Vulnerabilities > CVE-2002-0392
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
Vulnerable Configurations
Exploit-Db
description Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1). CVE-2002-0392 . Remote exploits for multiple platform id EDB-ID:21559 last seen 2016-02-02 modified 2002-06-17 published 2002-06-17 reporter Gobbles Security source https://www.exploit-db.com/download/21559/ title Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability 1 description Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2). CVE-2002-0392 . Remote exploits for multiple platform id EDB-ID:21560 last seen 2016-02-02 modified 2002-06-17 published 2002-06-17 reporter Gobbles Security source https://www.exploit-db.com/download/21560/ title Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability 2 description Apache Win32 Chunked Encoding. CVE-2002-0392. Remote exploit for windows platform id EDB-ID:16782 last seen 2016-02-02 modified 2010-07-07 published 2010-07-07 reporter metasploit source https://www.exploit-db.com/download/16782/ title Apache Win32 Chunked Encoding
Metasploit
| description | This module exploits the chunked transfer integer wrap vulnerability in Apache version 1.2.x to 1.3.24. This particular module has been tested with all versions of the official Win32 build between 1.3.9 and 1.3.24. Additionally, it should work against most co-branded and bundled versions of Apache (Oracle 8i, 9i, IBM HTTPD, etc). You will need to use the Check() functionality to determine the exact target version prior to launching the exploit. The version of Apache bundled with Oracle 8.1.7 will not automatically restart, so if you use the wrong target value, the server will crash. |
| id | MSF:EXPLOIT/WINDOWS/HTTP/APACHE_CHUNKED |
| last seen | 2020-01-15 |
| modified | 2017-07-24 |
| published | 2006-10-11 |
| references | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0392 |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/http/apache_chunked.rb |
| title | Apache Win32 Chunked Encoding |
Nessus
NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_33252.NASL description s700_800 11.X OV ITO7.1X Comm Agt AIX A.07.17 : A potential security vulnerability has been identified in HP OpenView Operations. This potential vulnerability could be exploited remotely to allow unauthorized access or to create a Denial of Service (DoS). last seen 2020-06-01 modified 2020-06-02 plugin id 22437 published 2006-09-22 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22437 title HP-UX PHSS_33252 : HP OpenView Operations, Remote Unauthorized Access and Denial of Service (DoS) (HPSBMA02149 SSRT050968 rev.1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHSS_33252. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(22437); script_version("1.17"); script_cvs_date("Date: 2018/07/12 19:01:15"); script_cve_id("CVE-2002-0392"); script_xref(name:"HP", value:"emr_na-c00767033"); script_xref(name:"HP", value:"SSRT050968"); script_name(english:"HP-UX PHSS_33252 : HP OpenView Operations, Remote Unauthorized Access and Denial of Service (DoS) (HPSBMA02149 SSRT050968 rev.1)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.X OV ITO7.1X Comm Agt AIX A.07.17 : A potential security vulnerability has been identified in HP OpenView Operations. This potential vulnerability could be exploited remotely to allow unauthorized access or to create a Denial of Service (DoS)." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00767033 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d5a9a8c5" ); script_set_attribute( attribute:"solution", value:"Install patch PHSS_33252 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apache Win32 Chunked Encoding'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2006/09/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/09/22"); script_set_attribute(attribute:"vuln_publication_date", value:"2002/06/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.00 11.11")) { exit(0, "The host is not affected since PHSS_33252 applies to a different OS release."); } patches = make_list("PHSS_33252"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"OVOPC-CLT.OVOPC-AIX-CLT", version:"A.07.10")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_33256.NASL description s700_800 11.X OV ITO7.1X Comm Agt Solaris A.07.17 : A potential security vulnerability has been identified in HP OpenView Operations. This potential vulnerability could be exploited remotely to allow unauthorized access or to create a Denial of Service (DoS). last seen 2020-06-01 modified 2020-06-02 plugin id 22439 published 2006-09-22 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22439 title HP-UX PHSS_33256 : HP OpenView Operations, Remote Unauthorized Access and Denial of Service (DoS) (HPSBMA02149 SSRT050968 rev.1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHSS_33256. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(22439); script_version("1.17"); script_cvs_date("Date: 2018/07/12 19:01:15"); script_cve_id("CVE-2002-0392"); script_xref(name:"HP", value:"emr_na-c00767033"); script_xref(name:"HP", value:"SSRT050968"); script_name(english:"HP-UX PHSS_33256 : HP OpenView Operations, Remote Unauthorized Access and Denial of Service (DoS) (HPSBMA02149 SSRT050968 rev.1)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.X OV ITO7.1X Comm Agt Solaris A.07.17 : A potential security vulnerability has been identified in HP OpenView Operations. This potential vulnerability could be exploited remotely to allow unauthorized access or to create a Denial of Service (DoS)." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00767033 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d5a9a8c5" ); script_set_attribute( attribute:"solution", value:"Install patch PHSS_33256 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apache Win32 Chunked Encoding'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2006/09/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/09/22"); script_set_attribute(attribute:"vuln_publication_date", value:"2002/06/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.00 11.11")) { exit(0, "The host is not affected since PHSS_33256 applies to a different OS release."); } patches = make_list("PHSS_33256"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"OVOPC-CLT.OVOPC-SOL-CLT", version:"A.07.10")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Debian Local Security Checks NASL id DEBIAN_DSA-133.NASL description Mark Litchfield found a denial of service attack in the Apache web-server. While investigating the problem the Apache Software Foundation discovered that the code for handling invalid requests which use chunked encoding also might allow arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 14970 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14970 title Debian DSA-133-1 : apache-perl - remote DoS / exploit code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-133. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(14970); script_version("1.29"); script_cvs_date("Date: 2019/08/02 13:32:16"); script_cve_id("CVE-2002-0392"); script_bugtraq_id(5033); script_xref(name:"CERT", value:"944335"); script_xref(name:"DSA", value:"133"); script_name(english:"Debian DSA-133-1 : apache-perl - remote DoS / exploit"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Mark Litchfield found a denial of service attack in the Apache web-server. While investigating the problem the Apache Software Foundation discovered that the code for handling invalid requests which use chunked encoding also might allow arbitrary code execution." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2002/dsa-133" ); script_set_attribute( attribute:"solution", value: "This has been fixed in version 1.3.9-14.1-1.21.20000309-1 of the Debian apache-perl package and we recommend that you upgrade your apache-perl package immediately. An update for the soon to be released Debian GNU/Linux 3.0/woody distribution will be available soon." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apache Win32 Chunked Encoding'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:apache-perl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2"); script_set_attribute(attribute:"patch_publication_date", value:"2002/06/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_set_attribute(attribute:"vuln_publication_date", value:"2002/06/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"2.2", prefix:"apache-perl", reference:"1.3.9-14.1-1.21.20000309-1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_32423.NASL description s700_800 11.X OV ITO7.1X Comm Agt HPUX 11 PA A.07.16 : A potential security vulnerability has been identified in HP OpenView Operations. This potential vulnerability could be exploited remotely to allow unauthorized access or to create a Denial of Service (DoS). last seen 2020-06-01 modified 2020-06-02 plugin id 22436 published 2006-09-22 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22436 title HP-UX PHSS_32423 : HP OpenView Operations, Remote Unauthorized Access and Denial of Service (DoS) (HPSBMA02149 SSRT050968 rev.1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHSS_32423. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(22436); script_version("1.17"); script_cvs_date("Date: 2018/07/12 19:01:15"); script_cve_id("CVE-2002-0392"); script_xref(name:"HP", value:"emr_na-c00767033"); script_xref(name:"HP", value:"SSRT050968"); script_name(english:"HP-UX PHSS_32423 : HP OpenView Operations, Remote Unauthorized Access and Denial of Service (DoS) (HPSBMA02149 SSRT050968 rev.1)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.X OV ITO7.1X Comm Agt HPUX 11 PA A.07.16 : A potential security vulnerability has been identified in HP OpenView Operations. This potential vulnerability could be exploited remotely to allow unauthorized access or to create a Denial of Service (DoS)." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00767033 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d5a9a8c5" ); script_set_attribute( attribute:"solution", value:"Install patch PHSS_32423 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apache Win32 Chunked Encoding'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2006/09/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/09/22"); script_set_attribute(attribute:"vuln_publication_date", value:"2002/06/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.00 11.11")) { exit(0, "The host is not affected since PHSS_32423 applies to a different OS release."); } patches = make_list("PHSS_32423"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"OVOPC-CLT.OVOPC-UX11-CLT", version:"A.07.10")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2002-126.NASL description The Apache Web server contains a security vulnerability which can be used to launch a denial of service (DoS) attack or, in some cases, allow remote code execution. Versions of the Apache Web server up to and including 1.3.24 contain a bug in the routines which deal with requests using last seen 2020-06-01 modified 2020-06-02 plugin id 12305 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12305 title RHEL 2.1 : apache (RHSA-2002:126) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2002:126. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(12305); script_version ("1.28"); script_cvs_date("Date: 2019/10/25 13:36:09"); script_cve_id("CVE-2002-0392"); script_xref(name:"RHSA", value:"2002:126"); script_name(english:"RHEL 2.1 : apache (RHSA-2002:126)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The Apache Web server contains a security vulnerability which can be used to launch a denial of service (DoS) attack or, in some cases, allow remote code execution. Versions of the Apache Web server up to and including 1.3.24 contain a bug in the routines which deal with requests using 'chunked' encoding. A carefully crafted invalid request can cause an Apache child process to call the memcpy() function in a way that will write past the end of its buffer, corrupting the stack. On some platforms this can be remotely exploited -- allowing arbitrary code to be run on the server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2002-0392 to this issue. All users of Apache should update to these errata packages to correct this security issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2002-0392" ); script_set_attribute( attribute:"see_also", value:"http://httpd.apache.org/info/security_bulletin_20020617.txt" ); script_set_attribute( attribute:"see_also", value:"http://www.apacheweek.com/issues/02-06-21" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2002:126" ); script_set_attribute( attribute:"solution", value: "Update the affected apache, apache-devel and / or apache-manual packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apache Win32 Chunked Encoding'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-manual"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2002/07/03"); script_set_attribute(attribute:"patch_publication_date", value:"2002/07/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2002:126"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"apache-1.3.23-15")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"apache-devel-1.3.23-15")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"apache-manual-1.3.23-15")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache / apache-devel / apache-manual"); } }NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_32380.NASL description s700_800 11.X OV ITO7.1X Comm Agt Linux A.07.16 : A potential security vulnerability has been identified in HP OpenView Operations. This potential vulnerability could be exploited remotely to allow unauthorized access or to create a Denial of Service (DoS). last seen 2020-06-01 modified 2020-06-02 plugin id 22435 published 2006-09-22 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22435 title HP-UX PHSS_32380 : HP OpenView Operations, Remote Unauthorized Access and Denial of Service (DoS) (HPSBMA02149 SSRT050968 rev.1) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_33280.NASL description s700_800 11.X OV ITO7.1X Comm Agt Windows A.07.17 : A potential security vulnerability has been identified in HP OpenView Operations. This potential vulnerability could be exploited remotely to allow unauthorized access or to create a Denial of Service (DoS). last seen 2020-06-01 modified 2020-06-02 plugin id 22441 published 2006-09-22 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22441 title HP-UX PHSS_33280 : HP OpenView Operations, Remote Unauthorized Access and Denial of Service (DoS) (HPSBMA02149 SSRT050968 rev.1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-131.NASL description Mark Litchfield found a denial of service attack in the Apache web-server. While investigating the problem the Apache Software Foundation discovered that the code for handling invalid requests which use chunked encoding also might allow arbitrary code execution on 64 bit architectures. last seen 2020-06-01 modified 2020-06-02 plugin id 14968 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14968 title Debian DSA-131-1 : apache - remote DoS / exploit NASL family Web Servers NASL id APACHE_CHUNKED_ENCODING.NASL description The remote Apache web server is affected by the Apache web server chunk handling vulnerability. If safe checks are enabled, this may be a false positive since it is based on the version of Apache. Although unpatched Apache versions 1.2.2 and above, 1.3 through 1.3.24, and 2.0 through 2.0.36 are affected, the remote server may be running a patched version of Apache. last seen 2020-06-01 modified 2020-06-02 plugin id 11030 published 2002-06-17 reporter This script is Copyright (C) 2002-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11030 title Apache Chunked Encoding Remote Overflow NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_33253.NASL description s700_800 11.X OV ITO7.1X Comm Agt HP-UX 11 IA A.07.17 : A potential security vulnerability has been identified in HP OpenView Operations. This potential vulnerability could be exploited remotely to allow unauthorized access or to create a Denial of Service (DoS). last seen 2020-06-01 modified 2020-06-02 plugin id 22438 published 2006-09-22 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22438 title HP-UX PHSS_33253 : HP OpenView Operations, Remote Unauthorized Access and Denial of Service (DoS) (HPSBMA02149 SSRT050968 rev.1) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2002-039.NASL description [ Please note that this advisory supersedes the previous MDKSA-2002:039 and MDKSA-2002:039-1 advisories. ] MandrakeSoft is urging all users of Mandrake Linux to update their Apache installations immediately. What was previously thought to have been a DoS-only condition has now been proven to be more than that; exploitable conditions have been discovered on both 32bit and 64bit platforms. Successful exploitation of this vulnerability may lead to the execution of arbitary code on the server running a vulnerable Apache with the permissions of the web server child process (on Mandrake Linux this is the user last seen 2020-06-01 modified 2020-06-02 plugin id 14778 published 2004-09-18 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14778 title Mandrake Linux Security Advisory : apache (MDKSA-2002:039-2) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_33257.NASL description s700_800 11.X OV ITO7.1X Comm Agt Tru64 A.07.17 : A potential security vulnerability has been identified in HP OpenView Operations. This potential vulnerability could be exploited remotely to allow unauthorized access or to create a Denial of Service (DoS). last seen 2020-06-01 modified 2020-06-02 plugin id 22440 published 2006-09-22 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22440 title HP-UX PHSS_33257 : HP OpenView Operations, Remote Unauthorized Access and Denial of Service (DoS) (HPSBMA02149 SSRT050968 rev.1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-132.NASL description Mark Litchfield found a denial of service attack in the Apache web-server. While investigating the problem the Apache Software Foundation discovered that the code for handling invalid requests which use chunked encoding also might allow arbitrary code execution on 64 bit architectures. last seen 2020-06-01 modified 2020-06-02 plugin id 14969 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14969 title Debian DSA-132-1 : apache-ssl - remote DoS / exploit
Packetstorm
| data source | https://packetstormsecurity.com/files/download/82996/apache_chunked.rb.txt |
| id | PACKETSTORM:82996 |
| last seen | 2016-12-05 |
| published | 2009-11-26 |
| reporter | H D Moore |
| source | https://packetstormsecurity.com/files/82996/Apache-Win32-Chunked-Encoding.html |
| title | Apache Win32 Chunked Encoding |
Redhat
| advisories |
|
Saint
| bid | 5033 |
| description | Apache chunked encoding buffer overflow |
| id | web_server_apache_version |
| osvdb | 838 |
| title | apache_chunk_size |
| type | remote |
Statements
| contributor | Mark J Cox |
| lastmodified | 2008-07-02 |
| organization | Apache |
| statement | Fixed in Apache HTTP Server 2.0.37 and 1.3.26: http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_13.html |
References
- http://httpd.apache.org/info/security_bulletin_20020617.txt
- http://www.cert.org/advisories/CA-2002-17.html
- http://online.securityfocus.com/archive/1/278149
- ftp://patches.sgi.com/support/free/security/advisories/20020605-01-A
- ftp://patches.sgi.com/support/free/security/advisories/20020605-01-I
- http://rhn.redhat.com/errata/RHSA-2002-103.html
- http://www.redhat.com/support/errata/RHSA-2002-126.html
- http://www.redhat.com/support/errata/RHSA-2002-150.html
- http://www.redhat.com/support/errata/RHSA-2003-106.html
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:039
- ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-029.0.txt
- ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.31
- ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.32
- http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000498
- http://www.debian.org/security/2002/dsa-131
- http://www.debian.org/security/2002/dsa-132
- http://www.debian.org/security/2002/dsa-133
- http://www.linuxsecurity.com/advisories/other_advisory-2137.html
- http://rhn.redhat.com/errata/RHSA-2002-118.html
- http://rhn.redhat.com/errata/RHSA-2002-117.html
- http://archives.neohapsis.com/archives/bugtraq/2002-06/0235.html
- http://archives.neohapsis.com/archives/bugtraq/2002-06/0266.html
- http://www.novell.com/linux/security/advisories/2002_22_apache.html
- http://www.kb.cert.org/vuls/id/944335
- http://online.securityfocus.com/advisories/4240
- http://online.securityfocus.com/advisories/4257
- http://www.securityfocus.com/bid/5033
- http://www.securityfocus.com/bid/20005
- http://www.frsirt.com/english/advisories/2006/3598
- http://www.osvdb.org/838
- http://secunia.com/advisories/21917
- http://www.iss.net/security_center/static/9249.php
- http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000083816475
- https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E