.2.34-70.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"apache2-utils-2.2.34-70.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"apache2-worker-2.2.34-70.12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:58:31", "description": "According to the web server's banner, the version of HP System Management Homepage (SMH) hosted on the remote web server is prior to 7.5.0. It is, therefore, affected by multiple vulnerabilities :\n\n - A flaw exists within the 'mod_deflate' module when handling highly compressed bodies. A remote attacker can exploit this, via a specially crafted request, to exhaust memory and CPU resources, resulting in a denial of service condition. (CVE-2014-0118)\n\n - The 'mod_status' module contains a race condition that can be triggered when handling the scoreboard. A remote attacker can exploit this to cause a denial of service, execute arbitrary code, or obtain sensitive credential information. (CVE-2014-0226)\n\n - The 'mod_cgid' module lacks a time out mechanism. A remote attacker can exploit this, via a specially crafted request, to cause child processes to linger indefinitely, filling up the scoreboard and resulting in a denial of service vulnerability. (CVE-2014-0231)\n\n - A flaw exists in WinNT MPM versions 2.4.1 to 2.4.9 when using the default AcceptFilter. An attacker can exploit this, via specially crafted requests. to create a memory leak, resulting in a denial of service condition.\n (CVE-2014-3523)\n\n - A NULL pointer dereference flaw exists when the SSLv3 option isn't enabled and an SSLv3 ClientHello is received. This allows a remote attacker, using an unexpected handshake, to crash the daemon, resulting in a denial of service. (CVE-2014-3569)\n\n - The BIGNUM squaring (BN_sqr) implementation does not properly calculate the square of a BIGNUM value. This allows remote attackers to defeat cryptographic protection mechanisms. (CVE-2014-3570)\n\n - A NULL pointer dereference flaw exists in the dtls1_get_record() function when handling DTLS messages.\n A remote attacker, using a specially crafted DTLS message, can cause a denial of service. (CVE-2014-3571)\n\n - A flaw exists with ECDH handshakes when using an ECDSA certificate without a ServerKeyExchange message. This allows a remote attacker to trigger a loss of forward secrecy from the ciphersuite. (CVE-2014-3572)\n\n - A use-after-free error exists in the 'process_nested_data' function within 'ext/standard/var_unserializer.re' due to improper handling of duplicate keys within the serialized properties of an object. A remote attacker, using a specially crafted call to the 'unserialize' method, can exploit this flaw to execute arbitrary code on the system. (CVE-2014-8142)\n\n - A flaw exists when accepting non-DER variations of certificate signature algorithms and signature encodings due to a lack of enforcement of matches between signed and unsigned portions. A remote attacker, by including crafted data within a certificate's unsigned portion, can bypass fingerprint-based certificate-blacklist protection mechanisms. (CVE-2014-8275)\n\n - An out-of-bounds read flaw in file 'cgi_main.c' exists when nmap is used to process an invalid file that begins with a hash character (#) but lacks a newline character.\n A remote attacker, using a specially crafted PHP file, can exploit this vulnerability to disclose memory contents, cause a denial of service, or possibly execute code. (CVE-2014-9427)\n\n - An out-of-bounds read error exists in the Fine Free File component that is bundled with PHP. A remote attacker can exploit this to cause a denial of service condition or the disclosure of sensitive information.\n (CVE-2014-9652)\n\n - A memory corruption issue exists in the Fine Free File component that is bundled with PHP. A remote attacker can exploit this to cause an unspecified impact.\n (CVE-2014-9653)\n\n - A heap buffer overflow condition exists in PHP in the enchant_broker_request_dict() function due to improper validation of user-supplied input. An attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2014-9705)\n\n - A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204)\n\n - A flaw exists when accepting DH certificates for client authentication without the CertificateVerify message.\n This allows a remote attacker to authenticate to the service without a private key. (CVE-2015-0205)\n\n - A memory leak occurs in dtls1_buffer_record() when handling a saturation of DTLS records containing the same number sequence but for the next epoch. This allows a remote attacker to cause a denial of service.\n (CVE-2015-0206)\n\n - A flaw exists in the DTLSv1_listen() function due to state being preserved in the SSL object from one invocation to the next. A remote attacker can exploit this, via crafted DTLS traffic, to cause a segmentation fault, resulting in a denial of service.\n (CVE-2015-0207)\n\n - A flaw exists in the rsa_item_verify() function due to improper implementation of ASN.1 signature verification.\n A remote attacker can exploit this, via an ASN.1 signature using the RSA PSS algorithm and invalid parameters, to cause a NULL pointer dereference, resulting in a denial of service. (CVE-2015-0208)\n\n - A use-after-free condition exists in the d2i_ECPrivateKey() function due to improper processing of malformed EC private key files during import. A remote attacker can exploit this to dereference or free already freed memory, resulting in a denial of service or other unspecified impact. (CVE-2015-0209)\n\n - A use-after-free memory error exists in the process_nested_data() function in 'var_unserializer.re' due to improper handling of duplicate numerical keys within the serialized properties of an object. A remote attacker, using a crafted unserialize method call, can exploit this vulnerability to execute arbitrary code.\n (CVE-2015-0231)\n\n - A flaw exists in the exif_process_unicode() function in 'exif.c' that allows freeing an uninitialized pointer. A remote attacker, using specially crafted EXIF data in a JPEG image, can exploit this to cause a denial of service or to execute arbitrary code. (CVE-2015-0232)\n\n - A use-after-free flaw exists in the function php_date_timezone_initialize_from_hash() within the 'ext/date/php_date.c' script. An attacker can exploit this to access sensitive information or crash applications linked to PHP. (CVE-2015-0273)\n\n - A flaw exists in the ssl3_client_hello() function due to improper validation of a PRNG seed before proceeding with a handshake, resulting in insufficient entropy and predictable output. This allows a man-in-the-middle attacker to defeat cryptographic protection mechanisms via a brute-force attack, resulting in the disclosure of sensitive information. (CVE-2015-0285)\n\n - An invalid read error exists in the ASN1_TYPE_cmp() function due to improperly performed boolean-type comparisons. A remote attacker can exploit this, via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature, to cause an invalid read operation, resulting in a denial of service.\n (CVE-2015-0286)\n\n - A flaw exists in the ASN1_item_ex_d2i() function due to a failure to reinitialize 'CHOICE' and 'ADB' data structures when reusing a structure in ASN.1 parsing.\n This allows a remote attacker to cause an invalid write operation and memory corruption, resulting in a denial of service. (CVE-2015-0287)\n\n - A NULL pointer dereference flaw exists in the X509_to_X509_REQ() function due to improper processing of certificate keys. This allows a remote attacker, via a crafted X.509 certificate, to cause a denial of service. (CVE-2015-0288)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing outer ContentInfo. This allows a remote attacker, using an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, to cause a denial of service. (CVE-2015-0289)\n\n - A flaw exists with the 'multiblock' feature in the ssl3_write_bytes() function due to improper handling of certain non-blocking I/O cases. This allows a remote attacker to cause failed connections or a segmentation fault, resulting in a denial of service. (CVE-2015-0290)\n\n - A NULL pointer dereference flaw exists when handling clients attempting to renegotiate using an invalid signature algorithm extension. A remote attacker can exploit this to cause a denial of service.\n (CVE-2015-0291)\n\n - An integer underflow condition exists in the EVP_DecodeUpdate() function due to improper validation of base64 encoded input when decoding. This allows a remote attacker, using maliciously crafted base64 data, to cause a segmentation fault or memory corruption, resulting in a denial of service or possibly the execution of arbitrary code. (CVE-2015-0292)\n\n - A flaw exists in servers that both support SSLv2 and enable export cipher suites due to improper implementation of SSLv2. A remote attacker can exploit this, via a crafted CLIENT-MASTER-KEY message, to cause a denial of service. (CVE-2015-0293)\n\n - A flaw exists in the ssl3_get_client_key_exchange() function when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled. This allows a remote attacker, via a ClientKeyExchange message with a length of zero, to cause a denial of service.\n (CVE-2015-1787)\n\n - A cross-site request forgery (XSRF) vulnerability exists due to the lack of a unique token when performing sensitive actions via HTTP requests. (CVE-2015-2134)\n\n - A use-after-free error exists in the function phar_rename_archive() in file 'phar_object.c'. A remote attacker, by attempting to rename a phar archive to an already existing file name, can exploit this to cause a denial of service. (CVE-2015-2301)\n\n - A use-after-free error exists related to function 'unserialize', which can allow a remote attacker to execute arbitrary code. Note that this issue is due to an incomplete fix for CVE-2014-8142. (CVE-2015-0231)\n\n - A filter bypass vulnerability exists due to a flaw in the move_uploaded_file() function in which pathnames are truncated when a NULL byte is encountered. This allows a remote attacker, via a crafted second argument, to bypass intended extension restrictions and create files with unexpected names. (CVE-2015-2348)\n\n - A user-after-free error exists in the process_nested_data() function. This allows a remote attacker, via a crafted unserialize call, to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2015-2787)", "cvss3": {}, "published": "2015-07-22T00:00:00", "type": "nessus", "title": "HP System Management Homepage 7.3.x / 7.4.x < 7.5.0 Multiple Vulnerabilities (FREAK)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231", "CVE-2014-3523", "CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8142", "CVE-2014-8275", "CVE-2014-9427", "CVE-2014-9652", "CVE-2014-9653", "CVE-2014-9705", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206", "CVE-2015-0207", "CVE-2015-0208", "CVE-2015-0209", "CVE-2015-0231", "CVE-2015-0232", "CVE-2015-0273", "CVE-2015-0285", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0290", "CVE-2015-0291", "CVE-2015-0292", "CVE-2015-0293", "CVE-2015-1787", "CVE-2015-2134", "CVE-2015-2301", "CVE-2015-2331", "CVE-2015-2348", "CVE-2015-2787"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:hp:system_management_homepage"], "id": "HPSMH_7_5.NASL", "href": "https://www.tenable.com/plugins/nessus/84923", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84923);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2014-0118\",\n \"CVE-2014-0226\",\n \"CVE-2014-0231\",\n \"CVE-2014-3523\",\n \"CVE-2014-3569\",\n \"CVE-2014-3570\",\n \"CVE-2014-3571\",\n \"CVE-2014-3572\",\n \"CVE-2014-8142\",\n \"CVE-2014-8275\",\n \"CVE-2014-9427\",\n \"CVE-2014-9652\",\n \"CVE-2014-9653\",\n \"CVE-2014-9705\",\n \"CVE-2015-0204\",\n \"CVE-2015-0205\",\n \"CVE-2015-0206\",\n \"CVE-2015-0207\",\n \"CVE-2015-0208\",\n \"CVE-2015-0209\",\n \"CVE-2015-0231\",\n \"CVE-2015-0232\",\n \"CVE-2015-0273\",\n \"CVE-2015-0285\",\n \"CVE-2015-0286\",\n \"CVE-2015-0287\",\n \"CVE-2015-0288\",\n \"CVE-2015-0289\",\n \"CVE-2015-0290\",\n \"CVE-2015-0291\",\n \"CVE-2015-0292\",\n \"CVE-2015-0293\",\n \"CVE-2015-1787\",\n \"CVE-2015-2134\",\n \"CVE-2015-2301\",\n \"CVE-2015-2331\",\n \"CVE-2015-2348\",\n \"CVE-2015-2787\"\n );\n script_bugtraq_id(\n 68678,\n 68742,\n 68745,\n 68747,\n 71791,\n 71833,\n 71934,\n 71935,\n 71936,\n 71937,\n 71939,\n 71940,\n 71941,\n 71942,\n 72505,\n 72516,\n 72539,\n 72541,\n 72701,\n 73031,\n 73037,\n 73225,\n 73226,\n 73227,\n 73228,\n 73229,\n 73230,\n 73231,\n 73232,\n 73234,\n 73235,\n 73237,\n 73238,\n 73239,\n 73431,\n 73434,\n 75961\n );\n script_xref(name:\"HP\", value:\"SSRT102109\");\n script_xref(name:\"HP\", value:\"HPSBMU03380\");\n script_xref(name:\"HP\", value:\"emr_na-c04746490\");\n script_xref(name:\"CERT\", value:\"243585\");\n\n script_name(english:\"HP System Management Homepage 7.3.x / 7.4.x < 7.5.0 Multiple Vulnerabilities (FREAK)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the web server's banner, the version of HP System\nManagement Homepage (SMH) hosted on the remote web server is prior to\n7.5.0. It is, therefore, affected by multiple vulnerabilities :\n\n - A flaw exists within the 'mod_deflate' module when\n handling highly compressed bodies. A remote attacker can\n exploit this, via a specially crafted request, to\n exhaust memory and CPU resources, resulting in a denial\n of service condition. (CVE-2014-0118)\n\n - The 'mod_status' module contains a race condition that\n can be triggered when handling the scoreboard. A remote\n attacker can exploit this to cause a denial of service,\n execute arbitrary code, or obtain sensitive credential\n information. (CVE-2014-0226)\n\n - The 'mod_cgid' module lacks a time out mechanism. A\n remote attacker can exploit this, via a specially\n crafted request, to cause child processes to linger\n indefinitely, filling up the scoreboard and resulting in\n a denial of service vulnerability. (CVE-2014-0231)\n\n - A flaw exists in WinNT MPM versions 2.4.1 to 2.4.9 when\n using the default AcceptFilter. An attacker can exploit\n this, via specially crafted requests. to create a memory\n leak, resulting in a denial of service condition.\n (CVE-2014-3523)\n\n - A NULL pointer dereference flaw exists when the SSLv3\n option isn't enabled and an SSLv3 ClientHello is\n received. This allows a remote attacker, using an\n unexpected handshake, to crash the daemon, resulting in\n a denial of service. (CVE-2014-3569)\n\n - The BIGNUM squaring (BN_sqr) implementation does not\n properly calculate the square of a BIGNUM value. This\n allows remote attackers to defeat cryptographic\n protection mechanisms. (CVE-2014-3570)\n\n - A NULL pointer dereference flaw exists in the\n dtls1_get_record() function when handling DTLS messages.\n A remote attacker, using a specially crafted DTLS\n message, can cause a denial of service. (CVE-2014-3571)\n\n - A flaw exists with ECDH handshakes when using an ECDSA\n certificate without a ServerKeyExchange message. This\n allows a remote attacker to trigger a loss of forward\n secrecy from the ciphersuite. (CVE-2014-3572)\n\n - A use-after-free error exists in the\n 'process_nested_data' function within\n 'ext/standard/var_unserializer.re' due to improper\n handling of duplicate keys within the serialized\n properties of an object. A remote attacker, using a\n specially crafted call to the 'unserialize' method, can\n exploit this flaw to execute arbitrary code on the\n system. (CVE-2014-8142)\n\n - A flaw exists when accepting non-DER variations of\n certificate signature algorithms and signature encodings\n due to a lack of enforcement of matches between signed\n and unsigned portions. A remote attacker, by including\n crafted data within a certificate's unsigned portion,\n can bypass fingerprint-based certificate-blacklist\n protection mechanisms. (CVE-2014-8275)\n\n - An out-of-bounds read flaw in file 'cgi_main.c' exists\n when nmap is used to process an invalid file that begins\n with a hash character (#) but lacks a newline character.\n A remote attacker, using a specially crafted PHP file,\n can exploit this vulnerability to disclose memory\n contents, cause a denial of service, or possibly execute\n code. (CVE-2014-9427)\n\n - An out-of-bounds read error exists in the Fine Free File\n component that is bundled with PHP. A remote attacker\n can exploit this to cause a denial of service condition\n or the disclosure of sensitive information.\n (CVE-2014-9652)\n\n - A memory corruption issue exists in the Fine Free File\n component that is bundled with PHP. A remote attacker\n can exploit this to cause an unspecified impact.\n (CVE-2014-9653)\n\n - A heap buffer overflow condition exists in PHP in the\n enchant_broker_request_dict() function due to improper\n validation of user-supplied input. An attacker can\n exploit this to cause a denial of service condition or\n the execution of arbitrary code. (CVE-2014-9705)\n\n - A security feature bypass vulnerability, known as FREAK\n (Factoring attack on RSA-EXPORT Keys), exists due to the\n support of weak EXPORT_RSA cipher suites with keys less\n than or equal to 512 bits. A man-in-the-middle attacker\n may be able to downgrade the SSL/TLS connection to use\n EXPORT_RSA cipher suites which can be factored in a\n short amount of time, allowing the attacker to intercept\n and decrypt the traffic. (CVE-2015-0204)\n\n - A flaw exists when accepting DH certificates for client\n authentication without the CertificateVerify message.\n This allows a remote attacker to authenticate to the\n service without a private key. (CVE-2015-0205)\n\n - A memory leak occurs in dtls1_buffer_record()\n when handling a saturation of DTLS records containing\n the same number sequence but for the next epoch. This\n allows a remote attacker to cause a denial of service.\n (CVE-2015-0206)\n\n - A flaw exists in the DTLSv1_listen() function due to\n state being preserved in the SSL object from one\n invocation to the next. A remote attacker can exploit\n this, via crafted DTLS traffic, to cause a segmentation\n fault, resulting in a denial of service.\n (CVE-2015-0207)\n\n - A flaw exists in the rsa_item_verify() function due to\n improper implementation of ASN.1 signature verification.\n A remote attacker can exploit this, via an ASN.1\n signature using the RSA PSS algorithm and invalid\n parameters, to cause a NULL pointer dereference,\n resulting in a denial of service. (CVE-2015-0208)\n\n - A use-after-free condition exists in the\n d2i_ECPrivateKey() function due to improper processing\n of malformed EC private key files during import. A\n remote attacker can exploit this to dereference or free\n already freed memory, resulting in a denial of service\n or other unspecified impact. (CVE-2015-0209)\n\n - A use-after-free memory error exists in the\n process_nested_data() function in 'var_unserializer.re'\n due to improper handling of duplicate numerical keys\n within the serialized properties of an object. A remote\n attacker, using a crafted unserialize method call, can\n exploit this vulnerability to execute arbitrary code.\n (CVE-2015-0231)\n\n - A flaw exists in the exif_process_unicode() function in\n 'exif.c' that allows freeing an uninitialized pointer. A\n remote attacker, using specially crafted EXIF data in a\n JPEG image, can exploit this to cause a denial of\n service or to execute arbitrary code. (CVE-2015-0232)\n\n - A use-after-free flaw exists in the function\n php_date_timezone_initialize_from_hash() within the\n 'ext/date/php_date.c' script. An attacker can exploit\n this to access sensitive information or crash\n applications linked to PHP. (CVE-2015-0273)\n\n - A flaw exists in the ssl3_client_hello() function due to\n improper validation of a PRNG seed before proceeding\n with a handshake, resulting in insufficient entropy and\n predictable output. This allows a man-in-the-middle\n attacker to defeat cryptographic protection mechanisms\n via a brute-force attack, resulting in the disclosure of\n sensitive information. (CVE-2015-0285)\n\n - An invalid read error exists in the ASN1_TYPE_cmp()\n function due to improperly performed boolean-type\n comparisons. A remote attacker can exploit this, via a\n crafted X.509 certificate to an endpoint that uses the\n certificate-verification feature, to cause an invalid\n read operation, resulting in a denial of service.\n (CVE-2015-0286)\n\n - A flaw exists in the ASN1_item_ex_d2i() function due to\n a failure to reinitialize 'CHOICE' and 'ADB' data\n structures when reusing a structure in ASN.1 parsing.\n This allows a remote attacker to cause an invalid write\n operation and memory corruption, resulting in a denial\n of service. (CVE-2015-0287)\n\n - A NULL pointer dereference flaw exists in the\n X509_to_X509_REQ() function due to improper processing\n of certificate keys. This all
[slackware-security] httpd
