Vulnerabilities > CVE-2003-0189 - Unspecified vulnerability in Apache Http Server
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN apache
nessus
Summary
The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 6 |
Nessus
NASL family Web Servers NASL id APACHE_2_0_46.NASL description The remote host appears to be running a version of Apache 2.0.x that is prior to 2.0.46. It is, therefore, affected by multiple denial of service vulnerabilities : - There is a denial of service vulnerability that may allow an attacker to disable basic authentication on this host. - There is a denial of service vulnerability in the mod_dav module that may allow an attacker to crash this service remotely. last seen 2020-06-01 modified 2020-06-02 plugin id 11665 published 2003-05-29 reporter This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11665 title Apache 2.0.x < 2.0.46 Multiple DoS code # # (C) Tenable Network Security, Inc. # # Ref: # Date: Wed, 28 May 2003 12:29:03 -0400 (EDT) # From: Apache HTTP Server Project <[email protected]> # To: <[email protected]> # Subject: [SECURITY] [ANNOUNCE] Apache 2.0.46 released include("compat.inc"); if (description) { script_id(11665); script_version("1.39"); script_cvs_date("Date: 2018/06/29 12:01:03"); script_cve_id("CVE-2003-0245", "CVE-2003-0189"); script_bugtraq_id(7723, 7725); script_xref(name:"RHSA", value:"2003:186-01"); script_name(english:"Apache 2.0.x < 2.0.46 Multiple DoS"); script_summary(english:"Checks for version of Apache."); script_set_attribute(attribute:"synopsis", value: "The remote web server is affected by multiple denial of service vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote host appears to be running a version of Apache 2.0.x that is prior to 2.0.46. It is, therefore, affected by multiple denial of service vulnerabilities : - There is a denial of service vulnerability that may allow an attacker to disable basic authentication on this host. - There is a denial of service vulnerability in the mod_dav module that may allow an attacker to crash this service remotely."); script_set_attribute(attribute:"see_also", value:"https://archive.apache.org/dist/httpd/CHANGES_2.0"); script_set_attribute(attribute:"solution", value:"Upgrade to version 2.0.46 or later."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/05/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2003/05/29"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:http_server"); script_end_attributes(); script_category(ACT_MIXED_ATTACK); script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc."); script_family(english: "Web Servers"); script_dependencie("no404.nasl", "apache_http_version.nasl"); script_require_keys("installed_sw/Apache"); script_require_ports("Services/www", 80); exit(0); } # # The script code starts here # include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("audit.inc"); include("install_func.inc"); get_install_count(app_name:"Apache", exit_if_zero:TRUE); port = get_http_port(default:80); install = get_single_install(app_name:"Apache", port:port, exit_if_unknown_ver:TRUE); if (safe_checks()) { # Check if we could get a version first, then check if it was # backported version = get_kb_item_or_exit('www/apache/'+port+'/version', exit_code:1); backported = get_kb_item_or_exit('www/apache/'+port+'/backported', exit_code:1); if (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, "Apache"); source = get_kb_item_or_exit('www/apache/'+port+'/source', exit_code:1); # Check if the version looks like iether ServerTokens Major/Minor # was used if (version =~ '^2(\\.0)?$') exit(1, "The banner from the Apache server listening on port "+port+" - "+source+" - is not granular enough to make a determination."); if (version !~ "^\d+(\.\d+)*$") exit(1, "The version of Apache listening on port " + port + " - " + version + " - is non-numeric and, therefore, cannot be used to make a determination."); if (version =~ '^2\\.0' && ver_compare(ver:version, fix:'2.0.46') == -1) { if (report_verbosity > 0) { report = '\n Version source : ' + source + '\n Installed version : ' + version + '\n Fixed version : 2.0.46\n'; security_note(port:port, extra:report); } else security_note(port); exit(0); } else audit(AUDIT_LISTEN_NOT_VULN, "Apache", port, install["version"]); } else { # # I could not make these exploits to work (RH8.0), but we'll include them # anyway. # if(http_is_dead(port:port))exit(0); req = 'GET / HTTP/1.1\r\n'; for(i=0;i<10;i++) req = strcat(req, 'Host: ', crap(2000), '\r\n'); req += '\r\n'; # The new API does not allow us to set the same header several times r = http_send_recv_buf(port: port, data: req); if (http_is_dead(port: port, retry: 3)) { security_note(port); exit(0); } xml = '<?xml version="1.0"?>\r\n' + '<a:propfind xmlns:a="' + 'DAV:' + crap(20000) + '">\r\n' + ' <a:allprop/>\r\n' + '</a:propfind>'; r = http_send_recv3(port: port, method: 'PROPFIND', item: '/', data: xml, add_headers: make_array( 'Depth', '1', 'Content-Type', 'text/xml; charset="utf-8"') ); if (http_is_dead(port: port, retry: 3)) security_note(port); }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-063.NASL description Two vulnerabilities were discovered in the Apache web server that affect all 2.x versions prior to 2.0.46. The first, discovered by John Hughes, is a build system problem that allows remote attackers to prevent access to authenticated content when a threaded server is used. This only affects versions of Apache compiled with threaded server last seen 2020-06-01 modified 2020-06-02 plugin id 14046 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14046 title Mandrake Linux Security Advisory : apache2 (MDKSA-2003:063-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2003:063. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(14046); script_version ("1.18"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2003-0189", "CVE-2003-0245"); script_xref(name:"MDKSA", value:"2003:063-1"); script_name(english:"Mandrake Linux Security Advisory : apache2 (MDKSA-2003:063-1)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Two vulnerabilities were discovered in the Apache web server that affect all 2.x versions prior to 2.0.46. The first, discovered by John Hughes, is a build system problem that allows remote attackers to prevent access to authenticated content when a threaded server is used. This only affects versions of Apache compiled with threaded server 'httpd.worker', which is not the default for Mandrake Linux. The second vulnerability, discovered by iDefense, allows remote attackers to cause a DoS (Denial of Service) condition and may also allow the execution of arbitrary code. The provided packages include back-ported fixes to correct these vulnerabilities and MandrakeSoft encourages all users to upgrade immediately. Update : The previous update mistakenly listed apache-conf packages which were never included, nor intended to be included, as part of the update." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-manual"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-mod_dav"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-mod_ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-mod_ssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-modules"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libapr0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1"); script_set_attribute(attribute:"patch_publication_date", value:"2003/06/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-2.0.45-4.3mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-common-2.0.45-4.3mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-devel-2.0.45-4.3mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-manual-2.0.45-4.3mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-mod_dav-2.0.45-4.3mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-mod_ldap-2.0.45-4.3mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-mod_ssl-2.0.45-4.3mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-modules-2.0.45-4.3mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-source-2.0.45-4.3mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"libapr0-2.0.45-4.3mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Redhat
| advisories |
|
Statements
| contributor | Mark J Cox |
| lastmodified | 2008-07-02 |
| organization | Apache |
| statement | Fixed in Apache HTTP Server 2.0.46: http://httpd.apache.org/security/vulnerabilities_20.html |
References
- http://www.apache.org/dist/httpd/Announcement2.html
- http://www.redhat.com/support/errata/RHSA-2003-186.html
- http://www.kb.cert.org/vuls/id/479268
- http://www.securityfocus.com/bid/7725
- http://secunia.com/advisories/8881
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000661
- http://marc.info/?l=bugtraq&m=105418115512559&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12091
- https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E