Vulnerabilities > CVE-2003-0542 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apache Http Server
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-015.NASL description Updated httpd packages that fix two minor security issues in the Apache Web server are now available for Red Hat Enterprise Linux 3. The Apache HTTP Server is a powerful, full-featured, efficient, and freely-available Web server. An issue in the handling of regular expressions from configuration files was discovered in releases of the Apache HTTP Server version 2.0 prior to 2.0.48. To exploit this issue an attacker would need to have the ability to write to Apache configuration files such as .htaccess or httpd.conf. A carefully-crafted configuration file can cause an exploitable buffer overflow and would allow the attacker to execute arbitrary code in the context of the server (in default configurations as the last seen 2020-06-01 modified 2020-06-02 plugin id 12450 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12450 title RHEL 3 : httpd (RHSA-2004:015) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2004:015. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(12450); script_version ("1.27"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2003-0542"); script_xref(name:"RHSA", value:"2004:015"); script_name(english:"RHEL 3 : httpd (RHSA-2004:015)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated httpd packages that fix two minor security issues in the Apache Web server are now available for Red Hat Enterprise Linux 3. The Apache HTTP Server is a powerful, full-featured, efficient, and freely-available Web server. An issue in the handling of regular expressions from configuration files was discovered in releases of the Apache HTTP Server version 2.0 prior to 2.0.48. To exploit this issue an attacker would need to have the ability to write to Apache configuration files such as .htaccess or httpd.conf. A carefully-crafted configuration file can cause an exploitable buffer overflow and would allow the attacker to execute arbitrary code in the context of the server (in default configurations as the 'apache' user). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0542 to this issue. Users of the Apache HTTP Server should upgrade to these erratum packages, which contain backported patches correcting these issues, and are applied to Apache version 2.0.46. This update also includes fixes for a number of minor bugs found in this version of the Apache HTTP Server." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2003-0542" ); script_set_attribute( attribute:"see_also", value:"http://www.apacheweek.com/features/security-20.html" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2004:015" ); script_set_attribute( attribute:"solution", value:"Update the affected httpd, httpd-devel and / or mod_ssl packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_ssl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/11/03"); script_set_attribute(attribute:"patch_publication_date", value:"2004/01/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2004:015"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL3", reference:"httpd-2.0.46-26.ent")) flag++; if (rpm_check(release:"RHEL3", reference:"httpd-devel-2.0.46-26.ent")) flag++; if (rpm_check(release:"RHEL3", reference:"mod_ssl-2.0.46-26.ent")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd / httpd-devel / mod_ssl"); } }
NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD20040126.NASL description The remote host is missing Security Update 2004-01-26. This security update includes the following components : - Apache 1.3 - Classic - Mail - Safari - Windows File Sharing For MacOS 10.1.5, it only includes the following : - Mail This update contains various fixes which may allow an attacker to execute arbitrary code on the remote host. last seen 2020-06-01 modified 2020-06-02 plugin id 12517 published 2004-07-06 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/12517 title Mac OS X Multiple Vulnerabilities (Security Update 2004-01-26) code # # (C) Tenable Network Security, Inc. # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(12517); script_version ("1.16"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id("CVE-2004-0085", "CVE-2004-0086", "CVE-2004-0087", "CVE-2004-0088", "CVE-2004-0089", "CVE-2003-0789", "CVE-2003-0542", "CVE-2004-0092", "CVE-2003-0542"); script_bugtraq_id(9069); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2004-01-26)"); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a Mac OS X security update." ); script_set_attribute(attribute:"description", value: "The remote host is missing Security Update 2004-01-26. This security update includes the following components : - Apache 1.3 - Classic - Mail - Safari - Windows File Sharing For MacOS 10.1.5, it only includes the following : - Mail This update contains various fixes which may allow an attacker to execute arbitrary code on the remote host." ); # http://web.archive.org/web/20040206220131/http://www.apple.com/downloads/macosx/apple/securityupdate_2004-01-26_%2810_2_8_Server%29.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f54f1ccf" ); # http://web.archive.org/web/20040206214559/http://www.apple.com/downloads/macosx/apple/securityupdate_2004-01-26_%2810_1_5%29.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1a627a5f" ); script_set_attribute(attribute:"solution", value: "Install security update 2004-01-26. See http://support.apple.com/kb/HT1646 for more details." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119); script_set_attribute(attribute:"plugin_publication_date", value: "2004/07/06"); script_set_attribute(attribute:"vuln_publication_date", value: "2003/10/29"); script_set_attribute(attribute:"patch_publication_date", value: "2004/01/26"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_summary(english:"Check for Security Update 2004-01-26"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); script_family(english:"MacOS X Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages"); exit(0); } # packages = get_kb_item("Host/MacOSX/packages"); if ( ! packages ) exit(0); uname = get_kb_item("Host/uname"); # Security Update 2004-05-03 actually includes this update for MacOS X 10.2.8 Client if ( egrep(pattern:"Darwin.* 6\.8\.", string:uname) ) { if ( egrep(pattern:"^SecUpd2004-05-03", string:packages) ) exit(0); } # MacOS X 10.1.5, 10.2.8 and 10.3.2 only if ( egrep(pattern:"Darwin.* (5\.5\.|6\.8\.|7\.2\.)", string:uname) ) { if ( ! egrep(pattern:"^SecurityUpd2004-01-26", string:packages) ) { security_hole(0); exit(0); } else { set_kb_item(name:"CVE-2004-0174", value:TRUE); set_kb_item(name:"CVE-2003-0020", value:TRUE); } } if ( egrep(pattern:"Darwin.*", string:uname) ) { set_kb_item(name:"CVE-2004-0174", value:TRUE); set_kb_item(name:"CVE-2003-0020", value:TRUE); }
NASL family Web Servers NASL id APACHE_1_3_29.NASL description The remote host appears to be running a version of the Apache web server which is older than 1.3.29. Such versions are reportedly affected by local buffer overflow vulnerabilities in the mod_alias and mod_rewrite modules. An attacker could exploit these vulnerabilities to execute arbitrary code in the context of the affected application. *** Note that Nessus solely relied on the version number *** of the remote server to issue this warning. This might *** be a false positive last seen 2020-06-01 modified 2020-06-02 plugin id 11915 published 2003-11-01 reporter This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11915 title Apache < 1.3.29 Multiple Modules Local Overflow code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(11915); script_cve_id("CVE-2003-0542"); script_cvs_date("Date: 2018/11/15 20:50:25"); script_bugtraq_id(8911); script_version("1.29"); script_xref(name:"Secunia", value:"10096"); script_xref(name:"Secunia", value:"10845"); script_xref(name:"Secunia", value:"17311"); script_name(english:"Apache < 1.3.29 Multiple Modules Local Overflow"); script_summary(english:"Checks for version of Apache"); script_set_attribute(attribute:"synopsis", value: "The remote web server is affected by multiple local buffer overflow vulnerabilities." ); script_set_attribute(attribute:"description", value: "The remote host appears to be running a version of the Apache web server which is older than 1.3.29. Such versions are reportedly affected by local buffer overflow vulnerabilities in the mod_alias and mod_rewrite modules. An attacker could exploit these vulnerabilities to execute arbitrary code in the context of the affected application. *** Note that Nessus solely relied on the version number *** of the remote server to issue this warning. This might *** be a false positive" ); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/342674/30/0/threaded" ); script_set_attribute(attribute:"solution", value: "Upgrade to Apache web server version 1.3.29 or later." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119); script_set_attribute(attribute:"plugin_publication_date", value: "2003/11/01"); script_set_attribute(attribute:"vuln_publication_date", value: "2003/10/29"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:http_server"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc."); script_family(english:"Web Servers"); script_dependencie("apache_http_version.nasl"); script_require_keys("installed_sw/Apache"); script_require_ports("Services/www", 80); exit(0); } # # The script code starts here # include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("audit.inc"); include("install_func.inc"); get_install_count(app_name:"Apache", exit_if_zero:TRUE); port = get_http_port(default:80); install = get_single_install(app_name:"Apache", port:port, exit_if_unknown_ver:TRUE); # Check if we could get a version first, then check if it was # backported version = get_kb_item_or_exit('www/apache/'+port+'/version', exit_code:1); backported = get_kb_item_or_exit('www/apache/'+port+'/backported', exit_code:1); if (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, "Apache"); source = get_kb_item_or_exit('www/apache/'+port+'/source', exit_code:1); # Check if the version looks like either ServerTokesn Major/Minor # was used if (version =~ '^1(\\.3)?$') exit(1, "The banner from the Apache server listening on port "+port+" - "+source+" - is not granular enough to make a determination."); if (version !~ "^\d+(\.\d+)*$") exit(1, "The version of Apache listening on port " + port + " - " + version + " - is non-numeric and, therefore, cannot be used to make a determination."); if (version =~ '^1\\.3' && ver_compare(ver:version, fix:'1.3.29') == -1) { if (report_verbosity > 0) { report = '\n Version source : ' + source + '\n Installed version : ' + version + '\n Fixed version : 1.3.29\n'; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else audit(AUDIT_LISTEN_NOT_VULN, "Apache", port, install["version"]);
NASL family Fedora Local Security Checks NASL id FEDORA_2003-004.NASL description This update includes the latest stable release of Apache httpd 2.0, including a fix for the security issue CVE-2003-0542, a buffer overflow in the parsing of configuration files. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 13662 published 2004-07-23 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13662 title Fedora Core 1 : httpd-2.0.48-1.2 (2003-004) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2003-004. # include("compat.inc"); if (description) { script_id(13662); script_version ("1.16"); script_cvs_date("Date: 2019/08/02 13:32:23"); script_xref(name:"FEDORA", value:"2003-004"); script_name(english:"Fedora Core 1 : httpd-2.0.48-1.2 (2003-004)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update includes the latest stable release of Apache httpd 2.0, including a fix for the security issue CVE-2003-0542, a buffer overflow in the parsing of configuration files. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/announce/2004-January/000034.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1ac9ffa1" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:httpd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:httpd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:httpd-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:httpd-manual"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mod_ssl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:1"); script_set_attribute(attribute:"patch_publication_date", value:"2004/01/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 1.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC1", cpu:"i386", reference:"httpd-2.0.48-1.2")) flag++; if (rpm_check(release:"FC1", cpu:"i386", reference:"httpd-debuginfo-2.0.48-1.2")) flag++; if (rpm_check(release:"FC1", cpu:"i386", reference:"httpd-devel-2.0.48-1.2")) flag++; if (rpm_check(release:"FC1", cpu:"i386", reference:"httpd-manual-2.0.48-1.2")) flag++; if (rpm_check(release:"FC1", cpu:"i386", reference:"mod_ssl-2.0.48-1.2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd / httpd-debuginfo / httpd-devel / httpd-manual / mod_ssl"); }
NASL family Solaris Local Security Checks NASL id SOLARIS9_113146.NASL description SunOS 5.9: Apache Security Patch. Date this patch was last updated by Sun : Mar/05/10 last seen 2020-06-01 modified 2020-06-02 plugin id 13530 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13530 title Solaris 9 (sparc) : 113146-13 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(13530); script_version("1.40"); script_cvs_date("Date: 2019/10/25 13:36:26"); script_cve_id("CVE-2003-0020", "CVE-2003-0542", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2004-0492", "CVE-2007-1349"); script_name(english:"Solaris 9 (sparc) : 113146-13"); script_summary(english:"Check for patch 113146-13"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 113146-13" ); script_set_attribute( attribute:"description", value: "SunOS 5.9: Apache Security Patch. Date this patch was last updated by Sun : Mar/05/10" ); script_set_attribute( attribute:"see_also", value:"http://download.oracle.com/sunalerts/1021709.1.html" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2010/03/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"113146-13", obsoleted_by:"", package:"SUNWapchu", version:"11.9.0,REV=2002.03.02.00.35") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"113146-13", obsoleted_by:"", package:"SUNWapchd", version:"11.9.0,REV=2002.03.02.00.35") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"113146-13", obsoleted_by:"", package:"SUNWapchS", version:"11.9.0,REV=2002.03.02.00.35") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"113146-13", obsoleted_by:"", package:"SUNWapchr", version:"11.9.0,REV=2002.03.02.00.35") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report()); else security_hole(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2003-360.NASL description Updated Apache packages that fix a minor security issue are now available for Red Hat Enterprise Linux. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. An issue in the handling of regular expressions from configuration files was discovered in releases of the Apache HTTP Server version 1.3 prior to 1.3.29. To exploit this issue an attacker would need to have the ability to write to Apache configuration files such as .htaccess or httpd.conf. A carefully-crafted configuration file can cause an exploitable buffer overflow and would allow the attacker to execute arbitrary code in the context of the server (in default configurations as the last seen 2020-06-01 modified 2020-06-02 plugin id 12435 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12435 title RHEL 2.1 : apache (RHSA-2003:360) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2003:360. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(12435); script_version ("1.23"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2003-0542"); script_xref(name:"RHSA", value:"2003:360"); script_name(english:"RHEL 2.1 : apache (RHSA-2003:360)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated Apache packages that fix a minor security issue are now available for Red Hat Enterprise Linux. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. An issue in the handling of regular expressions from configuration files was discovered in releases of the Apache HTTP Server version 1.3 prior to 1.3.29. To exploit this issue an attacker would need to have the ability to write to Apache configuration files such as .htaccess or httpd.conf. A carefully-crafted configuration file can cause an exploitable buffer overflow and would allow the attacker to execute arbitrary code in the context of the server (in default configurations as the 'apache' user). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0542 to this issue. This update also includes an alternative version of the httpd binary which supports setting the MaxClients configuration directive to values above 256. All users of the Apache HTTP Web Server are advised to upgrade to the applicable errata packages, which contain back-ported fixes correcting the above security issue. Note that the instructions in the 'Solution' section of this errata contain additional steps required to complete the upgrade process." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2003-0542" ); script_set_attribute( attribute:"see_also", value:"http://www.apacheweek.com/features/security-13.html" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2003:360" ); script_set_attribute( attribute:"solution", value: "Update the affected apache, apache-devel and / or apache-manual packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-manual"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/11/03"); script_set_attribute(attribute:"patch_publication_date", value:"2003/12/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2003:360"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"apache-1.3.27-6.ent")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"apache-devel-1.3.27-6.ent")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"apache-manual-1.3.27-6.ent")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache / apache-devel / apache-manual"); } }
NASL family Solaris Local Security Checks NASL id SOLARIS8_116973.NASL description SunOS 5.8: Apache Patch. Date this patch was last updated by Sun : Apr/24/08 last seen 2020-06-01 modified 2020-06-02 plugin id 15482 published 2004-10-17 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15482 title Solaris 8 (sparc) : 116973-07 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(15482); script_version("1.36"); script_cvs_date("Date: 2019/10/25 13:36:25"); script_cve_id("CVE-2003-0020", "CVE-2003-0542", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2004-0492", "CVE-2007-1349"); script_name(english:"Solaris 8 (sparc) : 116973-07"); script_summary(english:"Check for patch 116973-07"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 116973-07" ); script_set_attribute( attribute:"description", value: "SunOS 5.8: Apache Patch. Date this patch was last updated by Sun : Apr/24/08" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/116973-07" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2008/04/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"116973-07", obsoleted_by:"", package:"SUNWapchu", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"116973-07", obsoleted_by:"", package:"SUNWapchd", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"116973-07", obsoleted_by:"", package:"SUNWapchS", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"116973-07", obsoleted_by:"", package:"SUNWapchr", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report()); else security_hole(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");
NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_116974.NASL description SunOS 5.8_x86: Apache Patch. Date this patch was last updated by Sun : Apr/23/08 last seen 2020-06-01 modified 2020-06-02 plugin id 15483 published 2004-10-17 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15483 title Solaris 8 (x86) : 116974-07 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(15483); script_version("1.33"); script_cvs_date("Date: 2019/10/25 13:36:25"); script_cve_id("CVE-2003-0020", "CVE-2003-0542", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2004-0492", "CVE-2007-1349"); script_name(english:"Solaris 8 (x86) : 116974-07"); script_summary(english:"Check for patch 116974-07"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 116974-07" ); script_set_attribute( attribute:"description", value: "SunOS 5.8_x86: Apache Patch. Date this patch was last updated by Sun : Apr/23/08" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/116974-07" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2008/04/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"116974-07", obsoleted_by:"", package:"SUNWapchu", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"116974-07", obsoleted_by:"", package:"SUNWapchd", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"116974-07", obsoleted_by:"", package:"SUNWapchS", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"116974-07", obsoleted_by:"", package:"SUNWapchr", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report()); else security_hole(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");
NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_114145.NASL description SunOS 5.9_x86: Apache Security Patch. Date this patch was last updated by Sun : Mar/05/10 last seen 2020-06-01 modified 2020-06-02 plugin id 13593 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13593 title Solaris 9 (x86) : 114145-12 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(13593); script_version("1.38"); script_cvs_date("Date: 2019/10/25 13:36:26"); script_cve_id("CVE-2003-0020", "CVE-2003-0542", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2004-0492", "CVE-2007-1349"); script_name(english:"Solaris 9 (x86) : 114145-12"); script_summary(english:"Check for patch 114145-12"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 114145-12" ); script_set_attribute( attribute:"description", value: "SunOS 5.9_x86: Apache Security Patch. Date this patch was last updated by Sun : Mar/05/10" ); script_set_attribute( attribute:"see_also", value:"http://download.oracle.com/sunalerts/1021709.1.html" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2010/03/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114145-12", obsoleted_by:"", package:"SUNWapchu", version:"11.9.0,REV=2002.08.06.16.05") < 0) flag++; if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114145-12", obsoleted_by:"", package:"SUNWapchd", version:"11.9.0,REV=2002.08.06.16.05") < 0) flag++; if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114145-12", obsoleted_by:"", package:"SUNWapchS", version:"11.9.0,REV=2002.08.06.16.05") < 0) flag++; if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114145-12", obsoleted_by:"", package:"SUNWapchr", version:"11.9.0,REV=2002.08.06.16.05") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report()); else security_hole(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");
NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2003-308-01.NASL description Apache httpd is a hypertext transfer protocol server, and is used by over two thirds of the Internet last seen 2020-06-01 modified 2020-06-02 plugin id 18742 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18742 title Slackware 8.1 / 9.0 / 9.1 / current : apache security update (SSA:2003-308-01) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2003-308-01. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(18742); script_version("1.16"); script_cvs_date("Date: 2019/10/25 13:36:20"); script_cve_id("CVE-2003-0542"); script_xref(name:"SSA", value:"2003-308-01"); script_name(english:"Slackware 8.1 / 9.0 / 9.1 / current : apache security update (SSA:2003-308-01)"); script_summary(english:"Checks for updated packages in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "Apache httpd is a hypertext transfer protocol server, and is used by over two thirds of the Internet's web sites. Upgraded Apache packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix local vulnerabilities that could allow users who can create or edit Apache config files to gain additional privileges. Sites running Apache should upgrade to the new packages. In addition, new mod_ssl packages have been prepared for all platforms, and new PHP packages have been prepared for Slackware 8.1, 9.0, and - -current (9.1 already uses PHP 4.3.3). In -current, these packages also move the Apache module directory from /usr/libexec to /usr/libexec/apache. Links for all of these related packages are provided below." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2003&m=slackware-security.559833 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1c39b7c6" ); script_set_attribute( attribute:"solution", value:"Update the affected apache, mod_ssl and / or php packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:apache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:mod_ssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:php"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:8.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.1"); script_set_attribute(attribute:"patch_publication_date", value:"2003/11/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"8.1", pkgname:"apache", pkgver:"1.3.29", pkgarch:"i386", pkgnum:"1")) flag++; if (slackware_check(osver:"8.1", pkgname:"mod_ssl", pkgver:"2.8.16_1.3.29", pkgarch:"i386", pkgnum:"1")) flag++; if (slackware_check(osver:"8.1", pkgname:"php", pkgver:"4.3.3", pkgarch:"i386", pkgnum:"1")) flag++; if (slackware_check(osver:"9.0", pkgname:"apache", pkgver:"1.3.29", pkgarch:"i386", pkgnum:"1")) flag++; if (slackware_check(osver:"9.0", pkgname:"mod_ssl", pkgver:"2.8.16_1.3.29", pkgarch:"i386", pkgnum:"1")) flag++; if (slackware_check(osver:"9.0", pkgname:"php", pkgver:"4.3.3", pkgarch:"i386", pkgnum:"1")) flag++; if (slackware_check(osver:"9.1", pkgname:"apache", pkgver:"1.3.29", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"9.1", pkgname:"mod_ssl", pkgver:"2.8.16_1.3.29", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"current", pkgname:"apache", pkgver:"1.3.29", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"current", pkgname:"mod_ssl", pkgver:"2.8.16_1.3.29", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"current", pkgname:"php", pkgver:"4.3.3", pkgarch:"i486", pkgnum:"3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Web Servers NASL id APACHE_2_0_48.NASL description The remote host appears to be running a version of Apache 2.0.x prior to 2.0.48. It is, therefore, affected by multiple vulnerabilities : - The mod_rewrite and mod_alias modules fail to handle regular expressions containing more than 9 captures resulting in a buffer overflow. - A vulnerability may occur in the mod_cgid module caused by the mishandling of CGI redirect paths. This could cause Apache to send the output of a CGI program to the wrong client. last seen 2020-06-01 modified 2020-06-02 plugin id 11853 published 2003-09-26 reporter This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11853 title Apache 2.0.x < 2.0.48 Multiple Vulnerabilities (OF, Info Disc.) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-103.NASL description A buffer overflow in mod_alias and mod_rewrite was discovered in Apache versions 1.3.19 and earlier as well as Apache 2.0.47 and earlier. This happens when a regular expression with more than 9 captures is confined. An attacker would have to create a carefully crafted configuration file (.htaccess or httpd.conf) in order to exploit these problems. As well, another buffer overflow in Apache 2.0.47 and earlier in mod_cgid last seen 2020-06-01 modified 2020-06-02 plugin id 14085 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14085 title Mandrake Linux Security Advisory : apache (MDKSA-2003:103)
Oval
accepted 2004-12-09T08:46:00.000-04:00 class vulnerability contributors name Brian Soby organization The MITRE Corporation description Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures. family unix id oval:org.mitre.oval:def:3799 status accepted submitted 2004-10-19T03:08:00.000-04:00 title Apache Web Server Multiple Module Local Buffer Overflow version 35 accepted 2010-09-20T04:00:43.886-04:00 class vulnerability contributors name Jay Beale organization Bastille Linux name Matt Busby organization The MITRE Corporation name Thomas R. Jones organization Maitreya Security name Jonathan Baker organization The MITRE Corporation
description Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures. family unix id oval:org.mitre.oval:def:863 status accepted submitted 2004-03-17T12:00:00.000-04:00 title Red Hat Multiple stack-based BO Vulnerabilities in Apache version 41 accepted 2010-09-20T04:00:44.258-04:00 class vulnerability contributors name Jay Beale organization Bastille Linux name Matt Busby organization The MITRE Corporation name Thomas R. Jones organization Maitreya Security name Jonathan Baker organization The MITRE Corporation
description Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures. family unix id oval:org.mitre.oval:def:864 status accepted submitted 2004-03-20T12:00:00.000-04:00 title Red Hat Enterprise 3 Multiple stack-based BO Vulnerabilities in Apache version 41 accepted 2013-04-29T04:19:33.111-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651
description Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures. family unix id oval:org.mitre.oval:def:9458 status accepted submitted 2010-07-09T03:56:16-04:00 title Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures. version 26
Redhat
advisories |
| ||||||||||||||||||||
rpms |
|
Statements
contributor | Mark J Cox |
lastmodified | 2008-07-02 |
organization | Apache |
statement | Fixed in Apache HTTP Server 2.0.48 and 1.3.29: http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_13.html |
References
- http://www.securityfocus.com/bid/8911
- http://www.redhat.com/support/errata/RHSA-2004-015.html
- http://httpd.apache.org/dist/httpd/Announcement2.html
- http://www.securityfocus.com/archive/1/342674
- http://www.securityfocus.com/advisories/6079
- http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:103
- http://www.redhat.com/support/errata/RHSA-2003-320.html
- http://www.redhat.com/support/errata/RHSA-2003-360.html
- http://www.redhat.com/support/errata/RHSA-2003-405.html
- ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.6/SCOSA-2004.6.txt
- ftp://patches.sgi.com/support/free/security/advisories/20031203-01-U.asc
- http://lists.apple.com/mhonarc/security-announce/msg00045.html
- http://www.kb.cert.org/vuls/id/434566
- http://www.kb.cert.org/vuls/id/549142
- http://secunia.com/advisories/10096
- http://secunia.com/advisories/10098
- http://secunia.com/advisories/10102
- http://secunia.com/advisories/10112
- http://secunia.com/advisories/10114
- http://secunia.com/advisories/10153
- http://secunia.com/advisories/10260
- http://secunia.com/advisories/10264
- http://secunia.com/advisories/10463
- http://www.securityfocus.com/bid/9504
- http://www.redhat.com/support/errata/RHSA-2005-816.html
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101444-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1
- http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html
- ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
- http://secunia.com/advisories/10580
- http://secunia.com/advisories/10593
- http://marc.info/?l=bugtraq&m=130497311408250&w=2
- http://docs.info.apple.com/article.html?artnum=61798
- http://marc.info/?l=bugtraq&m=106761802305141&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13400
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9458
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A864
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A863
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3799
- https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E