Vulnerabilities > CVE-2003-0020 - Unspecified vulnerability in Apache Http Server
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN apache
nessus
Summary
Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
Vulnerable Configurations
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD20040503.NASL description The remote host is missing Security Update 2004-05-03. This security update includes updates for AFP Server, CoreFoundation, and IPSec. It also includes Security Update 2004-04-05, which includes updates for CUPS, libxml2, Mail, and OpenSSL. For Mac OS X 10.2.8, it also includes updates for Apache 1.3, cd9660.util, Classic, CUPS, Directory Services, DiskArbitration, fetchmail, fs_usage, gm4, groff, Mail, OpenSSL, Personal File Sharing, PPP, rsync, Safari, System Configuration, System Initialization, and zlib. This update fixes various issues which may allow an attacker to execute arbitrary code on the remote host. last seen 2020-06-01 modified 2020-06-02 plugin id 12518 published 2004-07-06 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/12518 title Mac OS X Multiple Vulnerabilities (Security Update 2004-05-03) code # # (C) Tenable Network Security, Inc. # # better URL in solution, preserving old: #http://www.apple.com/downloads/macosx/apple/securityupdate__2004-05-03_(10_3_3_Client).html #http://www.apple.com/downloads/macosx/apple/securityupdate_2004-05-03_(10_2_8_Client).html #http://www.apple.com/downloads/macosx/apple/securityupdate_2004-05-03_(10_2_8_Server).html #http://www.apple.com/downloads/macosx/apple/securityupdate.html if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(12518); script_version ("1.17"); script_cve_id( "CVE-2004-0020", "CVE-2004-0113", "CVE-2004-0155", "CVE-2004-0174", "CVE-2004-0392", "CVE-2004-0403", "CVE-2004-0428", "CVE-2004-0430" ); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2004-05-03)"); script_summary(english:"Check for Security Update 2004-05-03"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes a security issue." ); script_set_attribute( attribute:"description", value: "The remote host is missing Security Update 2004-05-03. This security update includes updates for AFP Server, CoreFoundation, and IPSec. It also includes Security Update 2004-04-05, which includes updates for CUPS, libxml2, Mail, and OpenSSL. For Mac OS X 10.2.8, it also includes updates for Apache 1.3, cd9660.util, Classic, CUPS, Directory Services, DiskArbitration, fetchmail, fs_usage, gm4, groff, Mail, OpenSSL, Personal File Sharing, PPP, rsync, Safari, System Configuration, System Initialization, and zlib. This update fixes various issues which may allow an attacker to execute arbitrary code on the remote host." ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/HT1646" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2004/May/msg00000.html" ); script_set_attribute( attribute:"solution", value:"Install Security Update 2004-05-03." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'AppleFileServer LoginExt PathName Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/07/06"); script_set_attribute(attribute:"vuln_publication_date", value: "2003/02/24"); script_set_attribute(attribute:"patch_publication_date", value: "2004/05/03"); script_cvs_date("Date: 2018/08/10 18:07:07"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages"); exit(0); } packages = get_kb_item("Host/MacOSX/packages"); if ( ! packages ) exit(0); uname = get_kb_item("Host/uname"); os = get_kb_item("Host/MacOSX/Version"); if ( egrep(pattern:"Mac OS X 10\.3.* Server", string:os) ) exit(0); # MacOS X 10.2.8 and 10.3.3 only if ( egrep(pattern:"Darwin.* (6\.8\.|7\.3\.)", string:uname) ) { if ( ! egrep(pattern:"^SecUpd2004-05-03", string:packages) ) security_hole(0); else { set_kb_item(name:"CVE-2004-0174", value:TRUE); set_kb_item(name:"CVE-2003-0020", value:TRUE); set_kb_item(name:"CVE-2004-0079", value:TRUE); set_kb_item(name:"CVE-2004-0081", value:TRUE); set_kb_item(name:"CVE-2004-0112", value:TRUE); } }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-050.NASL description A memory leak was discovered in Apache 2.0 through 2.0.44 that can allow a remote attacker to cause a significant denial of service (DoS) by sending requests containing a lot of linefeed characters to the server. As well, Apache does not filter terminal escape sequences from its log files, which could make it easy for an attacker to insert those sequences into the error and access logs, which could possibly be viewed by certain terminal emulators with vulnerabilities related to escape sequences. After upgrading these packages, be sure to restart the httpd server by executing : service httpd restart last seen 2020-06-01 modified 2020-06-02 plugin id 14034 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14034 title Mandrake Linux Security Advisory : apache2 (MDKSA-2003:050) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2003:050. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(14034); script_version ("1.16"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2003-0020", "CVE-2003-0083", "CVE-2003-0132"); script_xref(name:"MDKSA", value:"2003:050"); script_name(english:"Mandrake Linux Security Advisory : apache2 (MDKSA-2003:050)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A memory leak was discovered in Apache 2.0 through 2.0.44 that can allow a remote attacker to cause a significant denial of service (DoS) by sending requests containing a lot of linefeed characters to the server. As well, Apache does not filter terminal escape sequences from its log files, which could make it easy for an attacker to insert those sequences into the error and access logs, which could possibly be viewed by certain terminal emulators with vulnerabilities related to escape sequences. After upgrading these packages, be sure to restart the httpd server by executing : service httpd restart" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-manual"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-mod_dav"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-mod_ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-mod_ssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-modules"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libapr0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1"); script_set_attribute(attribute:"patch_publication_date", value:"2003/04/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-2.0.45-4.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-common-2.0.45-4.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-devel-2.0.45-4.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-manual-2.0.45-4.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-mod_dav-2.0.45-4.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-mod_ldap-2.0.45-4.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-mod_ssl-2.0.45-4.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-modules-2.0.45-4.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-source-2.0.45-4.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"libapr0-2.0.45-4.2mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Web Servers NASL id APACHE_LOG_INJECTION.NASL description The target is running an Apache web server that allows for the injection of arbitrary escape sequences into its error logs. An attacker might use this vulnerability in an attempt to exploit similar vulnerabilities in terminal emulators. ***** Nessus has determined the vulnerability exists only by looking at ***** the Server header returned by the web server running on the target. last seen 2020-06-01 modified 2020-06-02 plugin id 12239 published 2004-05-17 reporter This script is Copyright (C) 2004-2018 George A. Theall source https://www.tenable.com/plugins/nessus/12239 title Apache < 1.3.31 / 2.0.49 Log Entry Terminal Escape Sequence Injection code # # This script was written by George A. Theall, <[email protected]>. # # See the Nessus Scripts License for details. # # Changes by Tenable: # - Standardized title (4/2/2009) # - Added Synopsis, See Also, CVSS Vector (4/9/2009) include("compat.inc"); if (description) { script_id(12239); script_version("1.32"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12"); script_cve_id("CVE-2003-0020"); script_bugtraq_id(9930); script_xref(name:"APPLE-SA", value:"APPLE-SA-2004-05-03"); script_xref(name:"CLSA", value:"CLSA-2004"); script_xref(name:"HPSB", value:"HPSBUX01022"); script_xref(name:"MDKSA", value:"MDKSA-2003"); script_xref(name:"OpenPKG-SA", value:"OpenPKG-SA-2004.021-apache"); script_xref(name:"RHSA", value:"2003:082"); script_xref(name:"RHSA", value:"2003:083"); script_xref(name:"RHSA", value:"2003:104"); script_xref(name:"RHSA", value:"2003:139"); script_xref(name:"RHSA", value:"2003:243"); script_xref(name:"RHSA", value:"2003:244"); script_xref(name:"Secunia", value:"11681"); script_xref(name:"Secunia", value:"11705"); script_xref(name:"Secunia", value:"11719"); script_xref(name:"Secunia", value:"11859"); script_xref(name:"Secunia", value:"12246"); script_xref(name:"SSA", value:"SSA"); script_xref(name:"SuSE", value:"SuSE-SA"); script_xref(name:"TLSA", value:"TLSA-2004-11"); script_xref(name:"TSLSA", value:"TSLSA-2004-0017"); script_name(english:"Apache < 1.3.31 / 2.0.49 Log Entry Terminal Escape Sequence Injection"); script_summary(english:"Checks for Apache Error Log Escape Sequence Injection Vulnerability"); script_set_attribute(attribute:"synopsis", value:"The remote web server is affected by a log injection vulnerability."); script_set_attribute(attribute:"description", value: "The target is running an Apache web server that allows for the injection of arbitrary escape sequences into its error logs. An attacker might use this vulnerability in an attempt to exploit similar vulnerabilities in terminal emulators. ***** Nessus has determined the vulnerability exists only by looking at ***** the Server header returned by the web server running on the target."); script_set_attribute(attribute:"solution", value:"Upgrade to Apache version 1.3.31 or 2.0.49 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/02/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/05/17"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:http_server"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2020 George A. Theall"); script_family(english:"Web Servers"); script_dependencie("find_service1.nasl", "global_settings.nasl", "http_version.nasl", "redhat-RHSA-2003-244.nasl", "redhat_fixes.nasl", "macosx_SecUpd20040503.nasl", "macosx_SecUpd20040126.nasl", "macosx_SecUpd20041202.nasl"); script_require_keys("www/apache", "Settings/ParanoidReport"); script_require_ports("Services/www", 80); exit(0); } include("audit.inc"); include("backport.inc"); include("global_settings.inc"); include("http_func.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); host = get_host_name(); port = get_http_port(default:80, embedded:TRUE); if (debug_level) display("debug: checking for Apache Error Log Escape Sequence Injection vulnerability on ", host, ":", port, ".\n"); if (!get_port_state(port)) exit(0); if (get_kb_item("CVE-2003-0020") || get_kb_item("RHSA-2003-244")) exit(0); # Check the web server's banner for the version. banner = get_http_banner(port: port); if (!banner) exit(0); banner = get_backport_banner(banner:banner); sig = strstr(banner, "Server:"); if (!sig) exit(0); if (debug_level) display("debug: server sig = >>", sig, "<<.\n"); # For affected versions of Apache, see: # - http://www.apacheweek.com/features/security-13 # - http://www.apacheweek.com/features/security-20 if(ereg(pattern:"^Server:.*Apache(-AdvancedExtranetServer)?/(1\.([0-2]\.[0-9]|3\.([0-9][^0-9]|[0-2][0-9]))|2\.0.([0-9][^0-9]|[0-3][0-9]|4[0-8]))", string:sig)) { security_warning(port); }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-046.NASL description Four security vulnerabilities were fixed with the 1.3.31 release of Apache. All of these issues have been backported and applied to the provided packages. Thanks to Ralf Engelschall of OpenPKG for providing the patches. Apache 1.3 prior to 1.3.30 did not filter terminal escape sequences from its error logs. This could make it easier for attackers to insert those sequences into the terminal emulators of administrators viewing the error logs that contain vulnerabilities related to escape sequence handling (CVE-2003-0020). mod_digest in Apache 1.3 prior to 1.3.31 did not properly verify the nonce of a client response by using an AuthNonce secret. Apache now verifies the nonce returned in the client response to check whether it was issued by itself by means of a last seen 2020-06-01 modified 2020-06-02 plugin id 14145 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14145 title Mandrake Linux Security Advisory : apache-mod_perl (MDKSA-2004:046-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2004:046. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(14145); script_version ("1.21"); script_cvs_date("Date: 2019/08/02 13:32:47"); script_cve_id("CVE-2003-0020", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2004-1082"); script_xref(name:"MDKSA", value:"2004:046-1"); script_name(english:"Mandrake Linux Security Advisory : apache-mod_perl (MDKSA-2004:046-1)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Four security vulnerabilities were fixed with the 1.3.31 release of Apache. All of these issues have been backported and applied to the provided packages. Thanks to Ralf Engelschall of OpenPKG for providing the patches. Apache 1.3 prior to 1.3.30 did not filter terminal escape sequences from its error logs. This could make it easier for attackers to insert those sequences into the terminal emulators of administrators viewing the error logs that contain vulnerabilities related to escape sequence handling (CVE-2003-0020). mod_digest in Apache 1.3 prior to 1.3.31 did not properly verify the nonce of a client response by using an AuthNonce secret. Apache now verifies the nonce returned in the client response to check whether it was issued by itself by means of a 'AuthDigestRealmSeed' secret exposed as an MD5 checksum (CVE-2003-0987). mod_access in Apache 1.3 prior to 1.3.30, when running on big-endian 64-bit platforms, did not properly parse Allow/Deny rules using IP addresses without a netmask. This could allow a remote attacker to bypass intended access restrictions (CVE-2003-0993). Apache 1.3 prior to 1.3.30, when using multiple listening sockets on certain platforms, allows a remote attacker to cause a DoS by blocking new connections via a short-lived connection on a rarely-accessed listening socket (CVE-2004-0174). While this particular vulnerability does not affect Linux, we felt it prudent to include the fix. Update : Due to the changes in mod_digest.so, mod_perl needed to be rebuilt against the patched Apache packages in order for httpd-perl to properly load the module. The appropriate mod_perl packages have been rebuilt and are now available." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:HTML-Embperl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mod_perl-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mod_perl-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.2"); script_set_attribute(attribute:"patch_publication_date", value:"2004/05/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK10.0", reference:"HTML-Embperl-1.3.29_1.3.6-3.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"apache-mod_perl-1.3.29_1.29-3.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"mod_perl-common-1.3.29_1.29-3.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"mod_perl-devel-1.3.29_1.29-3.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"HTML-Embperl-1.3.27_1.3.4-7.1.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache-mod_perl-1.3.27_1.27-7.1.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"mod_perl-common-1.3.27_1.27-7.1.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"mod_perl-devel-1.3.27_1.27-7.1.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"HTML-Embperl-1.3.28_1.3.4-1.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"apache-mod_perl-1.3.28_1.28-1.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"mod_perl-common-1.3.28_1.28-1.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"mod_perl-devel-1.3.28_1.28-1.1.92mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_30650.NASL description s700_800 11.04 Webproxy server 2.0 update : Two potential security vulnerabilities have been identified in OpenSSL by NISCC (224012/1 and 224012/2). The Common Vulnerabilities and Exposures project has referenced them as the following CAN-2004-0079, and CAN-2004-0112. The CERT summary is TA04-078A. 1. The do_change_cipher_spec function in OpenSSL allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that triggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that causes an out-of-bounds read. CVE-2004-0112. last seen 2020-06-01 modified 2020-06-02 plugin id 17534 published 2005-03-18 reporter This script is Copyright (C) 2005-2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17534 title HP-UX PHSS_30650 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3) code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHSS_30650. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(17534); script_version("$Revision: 1.14 $"); script_cvs_date("$Date: 2014/05/22 11:11:55 $"); script_cve_id("CVE-2003-0020", "CVE-2004-0079", "CVE-2004-0112", "CVE-2004-0113", "CVE-2004-0174"); script_xref(name:"HP", value:"emr_na-c00944046"); script_xref(name:"HP", value:"HPSBUX01019"); script_xref(name:"HP", value:"SSRT4717"); script_name(english:"HP-UX PHSS_30650 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.04 Webproxy server 2.0 update : Two potential security vulnerabilities have been identified in OpenSSL by NISCC (224012/1 and 224012/2). The Common Vulnerabilities and Exposures project has referenced them as the following CAN-2004-0079, and CAN-2004-0112. The CERT summary is TA04-078A. 1. The do_change_cipher_spec function in OpenSSL allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that triggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that causes an out-of-bounds read. CVE-2004-0112." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00944046 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6195bc72" ); script_set_attribute( attribute:"solution", value:"Install patch PHSS_30650 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2004/04/26"); script_set_attribute(attribute:"patch_modification_date", value:"2007/04/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/03/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2014 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.04")) { exit(0, "The host is not affected since PHSS_30650 applies to a different OS release."); } patches = make_list("PHSS_30650", "PHSS_30949", "PHSS_31829", "PHSS_32363", "PHSS_33788", "PHSS_34204", "PHSS_35110"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"HP_Webproxy.HPWEB-PX-CORE", version:"A.02.00")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2003-244.NASL description Updated Apache and mod_ssl packages that fix several minor security issues are now available for Red Hat Enterprise Linux. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. Ben Laurie found a bug in the optional renegotiation code in mod_ssl which can cause cipher suite restrictions to be ignored. This is triggered if optional renegotiation is used (SSLOptions +OptRenegotiate) along with verification of client certificates and a change to the cipher suite over the renegotiation. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0192 to this issue. Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0020 to this issue. It is possible to get Apache 1.3 to get into an infinite loop handling internal redirects and nested subrequests. A patch for this issue adds a new LimitInternalRecursion directive. All users of the Apache HTTP Web Server are advised to upgrade to the applicable errata packages, which contain back-ported fixes correcting these issues. After the errata packages are installed, restart the Web service by running the following command : /sbin/service httpd restart last seen 2020-06-01 modified 2020-06-02 plugin id 12412 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12412 title RHEL 2.1 : apache (RHSA-2003:244) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD20040126.NASL description The remote host is missing Security Update 2004-01-26. This security update includes the following components : - Apache 1.3 - Classic - Mail - Safari - Windows File Sharing For MacOS 10.1.5, it only includes the following : - Mail This update contains various fixes which may allow an attacker to execute arbitrary code on the remote host. last seen 2020-06-01 modified 2020-06-02 plugin id 12517 published 2004-07-06 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/12517 title Mac OS X Multiple Vulnerabilities (Security Update 2004-01-26) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_30649.NASL description s700_800 11.04 Webproxy server 2.1 update : Two potential security vulnerabilities have been identified in OpenSSL by NISCC (224012/1 and 224012/2). The Common Vulnerabilities and Exposures project has referenced them as the following CAN-2004-0079, and CAN-2004-0112. The CERT summary is TA04-078A. 1. The do_change_cipher_spec function in OpenSSL allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that triggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that causes an out-of-bounds read. CVE-2004-0112. last seen 2020-06-01 modified 2020-06-02 plugin id 17533 published 2005-03-18 reporter This script is Copyright (C) 2005-2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17533 title HP-UX PHSS_30649 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_30647.NASL description s700_800 11.04 Virtualvault 4.5 IWS Update : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with Apache running on HP-UX where the vulnerability could be exploited remotely to create a Denial of Service (DoS) or to bypass access restrictions. - A potential security vulnerability has been identified with HP-UX running Apache where the vulnerability could be exploited remotely to create a Denial of Service (DoS) or to execute arbitrary code. - A potential security vulnerability has been identified with Apache running on HP-UX where a buffer overflow could be exploited remotely to execute arbitrary code. - Two potential security vulnerabilities have been identified in OpenSSL by NISCC (224012/1 and 224012/2). The Common Vulnerabilities and Exposures project has referenced them as the following CAN-2004-0079, and CAN-2004-0112. The CERT summary is TA04-078A. 1. The do_change_cipher_spec function in OpenSSL allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that triggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that causes an out-of-bounds read. CVE-2004-0112. (HPSBUX01019 SSRT4717) last seen 2020-06-01 modified 2020-06-02 plugin id 17070 published 2005-02-16 reporter This script is Copyright (C) 2005-2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17070 title HP-UX PHSS_30647 : s700_800 11.04 Virtualvault 4.5 IWS Update NASL family Fedora Local Security Checks NASL id FEDORA_2004-117.NASL description This update includes the latest stable release of Apache httpd 2.0, including a security fix for a memory leak in mod_ssl which can be triggered remotely (CVE-2004-0113), and a fix for escaping of error log output (CVE-2003-0020). This update also includes an enhanced version of the mod_cgi module which fixes a long-standing bug in the handling of stderr output during CGI script execution. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 13696 published 2004-07-23 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13696 title Fedora Core 1 : httpd-2.0.49-1.1 (2004-117) NASL family Solaris Local Security Checks NASL id SOLARIS9_113146.NASL description SunOS 5.9: Apache Security Patch. Date this patch was last updated by Sun : Mar/05/10 last seen 2020-06-01 modified 2020-06-02 plugin id 13530 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13530 title Solaris 9 (sparc) : 113146-13 NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_30643.NASL description s700_800 11.04 Virtualvault 4.6 IWS update : Two potential security vulnerabilities have been identified in OpenSSL by NISCC (224012/1 and 224012/2). The Common Vulnerabilities and Exposures project has referenced them as the following CAN-2004-0079, and CAN-2004-0112. The CERT summary is TA04-078A. 1. The do_change_cipher_spec function in OpenSSL allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that triggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that causes an out-of-bounds read. CVE-2004-0112. last seen 2020-06-01 modified 2020-06-02 plugin id 17528 published 2005-03-18 reporter This script is Copyright (C) 2005-2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17528 title HP-UX PHSS_30643 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3) NASL family Solaris Local Security Checks NASL id SOLARIS8_116973.NASL description SunOS 5.8: Apache Patch. Date this patch was last updated by Sun : Apr/24/08 last seen 2020-06-01 modified 2020-06-02 plugin id 15482 published 2004-10-17 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15482 title Solaris 8 (sparc) : 116973-07 NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_116974.NASL description SunOS 5.8_x86: Apache Patch. Date this patch was last updated by Sun : Apr/23/08 last seen 2020-06-01 modified 2020-06-02 plugin id 15483 published 2004-10-17 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15483 title Solaris 8 (x86) : 116974-07 NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_30642.NASL description s700_800 11.04 Virtualvault 4.7 TGP update : Two potential security vulnerabilities have been identified in OpenSSL by NISCC (224012/1 and 224012/2). The Common Vulnerabilities and Exposures project has referenced them as the following CAN-2004-0079, and CAN-2004-0112. The CERT summary is TA04-078A. 1. The do_change_cipher_spec function in OpenSSL allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that triggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that causes an out-of-bounds read. CVE-2004-0112. last seen 2020-06-01 modified 2020-06-02 plugin id 17527 published 2005-03-18 reporter This script is Copyright (C) 2005-2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17527 title HP-UX PHSS_30642 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3) NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_114145.NASL description SunOS 5.9_x86: Apache Security Patch. Date this patch was last updated by Sun : Mar/05/10 last seen 2020-06-01 modified 2020-06-02 plugin id 13593 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13593 title Solaris 9 (x86) : 114145-12 NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_30639.NASL description s700_800 11.04 Virtualvault 4.7 IWS update : Two potential security vulnerabilities have been identified in OpenSSL by NISCC (224012/1 and 224012/2). The Common Vulnerabilities and Exposures project has referenced them as the following CAN-2004-0079, and CAN-2004-0112. The CERT summary is TA04-078A. 1. The do_change_cipher_spec function in OpenSSL allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that triggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that causes an out-of-bounds read. CVE-2004-0112. last seen 2020-06-01 modified 2020-06-02 plugin id 17071 published 2005-02-16 reporter This script is Copyright (C) 2005-2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17071 title HP-UX PHSS_30639 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3) NASL family Red Hat Local Security Checks NASL id REDHAT_FIXES.NASL description This plugin writes in the knowledge base the CVE ids that we know Red Hat enterprise Linux is not vulnerable to. last seen 2020-06-01 modified 2020-06-02 plugin id 12512 published 2004-07-06 reporter This script is Copyright (C) 2004-2011 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/12512 title Red Hat Enterprise Linux fixes NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200405-22.NASL description The remote host is affected by the vulnerability described in GLSA-200405-22 (Apache 1.3: Multiple vulnerabilities) On 64-bit big-endian platforms, mod_access does not properly parse Allow/Deny rules using IP addresses without a netmask which could result in failure to match certain IP addresses. Terminal escape sequences are not filtered from error logs. This could be used by an attacker to insert escape sequences into a terminal emulator vulnerable to escape sequences. mod_digest does not properly verify the nonce of a client response by using a AuthNonce secret. This could permit an attacker to replay the response of another website. This does not affect mod_auth_digest. On certain platforms there is a starvation issue where listening sockets fails to handle short-lived connection on a rarely-accessed listening socket. This causes the child to hold the accept mutex and block out new connections until another connection arrives on the same rarely-accessed listening socket thus leading to a denial of service. Impact : These vulnerabilities could lead to attackers bypassing intended access restrictions, denial of service, and possibly execution of arbitrary code. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 14508 published 2004-08-30 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14508 title GLSA-200405-22 : Apache 1.3: Multiple vulnerabilities NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_30641.NASL description s700_800 11.04 Virtualvault 4.7 OWS update : Two potential security vulnerabilities have been identified in OpenSSL by NISCC (224012/1 and 224012/2). The Common Vulnerabilities and Exposures project has referenced them as the following CAN-2004-0079, and CAN-2004-0112. The CERT summary is TA04-078A. 1. The do_change_cipher_spec function in OpenSSL allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that triggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that causes an out-of-bounds read. CVE-2004-0112. last seen 2020-06-01 modified 2020-06-02 plugin id 17526 published 2005-03-18 reporter This script is Copyright (C) 2005-2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17526 title HP-UX PHSS_30641 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD20041202.NASL description The remote host is missing Security Update 2004-12-02. This security update contains a number of fixes for the following programs : - Apache - Apache2 - AppKit - Cyrus IMAP - HIToolbox - Kerberos - Postfix - PSNormalizer - QuickTime Streaming Server - Safari - Terminal These programs contain multiple vulnerabilities that could allow a remote attacker to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 15898 published 2004-12-02 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15898 title Mac OS X Multiple Vulnerabilities (Security Update 2004-12-02) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_30644.NASL description s700_800 11.04 Virtualvault 4.6 OpenSSH update : Two potential security vulnerabilities have been identified in OpenSSL by NISCC (224012/1 and 224012/2). The Common Vulnerabilities and Exposures project has referenced them as the following CAN-2004-0079, and CAN-2004-0112. The CERT summary is TA04-078A. 1. The do_change_cipher_spec function in OpenSSL allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that triggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that causes an out-of-bounds read. CVE-2004-0112. last seen 2020-06-01 modified 2020-06-02 plugin id 17529 published 2005-03-18 reporter This script is Copyright (C) 2005-2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17529 title HP-UX PHSS_30644 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2004-133-01.NASL description New apache packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix security issues. These include a possible denial-of-service attack as well as the ability to possible pipe shell escapes through Apache last seen 2020-06-01 modified 2020-06-02 plugin id 18787 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18787 title Slackware 8.1 / 9.0 / 9.1 / current : apache (SSA:2004-133-01) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_30645.NASL description s700_800 11.04 Virtualvault 4.6 OWS update : Two potential security vulnerabilities have been identified in OpenSSL by NISCC (224012/1 and 224012/2). The Common Vulnerabilities and Exposures project has referenced them as the following CAN-2004-0079, and CAN-2004-0112. The CERT summary is TA04-078A. 1. The do_change_cipher_spec function in OpenSSL allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that triggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that causes an out-of-bounds read. CVE-2004-0112. last seen 2020-06-01 modified 2020-06-02 plugin id 17530 published 2005-03-18 reporter This script is Copyright (C) 2005-2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17530 title HP-UX PHSS_30645 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_30640.NASL description s700_800 11.04 Virtualvault 4.7 OpenSSH update : Two potential security vulnerabilities have been identified in OpenSSL by NISCC (224012/1 and 224012/2). The Common Vulnerabilities and Exposures project has referenced them as the following CAN-2004-0079, and CAN-2004-0112. The CERT summary is TA04-078A. 1. The do_change_cipher_spec function in OpenSSL allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that triggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that causes an out-of-bounds read. CVE-2004-0112. last seen 2020-06-01 modified 2020-06-02 plugin id 17525 published 2005-03-18 reporter This script is Copyright (C) 2005-2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17525 title HP-UX PHSS_30640 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_30648.NASL description s700_800 11.04 Virtualvault 4.5 OWS update : The remote HP-UX host is affected by multiple vulnerabilities : - Two potential security vulnerabilities have been identified in OpenSSL by NISCC (224012/1 and 224012/2). The Common Vulnerabilities and Exposures project has referenced them as the following CAN-2004-0079, and CAN-2004-0112. The CERT summary is TA04-078A. 1. The do_change_cipher_spec function in OpenSSL allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that triggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that causes an out-of-bounds read. CVE-2004-0112. (HPSBUX01019 SSRT4717) - A potential security vulnerability has been identified with Apache running on HP-UX where a buffer overflow could be exploited remotely to execute arbitrary code. - A potential security vulnerability has been identified with HP-UX running Apache where the vulnerability could be exploited remotely to create a Denial of Service (DoS) or to execute arbitrary code. - A potential security vulnerability has been identified with Apache running on HP-UX where the vulnerability could be exploited remotely to create a Denial of Service (DoS) or to bypass access restrictions. last seen 2020-06-01 modified 2020-06-02 plugin id 17532 published 2005-03-18 reporter This script is Copyright (C) 2005-2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17532 title HP-UX PHSS_30648 : s700_800 11.04 Virtualvault 4.5 OWS update NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_30646.NASL description s700_800 11.04 Virtualvault 4.6 TGP update : Two potential security vulnerabilities have been identified in OpenSSL by NISCC (224012/1 and 224012/2). The Common Vulnerabilities and Exposures project has referenced them as the following CAN-2004-0079, and CAN-2004-0112. The CERT summary is TA04-078A. 1. The do_change_cipher_spec function in OpenSSL allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that triggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that causes an out-of-bounds read. CVE-2004-0112. last seen 2020-06-01 modified 2020-06-02 plugin id 17531 published 2005-03-18 reporter This script is Copyright (C) 2005-2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17531 title HP-UX PHSS_30646 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)
Oval
accepted 2005-11-16T08:02:00.000-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. description Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences. family unix id oval:org.mitre.oval:def:100109 status accepted submitted 2005-08-16T12:00:00.000-04:00 title Apache Error Log Escape Sequence Filtering Vulnerability version 36 accepted 2010-09-20T04:00:13.693-04:00 class vulnerability contributors name Jay Beale organization Bastille Linux name Jay Beale organization Bastille Linux name Thomas R. Jones organization Maitreya Security name Jonathan Baker organization The MITRE Corporation
description Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences. family unix id oval:org.mitre.oval:def:150 status accepted submitted 2003-08-17T12:00:00.000-04:00 title Apache Terminal Escape Sequence Vulnerability version 41 accepted 2004-12-09T08:46:00.000-04:00 class vulnerability contributors name Brian Soby organization The MITRE Corporation name Brian Soby organization The MITRE Corporation name Brian Soby organization The MITRE Corporation
description Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences. family unix id oval:org.mitre.oval:def:4114 status accepted submitted 2004-10-14T01:14:00.000-04:00 title Apache Error Log Escape Sequence Injection Vulnerability version 35
Packetstorm
data source https://packetstormsecurity.com/files/download/85018/log-inject.txt id PACKETSTORM:85018 last seen 2016-12-05 published 2010-01-11 reporter Francesco Ongaro source https://packetstormsecurity.com/files/85018/Nginx-Varnish-Cherokee-etc-Log-Injection.html title Nginx, Varnish, Cherokee, etc Log Injection data source https://packetstormsecurity.com/files/download/82197/jetty-xssdisclose.txt id PACKETSTORM:82197 last seen 2016-12-05 published 2009-10-26 reporter Francesco Ongaro source https://packetstormsecurity.com/files/82197/Jetty-6.x-7.x-Information-Disclosure-XSS.html title Jetty 6.x / 7.x Information Disclosure / XSS
Redhat
| advisories |
|
Seebug
bulletinFamily exploit description No description provided by source. id SSV:17994 last seen 2017-11-19 modified 2009-10-26 published 2009-10-26 reporter Root source https://www.seebug.org/vuldb/ssvid-17994 title jetty 6.x - 7.x xss information disclosure injection bulletinFamily exploit description No description provided by source. id SSV:14432 last seen 2017-11-19 modified 2009-10-26 published 2009-10-26 reporter Root source https://www.seebug.org/vuldb/ssvid-14432 title jetty 6.x - 7.x xss information disclosure injection bulletinFamily exploit description No description provided by source. id SSV:66957 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-66957 title jetty 6.x - 7.x xss, information disclosure, injection
Statements
| contributor | Mark J Cox |
| lastmodified | 2008-07-02 |
| organization | Apache |
| statement | Fixed in Apache HTTP Server 2.0.49 and 1.3.31 http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_13.html |
References
- http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
- http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:046
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:046
- http://marc.info/?l=bugtraq&m=104612710031920&w=2
- http://marc.info/?l=bugtraq&m=104612710031920&w=2
- http://marc.info/?l=bugtraq&m=108369640424244&w=2
- http://marc.info/?l=bugtraq&m=108369640424244&w=2
- http://marc.info/?l=bugtraq&m=108437852004207&w=2
- http://marc.info/?l=bugtraq&m=108437852004207&w=2
- http://marc.info/?l=bugtraq&m=108731648532365&w=2
- http://marc.info/?l=bugtraq&m=108731648532365&w=2
- http://security.gentoo.org/glsa/glsa-200405-22.xml
- http://security.gentoo.org/glsa/glsa-200405-22.xml
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1
- http://www.iss.net/security_center/static/11412.php
- http://www.iss.net/security_center/static/11412.php
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:050
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:050
- http://www.redhat.com/support/errata/RHSA-2003-082.html
- http://www.redhat.com/support/errata/RHSA-2003-082.html
- http://www.redhat.com/support/errata/RHSA-2003-083.html
- http://www.redhat.com/support/errata/RHSA-2003-083.html
- http://www.redhat.com/support/errata/RHSA-2003-104.html
- http://www.redhat.com/support/errata/RHSA-2003-104.html
- http://www.redhat.com/support/errata/RHSA-2003-139.html
- http://www.redhat.com/support/errata/RHSA-2003-139.html
- http://www.redhat.com/support/errata/RHSA-2003-243.html
- http://www.redhat.com/support/errata/RHSA-2003-243.html
- http://www.redhat.com/support/errata/RHSA-2003-244.html
- http://www.redhat.com/support/errata/RHSA-2003-244.html
- http://www.securityfocus.com/bid/9930
- http://www.securityfocus.com/bid/9930
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643
- http://www.trustix.org/errata/2004/0017
- http://www.trustix.org/errata/2004/0017
- http://www.trustix.org/errata/2004/0027
- http://www.trustix.org/errata/2004/0027
- https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100109
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100109
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A150
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A150
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4114
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4114