Vulnerabilities > CVE-2003-0254 - Unspecified vulnerability in Apache Http Server

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
apache
nessus

Summary

Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.

Nessus

  • NASL familyWeb Servers
    NASL idAPACHE_2_0_47.NASL
    descriptionThe remote host appears to be running a version of Apache 2.x prior to 2.0.47. It is, therefore, affected by multiple vulnerabilities : - An issue in may occur when the SSLCipherSuite directive is used to upgrade a cipher suite which could lead to a weaker cipher suite being used instead of the upgraded one. (CVE-2003-0192) - A denial of service vulnerability may exist in the FTP proxy component relating to the use of IPV6 addresses. (CVE-2003-0253) - An attacker may be able to craft a type-map file that could cause the server to enter an infinite loop. (CVE-2003-0254)
    last seen2020-06-01
    modified2020-06-02
    plugin id11788
    published2010-10-20
    reporterThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/11788
    titleApache 2.0.x < 2.0.47 Multiple Vulnerabilities (DoS, Encryption)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if(description)
    {
     script_id(11788);
     script_cvs_date("Date: 2018/06/29 12:01:03");
     script_version("1.33");
    
     script_cve_id("CVE-2003-0192", "CVE-2003-0253", "CVE-2003-0254");
     script_bugtraq_id(8134, 8135, 8137, 8138);
     script_xref(name:"RHSA", value:"2003:243-01");
     script_xref(name:"Secunia", value:"10008");
     script_xref(name:"Secunia", value:"9813");
    
     script_name(english:"Apache 2.0.x < 2.0.47 Multiple Vulnerabilities (DoS, Encryption)");
     script_summary(english:"Checks version of Apache");
    
     script_set_attribute(attribute:"synopsis", value:
    "The remote web server is affected by multiple vulnerabilities.");
     script_set_attribute(attribute:"description", value:
    "The remote host appears to be running a version of Apache 2.x prior to
    2.0.47. It is, therefore, affected by multiple vulnerabilities :
    
      - An issue in may occur when the SSLCipherSuite directive
        is used to upgrade a cipher suite which could lead to a
        weaker cipher suite being used instead of the upgraded
        one. (CVE-2003-0192)
    
      - A denial of service vulnerability may exist in the FTP
        proxy component relating to the use of IPV6 addresses.
        (CVE-2003-0253)
    
      - An attacker may be able to craft a type-map file that
        could cause the server to enter an infinite loop.
        (CVE-2003-0254)" );
     script_set_attribute(attribute:"see_also", value:"https://archive.apache.org/dist/httpd/CHANGES_2.0" );
     script_set_attribute(attribute:"solution", value:
    "Upgrade to Apache web server version 2.0.47 or later.");
     script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P");
     script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
     script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L");
     script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"false");
    
     script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/20");
     script_set_attribute(attribute:"vuln_publication_date", value: "2003/07/09");
     script_set_attribute(attribute:"plugin_type", value:"remote");
     script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:http_server");
     script_end_attributes();
     script_category(ACT_GATHER_INFO);
     
     
     script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.");
     script_family(english:"Web Servers");
     script_dependencie("apache_http_version.nasl");
     script_require_keys("installed_sw/Apache");
     script_require_ports("Services/www", 80);
     exit(0);
    }
    
    #
    # The script code starts here
    #
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    include("audit.inc");
    include("install_func.inc");
    
    get_install_count(app_name:"Apache", exit_if_zero:TRUE);
    port = get_http_port(default:80);
    install = get_single_install(app_name:"Apache", port:port, exit_if_unknown_ver:TRUE);
    
    # Check if we could get a version first, then check if it was 
    # backported
    version = get_kb_item_or_exit('www/apache/'+port+'/version', exit_code:1);
    backported = get_kb_item_or_exit('www/apache/'+port+'/backported', exit_code:1);
    
    if (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, "Apache");
    source = get_kb_item_or_exit('www/apache/'+port+'/source', exit_code:1);
    
    # Check if the version looks like either ServerTokens Major/Minor
    # was used
    if (version =~ '^2(\\.0)?$') exit(1, "The banner from the Apache server listening on port "+port+" - "+source+" - is not granular enough to make a determination.");
    if (version !~ "^\d+(\.\d+)*$") exit(1, "The version of Apache listening on port " + port + " - " + version + " - is non-numeric and, therefore, cannot be used to make a determination.");
    if (version =~ '^2\\.0' && ver_compare(ver:version, fix:'2.0.47') == -1)
    {
      if (report_verbosity > 0)
      {
        report = 
          '\n  Version source    : ' + source +
          '\n  Installed version : ' + version +
          '\n  Fixed version     : 2.0.47\n';
        security_warning(port:port, extra:report);
      }
      else security_warning(port);
      exit(0);
    }
    else audit(AUDIT_LISTEN_NOT_VULN, "Apache", port, install["version"]);
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2003-075.NASL
    descriptionSeveral vulnerabilities were discovered in Apache 2.x versions prior to 2.0.47. From the Apache 2.0.47 release notes : Certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one could result in the weak ciphersuite being used in place of the new one (CVE-2003-0192). Certain errors returned by accept() on rarely accessed ports could cause temporary Denial of Service due to a bug in the prefork MPM (CVE-2003-0253). Denial of Service was caused when target host is IPv6 but FTP proxy server can
    last seen2020-06-01
    modified2020-06-02
    plugin id14058
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14058
    titleMandrake Linux Security Advisory : apache2 (MDKSA-2003:075-1)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2003:075. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(14058);
      script_version ("1.23");
      script_cvs_date("Date: 2019/08/02 13:32:46");
    
      script_cve_id("CVE-2003-0192", "CVE-2003-0253", "CVE-2003-0254");
      script_xref(name:"CERT", value:"379828");
      script_xref(name:"MDKSA", value:"2003:075-1");
    
      script_name(english:"Mandrake Linux Security Advisory : apache2 (MDKSA-2003:075-1)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Mandrake Linux host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities were discovered in Apache 2.x versions prior
    to 2.0.47. From the Apache 2.0.47 release notes :
    
    Certain sequences of per-directory renegotiations and the
    SSLCipherSuite directive being used to upgrade from a weak ciphersuite
    to a strong one could result in the weak ciphersuite being used in
    place of the new one (CVE-2003-0192).
    
    Certain errors returned by accept() on rarely accessed ports could
    cause temporary Denial of Service due to a bug in the prefork MPM
    (CVE-2003-0253).
    
    Denial of Service was caused when target host is IPv6 but FTP proxy
    server can't create IPv6 socket (CVE-2003-0254).
    
    The server would crash when going into an infinite loop due to too
    many subsequent internal redirects and nested subrequests (VU#379828).
    
    The Apache Software Foundation thanks Saheed Akhtar and Yoshioka
    Tsuneo for responsibly reporting these issues.
    
    To upgrade these apache packages, first stop Apache by issuing, as
    root :
    
    service httpd stop
    
    After the upgrade, restart Apache with :
    
    service httpd start
    
    Update :
    
    The previously released packages had a manpage conflict between
    apache2-common and apache-1.3 that prevented both packages from being
    installed at the same time. This update provides a fixed
    apache2-common package."
      );
      # http://marc.theaimsgroup.com/?l=bugtraq&m=105259038503175
      script_set_attribute(
        attribute:"see_also",
        value:"http://marc.info/?l=bugtraq&m=105259038503175"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected apache2-common package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-common");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2003/08/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-common-2.0.47-1.2mdk", yank:"mdk")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    

Oval

accepted2010-09-20T04:00:18.162-04:00
classvulnerability
contributors
  • nameJay Beale
    organizationBastille Linux
  • nameJay Beale
    organizationBastille Linux
  • nameThomas R. Jones
    organizationMaitreya Security
  • nameJonathan Baker
    organizationThe MITRE Corporation
descriptionApache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
familyunix
idoval:org.mitre.oval:def:183
statusaccepted
submitted2003-09-05T12:00:00.000-04:00
titleApache IPv6 Socket Failure Denial of Service
version40

Redhat

advisories
rhsa
idRHSA-2003:240

Statements

contributorMark J Cox
lastmodified2008-07-02
organizationApache
statementFixed in Apache HTTP Server 2.0.47: http://httpd.apache.org/security/vulnerabilities_20.html

References