Vulnerabilities > CVE-2002-1156 - Unspecified vulnerability in Apache Http Server 2.0.42
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN apache
nessus
Summary
Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_28098.NASL description s700_800 11.04 Virtualvault 4.5 OWS update : Potential vulnerability regarding ownership permissions of System V shared memory based scoreboards. (CERT VU#825353, CVE CAN-2002-0839) Potential cross-site scripting vulnerability in the default error page when using wildcard DNS. (CERT VU#240329, CVE CAN-2002-0840) Potential overflows in ab.c which could be exploited by a malicious server. (CERT VU#858881, CVE CAN-2002-0843) Exposure of CGI source when a POST request is sent to a location where both DAV and CGI are enabled. (CERT VU#91071, CVE CAN-2002-1156). last seen 2020-06-01 modified 2020-06-02 plugin id 17490 published 2005-03-18 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17490 title HP-UX PHSS_28098 : HP-UX Running Apache, Increased Privileges or Denial of Service (DoS) or Execution of Arbitrary Code (HPSBUX00224 SSRT2393 rev.3) code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHSS_28098. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(17490); script_version("1.16"); script_cvs_date("Date: 2019/07/10 16:04:13"); script_cve_id("CVE-2002-0839", "CVE-2002-0840", "CVE-2002-0843", "CVE-2002-1156"); script_xref(name:"CERT", value:"240329"); script_xref(name:"CERT", value:"825353"); script_xref(name:"CERT", value:"858881"); script_xref(name:"CERT", value:"91071"); script_xref(name:"HP", value:"emr_na-c00944288"); script_xref(name:"HP", value:"HPSBUX00224"); script_xref(name:"HP", value:"SSRT2393"); script_name(english:"HP-UX PHSS_28098 : HP-UX Running Apache, Increased Privileges or Denial of Service (DoS) or Execution of Arbitrary Code (HPSBUX00224 SSRT2393 rev.3)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.04 Virtualvault 4.5 OWS update : Potential vulnerability regarding ownership permissions of System V shared memory based scoreboards. (CERT VU#825353, CVE CAN-2002-0839) Potential cross-site scripting vulnerability in the default error page when using wildcard DNS. (CERT VU#240329, CVE CAN-2002-0840) Potential overflows in ab.c which could be exploited by a malicious server. (CERT VU#858881, CVE CAN-2002-0843) Exposure of CGI source when a POST request is sent to a location where both DAV and CGI are enabled. (CERT VU#91071, CVE CAN-2002-1156)." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00944288 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4d769217" ); script_set_attribute( attribute:"solution", value:"Install patch PHSS_28098 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"vuln_publication_date", value:"2002/10/11"); script_set_attribute(attribute:"patch_publication_date", value:"2003/02/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/03/18"); script_set_attribute(attribute:"patch_modification_date", value:"2007/04/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.04")) { exit(0, "The host is not affected since PHSS_28098 applies to a different OS release."); } patches = make_list("PHSS_28098", "PHSS_28685", "PHSS_29545", "PHSS_29690", "PHSS_30160", "PHSS_30648", "PHSS_31828", "PHSS_32184", "PHSS_33396", "PHSS_34119", "PHSS_35107", "PHSS_35461", "PHSS_35556"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"VaultTS.VV-CORE-CMN", version:"A.04.50")) flag++; if (hpux_check_patch(app:"VaultTS.VV-IWS-GUI", version:"A.04.50")) flag++; if (hpux_check_patch(app:"VaultTS.VV-IWS-JAVA", version:"A.04.50")) flag++; if (hpux_check_patch(app:"VaultTS.VV-IWS-JK", version:"A.04.50")) flag++; if (hpux_check_patch(app:"VaultWS.WS-CORE", version:"A.04.50")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_28090.NASL description s700_800 11.04 Virtualvault 4.6 IWS update. : Potential vulnerability regarding ownership permissions of System V shared memory based scoreboards. (CERT VU#825353, CVE CAN-2002-0839) Potential cross-site scripting vulnerability in the default error page when using wildcard DNS. (CERT VU#240329, CVE CAN-2002-0840) Potential overflows in ab.c which could be exploited by a malicious server. (CERT VU#858881, CVE CAN-2002-0843) Exposure of CGI source when a POST request is sent to a location where both DAV and CGI are enabled. (CERT VU#91071, CVE CAN-2002-1156). last seen 2020-06-01 modified 2020-06-02 plugin id 17118 published 2005-02-16 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17118 title HP-UX PHSS_28090 : HP-UX Running Apache, Increased Privileges or Denial of Service (DoS) or Execution of Arbitrary Code (HPSBUX00224 SSRT2393 rev.3) code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHSS_28090. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(17118); script_version("1.17"); script_cvs_date("Date: 2019/07/10 16:04:13"); script_cve_id("CVE-2002-0839", "CVE-2002-0840", "CVE-2002-0843", "CVE-2002-1156"); script_xref(name:"CERT", value:"240329"); script_xref(name:"CERT", value:"825353"); script_xref(name:"CERT", value:"858881"); script_xref(name:"CERT", value:"91071"); script_xref(name:"HP", value:"emr_na-c00944288"); script_xref(name:"HP", value:"HPSBUX00224"); script_xref(name:"HP", value:"SSRT2393"); script_name(english:"HP-UX PHSS_28090 : HP-UX Running Apache, Increased Privileges or Denial of Service (DoS) or Execution of Arbitrary Code (HPSBUX00224 SSRT2393 rev.3)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.04 Virtualvault 4.6 IWS update. : Potential vulnerability regarding ownership permissions of System V shared memory based scoreboards. (CERT VU#825353, CVE CAN-2002-0839) Potential cross-site scripting vulnerability in the default error page when using wildcard DNS. (CERT VU#240329, CVE CAN-2002-0840) Potential overflows in ab.c which could be exploited by a malicious server. (CERT VU#858881, CVE CAN-2002-0843) Exposure of CGI source when a POST request is sent to a location where both DAV and CGI are enabled. (CERT VU#91071, CVE CAN-2002-1156)." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00944288 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4d769217" ); script_set_attribute( attribute:"solution", value:"Install patch PHSS_28090 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"vuln_publication_date", value:"2002/10/11"); script_set_attribute(attribute:"patch_publication_date", value:"2003/02/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/16"); script_set_attribute(attribute:"patch_modification_date", value:"2007/04/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.04")) { exit(0, "The host is not affected since PHSS_28090 applies to a different OS release."); } patches = make_list("PHSS_28090", "PHSS_28684", "PHSS_29542", "PHSS_29893", "PHSS_30153", "PHSS_30643", "PHSS_30946", "PHSS_31825", "PHSS_32139", "PHSS_32206", "PHSS_34170", "PHSS_35105", "PHSS_35307", "PHSS_35459", "PHSS_35554"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"VaultTS.VV-IWS", version:"A.04.60")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_28099.NASL description s700_800 11.04 Virtualvault 4.6 OWS update : Potential vulnerability regarding ownership permissions of System V shared memory based scoreboards. (CERT VU#825353, CVE CAN-2002-0839) Potential cross-site scripting vulnerability in the default error page when using wildcard DNS. (CERT VU#240329, CVE CAN-2002-0840) Potential overflows in ab.c which could be exploited by a malicious server. (CERT VU#858881, CVE CAN-2002-0843) Exposure of CGI source when a POST request is sent to a location where both DAV and CGI are enabled. (CERT VU#91071, CVE CAN-2002-1156). last seen 2020-06-01 modified 2020-06-02 plugin id 17491 published 2005-03-18 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17491 title HP-UX PHSS_28099 : HP-UX Running Apache, Increased Privileges or Denial of Service (DoS) or Execution of Arbitrary Code (HPSBUX00224 SSRT2393 rev.3) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_28111.NASL description s700_800 11.04 Virtualvault 4.5 IWS Update : Potential vulnerability regarding ownership permissions of System V shared memory based scoreboards. (CERT VU#825353, CVE CAN-2002-0839) Potential cross-site scripting vulnerability in the default error page when using wildcard DNS. (CERT VU#240329, CVE CAN-2002-0840) Potential overflows in ab.c which could be exploited by a malicious server. (CERT VU#858881, CVE CAN-2002-0843) Exposure of CGI source when a POST request is sent to a location where both DAV and CGI are enabled. (CERT VU#91071, CVE CAN-2002-1156). last seen 2020-06-01 modified 2020-06-02 plugin id 17492 published 2005-03-18 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17492 title HP-UX PHSS_28111 : HP-UX Running Apache, Increased Privileges or Denial of Service (DoS) or Execution of Arbitrary Code (HPSBUX00224 SSRT2393 rev.3) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_28705.NASL description s700_800 11.X OV NNM6.2 Intermediate Patch, Feb 2003 : Potential vulnerability regarding ownership permissions of System V shared memory based scoreboards. (CERT VU#825353, CVE CAN-2002-0839) Potential cross-site scripting vulnerability in the default error page when using wildcard DNS. (CERT VU#240329, CVE CAN-2002-0840) Potential overflows in ab.c which could be exploited by a malicious server. (CERT VU#858881, CVE CAN-2002-0843) Exposure of CGI source when a POST request is sent to a location where both DAV and CGI are enabled. (CERT VU#91071, CVE CAN-2002-1156). last seen 2020-06-01 modified 2020-06-02 plugin id 16993 published 2005-02-16 reporter This script is Copyright (C) 2005-2013 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16993 title HP-UX PHSS_28705 : HP-UX Running Apache, Increased Privileges or Denial of Service (DoS) or Execution of Arbitrary Code (HPSBUX00224 SSRT2393 rev.3) NASL family Web Servers NASL id APACHE_2_0_42.NASL description The remote host appears to be running a version of Apache 2.0.x prior to 2.0.43. It is, therefore, affected by an information disclosure vulnerability. An attacker can exploit this vulnerability by making a POST request to files in a folder with both WebDAV and CGI enabled. *** Note that Nessus solely relied on the version number *** of the remote server to issue this warning. This might *** be a false positive. last seen 2020-06-01 modified 2020-06-02 plugin id 11408 published 2003-03-17 reporter This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11408 title Apache 2.0.x < 2.0.43 Multiple Vulnerabilities (Log Injection, Source Disc.)
Statements
| contributor | Mark J Cox |
| lastmodified | 2008-07-02 |
| organization | Apache |
| statement | Fixed in Apache HTTP Server 2.0.43: http://httpd.apache.org/security/vulnerabilities_20.html |
References
- http://www.apacheweek.com/issues/02-10-04
- http://www.apache.org/dist/httpd/CHANGES_2.0
- http://online.securityfocus.com/advisories/4617
- http://www.kb.cert.org/vuls/id/910713
- http://www.securityfocus.com/bid/6065
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10499
- https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E