Vulnerabilities > CVE-2003-0542 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apache Http Server

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2004-015.NASL
    descriptionUpdated httpd packages that fix two minor security issues in the Apache Web server are now available for Red Hat Enterprise Linux 3. The Apache HTTP Server is a powerful, full-featured, efficient, and freely-available Web server. An issue in the handling of regular expressions from configuration files was discovered in releases of the Apache HTTP Server version 2.0 prior to 2.0.48. To exploit this issue an attacker would need to have the ability to write to Apache configuration files such as .htaccess or httpd.conf. A carefully-crafted configuration file can cause an exploitable buffer overflow and would allow the attacker to execute arbitrary code in the context of the server (in default configurations as the
    last seen2020-06-01
    modified2020-06-02
    plugin id12450
    published2004-07-06
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/12450
    titleRHEL 3 : httpd (RHSA-2004:015)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2004:015. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(12450);
      script_version ("1.27");
      script_cvs_date("Date: 2019/10/25 13:36:10");
    
      script_cve_id("CVE-2003-0542");
      script_xref(name:"RHSA", value:"2004:015");
    
      script_name(english:"RHEL 3 : httpd (RHSA-2004:015)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated httpd packages that fix two minor security issues in the
    Apache Web server are now available for Red Hat Enterprise Linux 3.
    
    The Apache HTTP Server is a powerful, full-featured, efficient, and
    freely-available Web server.
    
    An issue in the handling of regular expressions from configuration
    files was discovered in releases of the Apache HTTP Server version 2.0
    prior to 2.0.48. To exploit this issue an attacker would need to have
    the ability to write to Apache configuration files such as .htaccess
    or httpd.conf. A carefully-crafted configuration file can cause an
    exploitable buffer overflow and would allow the attacker to execute
    arbitrary code in the context of the server (in default configurations
    as the 'apache' user). The Common Vulnerabilities and Exposures
    project (cve.mitre.org) has assigned the name CVE-2003-0542 to this
    issue.
    
    Users of the Apache HTTP Server should upgrade to these erratum
    packages, which contain backported patches correcting these issues,
    and are applied to Apache version 2.0.46. This update also includes
    fixes for a number of minor bugs found in this version of the Apache
    HTTP Server."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2003-0542"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.apacheweek.com/features/security-20.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2004:015"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected httpd, httpd-devel and / or mod_ssl packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_ssl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2003/11/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2004/01/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2004:015";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL3", reference:"httpd-2.0.46-26.ent")) flag++;
      if (rpm_check(release:"RHEL3", reference:"httpd-devel-2.0.46-26.ent")) flag++;
      if (rpm_check(release:"RHEL3", reference:"mod_ssl-2.0.46-26.ent")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd / httpd-devel / mod_ssl");
      }
    }
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD20040126.NASL
    descriptionThe remote host is missing Security Update 2004-01-26. This security update includes the following components : - Apache 1.3 - Classic - Mail - Safari - Windows File Sharing For MacOS 10.1.5, it only includes the following : - Mail This update contains various fixes which may allow an attacker to execute arbitrary code on the remote host.
    last seen2020-06-01
    modified2020-06-02
    plugin id12517
    published2004-07-06
    reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/12517
    titleMac OS X Multiple Vulnerabilities (Security Update 2004-01-26)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    if ( ! defined_func("bn_random") ) exit(0);
    
    
    include("compat.inc");
    
    if(description)
    {
     script_id(12517);
     script_version ("1.16");
     script_cvs_date("Date: 2018/07/14  1:59:35");
    
     script_cve_id("CVE-2004-0085", "CVE-2004-0086", "CVE-2004-0087", "CVE-2004-0088", "CVE-2004-0089",
                   "CVE-2003-0789", "CVE-2003-0542", "CVE-2004-0092", "CVE-2003-0542");
     script_bugtraq_id(9069);
    
     script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2004-01-26)");
     
     script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a Mac OS X security update." );
     script_set_attribute(attribute:"description", value:
    "The remote host is missing Security Update 2004-01-26.
    
    This security update includes the following components :
    
     - Apache 1.3
     - Classic
     - Mail
     - Safari
     - Windows File Sharing
    
    For MacOS 10.1.5, it only includes the following :
    
     - Mail
    
    This update contains various fixes which may allow an attacker to execute
    arbitrary code on the remote host." );
     # http://web.archive.org/web/20040206220131/http://www.apple.com/downloads/macosx/apple/securityupdate_2004-01-26_%2810_2_8_Server%29.html
     script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f54f1ccf" );
     # http://web.archive.org/web/20040206214559/http://www.apple.com/downloads/macosx/apple/securityupdate_2004-01-26_%2810_1_5%29.html
     script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1a627a5f" );
     script_set_attribute(attribute:"solution", value:
    "Install security update 2004-01-26. See 
    http://support.apple.com/kb/HT1646 for more details." );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
     script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"false");
     script_cwe_id(119);
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2004/07/06");
     script_set_attribute(attribute:"vuln_publication_date", value: "2003/10/29");
     script_set_attribute(attribute:"patch_publication_date", value: "2004/01/26");
     script_set_attribute(attribute:"plugin_type", value:"local");
     script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
     script_end_attributes();
    
     script_summary(english:"Check for Security Update 2004-01-26");
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
     script_family(english:"MacOS X Local Security Checks");
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/MacOSX/packages");
     exit(0);
    }
    
    #
    
    packages = get_kb_item("Host/MacOSX/packages");
    if ( ! packages ) exit(0);
    
    uname = get_kb_item("Host/uname");
    # Security Update 2004-05-03 actually includes this update for MacOS X 10.2.8 Client
    if ( egrep(pattern:"Darwin.* 6\.8\.", string:uname) )
    {
     if ( egrep(pattern:"^SecUpd2004-05-03", string:packages) ) exit(0);
    }
    
    # MacOS X 10.1.5, 10.2.8 and 10.3.2 only
    if ( egrep(pattern:"Darwin.* (5\.5\.|6\.8\.|7\.2\.)", string:uname) )
    {
      if ( ! egrep(pattern:"^SecurityUpd2004-01-26", string:packages) ) { 
    		security_hole(0);
    		exit(0);
    		}
     else  {
            set_kb_item(name:"CVE-2004-0174", value:TRUE);
            set_kb_item(name:"CVE-2003-0020", value:TRUE);
            }
    }
    
    if ( egrep(pattern:"Darwin.*", string:uname) )
    {
            set_kb_item(name:"CVE-2004-0174", value:TRUE);
            set_kb_item(name:"CVE-2003-0020", value:TRUE);
    }
    
  • NASL familyWeb Servers
    NASL idAPACHE_1_3_29.NASL
    descriptionThe remote host appears to be running a version of the Apache web server which is older than 1.3.29. Such versions are reportedly affected by local buffer overflow vulnerabilities in the mod_alias and mod_rewrite modules. An attacker could exploit these vulnerabilities to execute arbitrary code in the context of the affected application. *** Note that Nessus solely relied on the version number *** of the remote server to issue this warning. This might *** be a false positive
    last seen2020-06-01
    modified2020-06-02
    plugin id11915
    published2003-11-01
    reporterThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/11915
    titleApache < 1.3.29 Multiple Modules Local Overflow
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if(description)
    {
     script_id(11915);
     script_cve_id("CVE-2003-0542");
     script_cvs_date("Date: 2018/11/15 20:50:25");
    
    
     script_bugtraq_id(8911);
     script_version("1.29");
     
     script_xref(name:"Secunia", value:"10096");
     script_xref(name:"Secunia", value:"10845");
     script_xref(name:"Secunia", value:"17311");
    
     script_name(english:"Apache < 1.3.29 Multiple Modules Local Overflow");
     script_summary(english:"Checks for version of Apache");
    
     script_set_attribute(attribute:"synopsis", value:
    "The remote web server is affected by multiple local buffer overflow
    vulnerabilities." );
     script_set_attribute(attribute:"description", value:
    "The remote host appears to be running a version of the Apache web
    server which is older than 1.3.29. Such versions are reportedly
    affected by local buffer overflow vulnerabilities in the mod_alias and
    mod_rewrite modules. An attacker could exploit these vulnerabilities
    to execute arbitrary code in the context of the affected application.
    
    *** Note that Nessus solely relied on the version number
    *** of the remote server to issue this warning. This might
    *** be a false positive" );
     script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/342674/30/0/threaded" );
     script_set_attribute(attribute:"solution", value:
    "Upgrade to Apache web server version 1.3.29 or later." );
     script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
     script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
     script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
     script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"false");
     script_cwe_id(119);
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2003/11/01");
     script_set_attribute(attribute:"vuln_publication_date", value: "2003/10/29");
     script_set_attribute(attribute:"plugin_type", value:"remote");
     script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:http_server");
     script_end_attributes();
    
     script_category(ACT_GATHER_INFO);
     
     script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.");
     script_family(english:"Web Servers");
     script_dependencie("apache_http_version.nasl");
     script_require_keys("installed_sw/Apache");
     script_require_ports("Services/www", 80);
     exit(0);
    }
    
    #
    # The script code starts here
    #
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    include("audit.inc");
    include("install_func.inc");
    
    get_install_count(app_name:"Apache", exit_if_zero:TRUE);
    port = get_http_port(default:80);
    install = get_single_install(app_name:"Apache", port:port, exit_if_unknown_ver:TRUE);
    
    # Check if we could get a version first,  then check if it was
    # backported
    version = get_kb_item_or_exit('www/apache/'+port+'/version', exit_code:1);
    backported = get_kb_item_or_exit('www/apache/'+port+'/backported', exit_code:1);
    
    if (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, "Apache");
    source = get_kb_item_or_exit('www/apache/'+port+'/source', exit_code:1);
    
    # Check if the version looks like either ServerTokesn Major/Minor
    # was used
    
    if (version =~ '^1(\\.3)?$') exit(1, "The banner from the Apache server listening on port "+port+" - "+source+" - is not granular enough to make a determination.");
    if (version !~ "^\d+(\.\d+)*$") exit(1, "The version of Apache listening on port " + port + " - " + version + " - is non-numeric and, therefore, cannot be used to make a determination.");
    if (version =~ '^1\\.3' && ver_compare(ver:version, fix:'1.3.29') == -1)
    {
      if (report_verbosity > 0)
      {
        report = 
          '\n  Version source    : ' + source +
          '\n  Installed version : ' + version + 
          '\n  Fixed version     : 1.3.29\n';
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
      exit(0);
    }
    else audit(AUDIT_LISTEN_NOT_VULN, "Apache", port, install["version"]);
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2003-004.NASL
    descriptionThis update includes the latest stable release of Apache httpd 2.0, including a fix for the security issue CVE-2003-0542, a buffer overflow in the parsing of configuration files. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id13662
    published2004-07-23
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13662
    titleFedora Core 1 : httpd-2.0.48-1.2 (2003-004)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2003-004.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(13662);
      script_version ("1.16");
      script_cvs_date("Date: 2019/08/02 13:32:23");
    
      script_xref(name:"FEDORA", value:"2003-004");
    
      script_name(english:"Fedora Core 1 : httpd-2.0.48-1.2 (2003-004)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora Core host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update includes the latest stable release of Apache httpd 2.0,
    including a fix for the security issue CVE-2003-0542, a buffer
    overflow in the parsing of configuration files.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/announce/2004-January/000034.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?1ac9ffa1"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_attribute(attribute:"risk_factor", value:"High");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:httpd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:httpd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:httpd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:httpd-manual");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mod_ssl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/01/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/23");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 1.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC1", cpu:"i386", reference:"httpd-2.0.48-1.2")) flag++;
    if (rpm_check(release:"FC1", cpu:"i386", reference:"httpd-debuginfo-2.0.48-1.2")) flag++;
    if (rpm_check(release:"FC1", cpu:"i386", reference:"httpd-devel-2.0.48-1.2")) flag++;
    if (rpm_check(release:"FC1", cpu:"i386", reference:"httpd-manual-2.0.48-1.2")) flag++;
    if (rpm_check(release:"FC1", cpu:"i386", reference:"mod_ssl-2.0.48-1.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd / httpd-debuginfo / httpd-devel / httpd-manual / mod_ssl");
    }
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_113146.NASL
    descriptionSunOS 5.9: Apache Security Patch. Date this patch was last updated by Sun : Mar/05/10
    last seen2020-06-01
    modified2020-06-02
    plugin id13530
    published2004-07-12
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13530
    titleSolaris 9 (sparc) : 113146-13
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text in this plugin was
    # extracted from the Oracle SunOS Patch Updates.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(13530);
      script_version("1.40");
      script_cvs_date("Date: 2019/10/25 13:36:26");
    
      script_cve_id("CVE-2003-0020", "CVE-2003-0542", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2004-0492", "CVE-2007-1349");
    
      script_name(english:"Solaris 9 (sparc) : 113146-13");
      script_summary(english:"Check for patch 113146-13");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote host is missing Sun Security Patch number 113146-13"
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "SunOS 5.9: Apache Security Patch.
    Date this patch was last updated by Sun : Mar/05/10"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://download.oracle.com/sunalerts/1021709.1.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"You should install this patch for your system to be up-to-date."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(119, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/03/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("solaris.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"113146-13", obsoleted_by:"", package:"SUNWapchu", version:"11.9.0,REV=2002.03.02.00.35") < 0) flag++;
    if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"113146-13", obsoleted_by:"", package:"SUNWapchd", version:"11.9.0,REV=2002.03.02.00.35") < 0) flag++;
    if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"113146-13", obsoleted_by:"", package:"SUNWapchS", version:"11.9.0,REV=2002.03.02.00.35") < 0) flag++;
    if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"113146-13", obsoleted_by:"", package:"SUNWapchr", version:"11.9.0,REV=2002.03.02.00.35") < 0) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());
      else security_hole(0);
      exit(0);
    }
    audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2003-360.NASL
    descriptionUpdated Apache packages that fix a minor security issue are now available for Red Hat Enterprise Linux. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. An issue in the handling of regular expressions from configuration files was discovered in releases of the Apache HTTP Server version 1.3 prior to 1.3.29. To exploit this issue an attacker would need to have the ability to write to Apache configuration files such as .htaccess or httpd.conf. A carefully-crafted configuration file can cause an exploitable buffer overflow and would allow the attacker to execute arbitrary code in the context of the server (in default configurations as the
    last seen2020-06-01
    modified2020-06-02
    plugin id12435
    published2004-07-06
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/12435
    titleRHEL 2.1 : apache (RHSA-2003:360)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2003:360. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(12435);
      script_version ("1.23");
      script_cvs_date("Date: 2019/10/25 13:36:10");
    
      script_cve_id("CVE-2003-0542");
      script_xref(name:"RHSA", value:"2003:360");
    
      script_name(english:"RHEL 2.1 : apache (RHSA-2003:360)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated Apache packages that fix a minor security issue are now
    available for Red Hat Enterprise Linux.
    
    The Apache HTTP server is a powerful, full-featured, efficient, and
    freely-available Web server.
    
    An issue in the handling of regular expressions from configuration
    files was discovered in releases of the Apache HTTP Server version 1.3
    prior to 1.3.29. To exploit this issue an attacker would need to have
    the ability to write to Apache configuration files such as .htaccess
    or httpd.conf. A carefully-crafted configuration file can cause an
    exploitable buffer overflow and would allow the attacker to execute
    arbitrary code in the context of the server (in default configurations
    as the 'apache' user). The Common Vulnerabilities and Exposures
    project (cve.mitre.org) has assigned the name CVE-2003-0542 to this
    issue.
    
    This update also includes an alternative version of the httpd binary
    which supports setting the MaxClients configuration directive to
    values above 256.
    
    All users of the Apache HTTP Web Server are advised to upgrade to the
    applicable errata packages, which contain back-ported fixes correcting
    the above security issue.
    
    Note that the instructions in the 'Solution' section of this errata
    contain additional steps required to complete the upgrade process."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2003-0542"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.apacheweek.com/features/security-13.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2003:360"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected apache, apache-devel and / or apache-manual
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-manual");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2003/11/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2003/12/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2003:360";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"apache-1.3.27-6.ent")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"apache-devel-1.3.27-6.ent")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"apache-manual-1.3.27-6.ent")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache / apache-devel / apache-manual");
      }
    }
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_116973.NASL
    descriptionSunOS 5.8: Apache Patch. Date this patch was last updated by Sun : Apr/24/08
    last seen2020-06-01
    modified2020-06-02
    plugin id15482
    published2004-10-17
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15482
    titleSolaris 8 (sparc) : 116973-07
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text in this plugin was
    # extracted from the Oracle SunOS Patch Updates.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(15482);
      script_version("1.36");
      script_cvs_date("Date: 2019/10/25 13:36:25");
    
      script_cve_id("CVE-2003-0020", "CVE-2003-0542", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2004-0492", "CVE-2007-1349");
    
      script_name(english:"Solaris 8 (sparc) : 116973-07");
      script_summary(english:"Check for patch 116973-07");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote host is missing Sun Security Patch number 116973-07"
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "SunOS 5.8: Apache Patch.
    Date this patch was last updated by Sun : Apr/24/08"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://getupdates.oracle.com/readme/116973-07"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"You should install this patch for your system to be up-to-date."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(119, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/04/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/10/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("solaris.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"116973-07", obsoleted_by:"", package:"SUNWapchu", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++;
    if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"116973-07", obsoleted_by:"", package:"SUNWapchd", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++;
    if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"116973-07", obsoleted_by:"", package:"SUNWapchS", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++;
    if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"116973-07", obsoleted_by:"", package:"SUNWapchr", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());
      else security_hole(0);
      exit(0);
    }
    audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_X86_116974.NASL
    descriptionSunOS 5.8_x86: Apache Patch. Date this patch was last updated by Sun : Apr/23/08
    last seen2020-06-01
    modified2020-06-02
    plugin id15483
    published2004-10-17
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15483
    titleSolaris 8 (x86) : 116974-07
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text in this plugin was
    # extracted from the Oracle SunOS Patch Updates.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(15483);
      script_version("1.33");
      script_cvs_date("Date: 2019/10/25 13:36:25");
    
      script_cve_id("CVE-2003-0020", "CVE-2003-0542", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2004-0492", "CVE-2007-1349");
    
      script_name(english:"Solaris 8 (x86) : 116974-07");
      script_summary(english:"Check for patch 116974-07");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote host is missing Sun Security Patch number 116974-07"
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "SunOS 5.8_x86: Apache Patch.
    Date this patch was last updated by Sun : Apr/23/08"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://getupdates.oracle.com/readme/116974-07"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"You should install this patch for your system to be up-to-date."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(119, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/04/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/10/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("solaris.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"116974-07", obsoleted_by:"", package:"SUNWapchu", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++;
    if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"116974-07", obsoleted_by:"", package:"SUNWapchd", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++;
    if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"116974-07", obsoleted_by:"", package:"SUNWapchS", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++;
    if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"116974-07", obsoleted_by:"", package:"SUNWapchr", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());
      else security_hole(0);
      exit(0);
    }
    audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_X86_114145.NASL
    descriptionSunOS 5.9_x86: Apache Security Patch. Date this patch was last updated by Sun : Mar/05/10
    last seen2020-06-01
    modified2020-06-02
    plugin id13593
    published2004-07-12
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13593
    titleSolaris 9 (x86) : 114145-12
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text in this plugin was
    # extracted from the Oracle SunOS Patch Updates.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(13593);
      script_version("1.38");
      script_cvs_date("Date: 2019/10/25 13:36:26");
    
      script_cve_id("CVE-2003-0020", "CVE-2003-0542", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2004-0492", "CVE-2007-1349");
    
      script_name(english:"Solaris 9 (x86) : 114145-12");
      script_summary(english:"Check for patch 114145-12");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote host is missing Sun Security Patch number 114145-12"
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "SunOS 5.9_x86: Apache Security Patch.
    Date this patch was last updated by Sun : Mar/05/10"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://download.oracle.com/sunalerts/1021709.1.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"You should install this patch for your system to be up-to-date."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(119, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/03/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("solaris.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114145-12", obsoleted_by:"", package:"SUNWapchu", version:"11.9.0,REV=2002.08.06.16.05") < 0) flag++;
    if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114145-12", obsoleted_by:"", package:"SUNWapchd", version:"11.9.0,REV=2002.08.06.16.05") < 0) flag++;
    if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114145-12", obsoleted_by:"", package:"SUNWapchS", version:"11.9.0,REV=2002.08.06.16.05") < 0) flag++;
    if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114145-12", obsoleted_by:"", package:"SUNWapchr", version:"11.9.0,REV=2002.08.06.16.05") < 0) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());
      else security_hole(0);
      exit(0);
    }
    audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2003-308-01.NASL
    descriptionApache httpd is a hypertext transfer protocol server, and is used by over two thirds of the Internet
    last seen2020-06-01
    modified2020-06-02
    plugin id18742
    published2005-07-13
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18742
    titleSlackware 8.1 / 9.0 / 9.1 / current : apache security update (SSA:2003-308-01)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Slackware Security Advisory 2003-308-01. The text 
    # itself is copyright (C) Slackware Linux, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(18742);
      script_version("1.16");
      script_cvs_date("Date: 2019/10/25 13:36:20");
    
      script_cve_id("CVE-2003-0542");
      script_xref(name:"SSA", value:"2003-308-01");
    
      script_name(english:"Slackware 8.1 / 9.0 / 9.1 / current : apache security update (SSA:2003-308-01)");
      script_summary(english:"Checks for updated packages in /var/log/packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Slackware host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Apache httpd is a hypertext transfer protocol server, and is used by
    over two thirds of the Internet's web sites. Upgraded Apache packages
    are available for Slackware 8.1, 9.0, 9.1, and -current. These fix
    local vulnerabilities that could allow users who can create or edit
    Apache config files to gain additional privileges. Sites running
    Apache should upgrade to the new packages. In addition, new mod_ssl
    packages have been prepared for all platforms, and new PHP packages
    have been prepared for Slackware 8.1, 9.0, and - -current (9.1 already
    uses PHP 4.3.3). In -current, these packages also move the Apache
    module directory from /usr/libexec to /usr/libexec/apache. Links for
    all of these related packages are provided below."
      );
      # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2003&m=slackware-security.559833
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?1c39b7c6"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected apache, mod_ssl and / or php packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:apache");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:mod_ssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:php");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:8.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2003/11/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
      script_family(english:"Slackware Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("slackware.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
    if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
    
    
    flag = 0;
    if (slackware_check(osver:"8.1", pkgname:"apache", pkgver:"1.3.29", pkgarch:"i386", pkgnum:"1")) flag++;
    if (slackware_check(osver:"8.1", pkgname:"mod_ssl", pkgver:"2.8.16_1.3.29", pkgarch:"i386", pkgnum:"1")) flag++;
    if (slackware_check(osver:"8.1", pkgname:"php", pkgver:"4.3.3", pkgarch:"i386", pkgnum:"1")) flag++;
    
    if (slackware_check(osver:"9.0", pkgname:"apache", pkgver:"1.3.29", pkgarch:"i386", pkgnum:"1")) flag++;
    if (slackware_check(osver:"9.0", pkgname:"mod_ssl", pkgver:"2.8.16_1.3.29", pkgarch:"i386", pkgnum:"1")) flag++;
    if (slackware_check(osver:"9.0", pkgname:"php", pkgver:"4.3.3", pkgarch:"i386", pkgnum:"1")) flag++;
    
    if (slackware_check(osver:"9.1", pkgname:"apache", pkgver:"1.3.29", pkgarch:"i486", pkgnum:"1")) flag++;
    if (slackware_check(osver:"9.1", pkgname:"mod_ssl", pkgver:"2.8.16_1.3.29", pkgarch:"i486", pkgnum:"1")) flag++;
    
    if (slackware_check(osver:"current", pkgname:"apache", pkgver:"1.3.29", pkgarch:"i486", pkgnum:"1")) flag++;
    if (slackware_check(osver:"current", pkgname:"mod_ssl", pkgver:"2.8.16_1.3.29", pkgarch:"i486", pkgnum:"1")) flag++;
    if (slackware_check(osver:"current", pkgname:"php", pkgver:"4.3.3", pkgarch:"i486", pkgnum:"3")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyWeb Servers
    NASL idAPACHE_2_0_48.NASL
    descriptionThe remote host appears to be running a version of Apache 2.0.x prior to 2.0.48. It is, therefore, affected by multiple vulnerabilities : - The mod_rewrite and mod_alias modules fail to handle regular expressions containing more than 9 captures resulting in a buffer overflow. - A vulnerability may occur in the mod_cgid module caused by the mishandling of CGI redirect paths. This could cause Apache to send the output of a CGI program to the wrong client.
    last seen2020-06-01
    modified2020-06-02
    plugin id11853
    published2003-09-26
    reporterThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/11853
    titleApache 2.0.x < 2.0.48 Multiple Vulnerabilities (OF, Info Disc.)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2003-103.NASL
    descriptionA buffer overflow in mod_alias and mod_rewrite was discovered in Apache versions 1.3.19 and earlier as well as Apache 2.0.47 and earlier. This happens when a regular expression with more than 9 captures is confined. An attacker would have to create a carefully crafted configuration file (.htaccess or httpd.conf) in order to exploit these problems. As well, another buffer overflow in Apache 2.0.47 and earlier in mod_cgid
    last seen2020-06-01
    modified2020-06-02
    plugin id14085
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14085
    titleMandrake Linux Security Advisory : apache (MDKSA-2003:103)

Oval

  • accepted2004-12-09T08:46:00.000-04:00
    classvulnerability
    contributors
    nameBrian Soby
    organizationThe MITRE Corporation
    descriptionMultiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
    familyunix
    idoval:org.mitre.oval:def:3799
    statusaccepted
    submitted2004-10-19T03:08:00.000-04:00
    titleApache Web Server Multiple Module Local Buffer Overflow
    version35
  • accepted2010-09-20T04:00:43.886-04:00
    classvulnerability
    contributors
    • nameJay Beale
      organizationBastille Linux
    • nameMatt Busby
      organizationThe MITRE Corporation
    • nameThomas R. Jones
      organizationMaitreya Security
    • nameJonathan Baker
      organizationThe MITRE Corporation
    descriptionMultiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
    familyunix
    idoval:org.mitre.oval:def:863
    statusaccepted
    submitted2004-03-17T12:00:00.000-04:00
    titleRed Hat Multiple stack-based BO Vulnerabilities in Apache
    version41
  • accepted2010-09-20T04:00:44.258-04:00
    classvulnerability
    contributors
    • nameJay Beale
      organizationBastille Linux
    • nameMatt Busby
      organizationThe MITRE Corporation
    • nameThomas R. Jones
      organizationMaitreya Security
    • nameJonathan Baker
      organizationThe MITRE Corporation
    descriptionMultiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
    familyunix
    idoval:org.mitre.oval:def:864
    statusaccepted
    submitted2004-03-20T12:00:00.000-04:00
    titleRed Hat Enterprise 3 Multiple stack-based BO Vulnerabilities in Apache
    version41
  • accepted2013-04-29T04:19:33.111-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
      ovaloval:org.mitre.oval:def:11782
    • commentCentOS Linux 3.x
      ovaloval:org.mitre.oval:def:16651
    descriptionMultiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
    familyunix
    idoval:org.mitre.oval:def:9458
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titleMultiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
    version26

Redhat

advisories
  • rhsa
    idRHSA-2003:320
  • rhsa
    idRHSA-2003:360
  • rhsa
    idRHSA-2003:405
  • rhsa
    idRHSA-2004:015
  • rhsa
    idRHSA-2005:816
rpms
  • httpd-0:2.0.46-26.ent
  • httpd-debuginfo-0:2.0.46-26.ent
  • httpd-devel-0:2.0.46-26.ent
  • mod_ssl-1:2.0.46-26.ent

Statements

contributorMark J Cox
lastmodified2008-07-02
organizationApache
statementFixed in Apache HTTP Server 2.0.48 and 1.3.29: http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_13.html

References