Vulnerabilities > CVE-2003-0987 - Unspecified vulnerability in Apache Http Server

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
apache
nessus

Summary

mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2004-046.NASL
    descriptionFour security vulnerabilities were fixed with the 1.3.31 release of Apache. All of these issues have been backported and applied to the provided packages. Thanks to Ralf Engelschall of OpenPKG for providing the patches. Apache 1.3 prior to 1.3.30 did not filter terminal escape sequences from its error logs. This could make it easier for attackers to insert those sequences into the terminal emulators of administrators viewing the error logs that contain vulnerabilities related to escape sequence handling (CVE-2003-0020). mod_digest in Apache 1.3 prior to 1.3.31 did not properly verify the nonce of a client response by using an AuthNonce secret. Apache now verifies the nonce returned in the client response to check whether it was issued by itself by means of a
    last seen2020-06-01
    modified2020-06-02
    plugin id14145
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14145
    titleMandrake Linux Security Advisory : apache-mod_perl (MDKSA-2004:046-1)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2004:046. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(14145);
      script_version ("1.21");
      script_cvs_date("Date: 2019/08/02 13:32:47");
    
      script_cve_id("CVE-2003-0020", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2004-1082");
      script_xref(name:"MDKSA", value:"2004:046-1");
    
      script_name(english:"Mandrake Linux Security Advisory : apache-mod_perl (MDKSA-2004:046-1)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandrake Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Four security vulnerabilities were fixed with the 1.3.31 release of
    Apache. All of these issues have been backported and applied to the
    provided packages. Thanks to Ralf Engelschall of OpenPKG for providing
    the patches.
    
    Apache 1.3 prior to 1.3.30 did not filter terminal escape sequences
    from its error logs. This could make it easier for attackers to insert
    those sequences into the terminal emulators of administrators viewing
    the error logs that contain vulnerabilities related to escape sequence
    handling (CVE-2003-0020).
    
    mod_digest in Apache 1.3 prior to 1.3.31 did not properly verify the
    nonce of a client response by using an AuthNonce secret. Apache now
    verifies the nonce returned in the client response to check whether it
    was issued by itself by means of a 'AuthDigestRealmSeed' secret
    exposed as an MD5 checksum (CVE-2003-0987).
    
    mod_access in Apache 1.3 prior to 1.3.30, when running on big-endian
    64-bit platforms, did not properly parse Allow/Deny rules using IP
    addresses without a netmask. This could allow a remote attacker to
    bypass intended access restrictions (CVE-2003-0993).
    
    Apache 1.3 prior to 1.3.30, when using multiple listening sockets on
    certain platforms, allows a remote attacker to cause a DoS by blocking
    new connections via a short-lived connection on a rarely-accessed
    listening socket (CVE-2004-0174). While this particular vulnerability
    does not affect Linux, we felt it prudent to include the fix.
    
    Update :
    
    Due to the changes in mod_digest.so, mod_perl needed to be rebuilt
    against the patched Apache packages in order for httpd-perl to
    properly load the module. The appropriate mod_perl packages have been
    rebuilt and are now available."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:HTML-Embperl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mod_perl-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mod_perl-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/05/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK10.0", reference:"HTML-Embperl-1.3.29_1.3.6-3.1.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", reference:"apache-mod_perl-1.3.29_1.29-3.1.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", reference:"mod_perl-common-1.3.29_1.29-3.1.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", reference:"mod_perl-devel-1.3.29_1.29-3.1.100mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"HTML-Embperl-1.3.27_1.3.4-7.1.91mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache-mod_perl-1.3.27_1.27-7.1.91mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"mod_perl-common-1.3.27_1.27-7.1.91mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"mod_perl-devel-1.3.27_1.27-7.1.91mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK9.2", reference:"HTML-Embperl-1.3.28_1.3.4-1.1.92mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", reference:"apache-mod_perl-1.3.28_1.28-1.1.92mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", reference:"mod_perl-common-1.3.28_1.28-1.1.92mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", reference:"mod_perl-devel-1.3.28_1.28-1.1.92mdk", yank:"mdk")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_113146.NASL
    descriptionSunOS 5.9: Apache Security Patch. Date this patch was last updated by Sun : Mar/05/10
    last seen2020-06-01
    modified2020-06-02
    plugin id13530
    published2004-07-12
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13530
    titleSolaris 9 (sparc) : 113146-13
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text in this plugin was
    # extracted from the Oracle SunOS Patch Updates.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(13530);
      script_version("1.40");
      script_cvs_date("Date: 2019/10/25 13:36:26");
    
      script_cve_id("CVE-2003-0020", "CVE-2003-0542", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2004-0492", "CVE-2007-1349");
    
      script_name(english:"Solaris 9 (sparc) : 113146-13");
      script_summary(english:"Check for patch 113146-13");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote host is missing Sun Security Patch number 113146-13"
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "SunOS 5.9: Apache Security Patch.
    Date this patch was last updated by Sun : Mar/05/10"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://download.oracle.com/sunalerts/1021709.1.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"You should install this patch for your system to be up-to-date."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(119, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/03/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("solaris.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"113146-13", obsoleted_by:"", package:"SUNWapchu", version:"11.9.0,REV=2002.03.02.00.35") < 0) flag++;
    if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"113146-13", obsoleted_by:"", package:"SUNWapchd", version:"11.9.0,REV=2002.03.02.00.35") < 0) flag++;
    if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"113146-13", obsoleted_by:"", package:"SUNWapchS", version:"11.9.0,REV=2002.03.02.00.35") < 0) flag++;
    if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"113146-13", obsoleted_by:"", package:"SUNWapchr", version:"11.9.0,REV=2002.03.02.00.35") < 0) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());
      else security_hole(0);
      exit(0);
    }
    audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_116973.NASL
    descriptionSunOS 5.8: Apache Patch. Date this patch was last updated by Sun : Apr/24/08
    last seen2020-06-01
    modified2020-06-02
    plugin id15482
    published2004-10-17
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15482
    titleSolaris 8 (sparc) : 116973-07
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text in this plugin was
    # extracted from the Oracle SunOS Patch Updates.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(15482);
      script_version("1.36");
      script_cvs_date("Date: 2019/10/25 13:36:25");
    
      script_cve_id("CVE-2003-0020", "CVE-2003-0542", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2004-0492", "CVE-2007-1349");
    
      script_name(english:"Solaris 8 (sparc) : 116973-07");
      script_summary(english:"Check for patch 116973-07");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote host is missing Sun Security Patch number 116973-07"
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "SunOS 5.8: Apache Patch.
    Date this patch was last updated by Sun : Apr/24/08"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://getupdates.oracle.com/readme/116973-07"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"You should install this patch for your system to be up-to-date."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(119, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/04/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/10/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("solaris.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"116973-07", obsoleted_by:"", package:"SUNWapchu", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++;
    if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"116973-07", obsoleted_by:"", package:"SUNWapchd", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++;
    if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"116973-07", obsoleted_by:"", package:"SUNWapchS", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++;
    if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"116973-07", obsoleted_by:"", package:"SUNWapchr", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());
      else security_hole(0);
      exit(0);
    }
    audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_X86_116974.NASL
    descriptionSunOS 5.8_x86: Apache Patch. Date this patch was last updated by Sun : Apr/23/08
    last seen2020-06-01
    modified2020-06-02
    plugin id15483
    published2004-10-17
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15483
    titleSolaris 8 (x86) : 116974-07
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text in this plugin was
    # extracted from the Oracle SunOS Patch Updates.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(15483);
      script_version("1.33");
      script_cvs_date("Date: 2019/10/25 13:36:25");
    
      script_cve_id("CVE-2003-0020", "CVE-2003-0542", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2004-0492", "CVE-2007-1349");
    
      script_name(english:"Solaris 8 (x86) : 116974-07");
      script_summary(english:"Check for patch 116974-07");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote host is missing Sun Security Patch number 116974-07"
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "SunOS 5.8_x86: Apache Patch.
    Date this patch was last updated by Sun : Apr/23/08"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://getupdates.oracle.com/readme/116974-07"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"You should install this patch for your system to be up-to-date."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(119, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/04/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/10/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("solaris.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"116974-07", obsoleted_by:"", package:"SUNWapchu", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++;
    if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"116974-07", obsoleted_by:"", package:"SUNWapchd", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++;
    if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"116974-07", obsoleted_by:"", package:"SUNWapchS", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++;
    if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"116974-07", obsoleted_by:"", package:"SUNWapchr", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());
      else security_hole(0);
      exit(0);
    }
    audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_X86_114145.NASL
    descriptionSunOS 5.9_x86: Apache Security Patch. Date this patch was last updated by Sun : Mar/05/10
    last seen2020-06-01
    modified2020-06-02
    plugin id13593
    published2004-07-12
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13593
    titleSolaris 9 (x86) : 114145-12
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text in this plugin was
    # extracted from the Oracle SunOS Patch Updates.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(13593);
      script_version("1.38");
      script_cvs_date("Date: 2019/10/25 13:36:26");
    
      script_cve_id("CVE-2003-0020", "CVE-2003-0542", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2004-0492", "CVE-2007-1349");
    
      script_name(english:"Solaris 9 (x86) : 114145-12");
      script_summary(english:"Check for patch 114145-12");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote host is missing Sun Security Patch number 114145-12"
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "SunOS 5.9_x86: Apache Security Patch.
    Date this patch was last updated by Sun : Mar/05/10"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://download.oracle.com/sunalerts/1021709.1.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"You should install this patch for your system to be up-to-date."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(119, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/03/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("solaris.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114145-12", obsoleted_by:"", package:"SUNWapchu", version:"11.9.0,REV=2002.08.06.16.05") < 0) flag++;
    if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114145-12", obsoleted_by:"", package:"SUNWapchd", version:"11.9.0,REV=2002.08.06.16.05") < 0) flag++;
    if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114145-12", obsoleted_by:"", package:"SUNWapchS", version:"11.9.0,REV=2002.08.06.16.05") < 0) flag++;
    if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114145-12", obsoleted_by:"", package:"SUNWapchr", version:"11.9.0,REV=2002.08.06.16.05") < 0) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());
      else security_hole(0);
      exit(0);
    }
    audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200405-22.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200405-22 (Apache 1.3: Multiple vulnerabilities) On 64-bit big-endian platforms, mod_access does not properly parse Allow/Deny rules using IP addresses without a netmask which could result in failure to match certain IP addresses. Terminal escape sequences are not filtered from error logs. This could be used by an attacker to insert escape sequences into a terminal emulator vulnerable to escape sequences. mod_digest does not properly verify the nonce of a client response by using a AuthNonce secret. This could permit an attacker to replay the response of another website. This does not affect mod_auth_digest. On certain platforms there is a starvation issue where listening sockets fails to handle short-lived connection on a rarely-accessed listening socket. This causes the child to hold the accept mutex and block out new connections until another connection arrives on the same rarely-accessed listening socket thus leading to a denial of service. Impact : These vulnerabilities could lead to attackers bypassing intended access restrictions, denial of service, and possibly execution of arbitrary code. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id14508
    published2004-08-30
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14508
    titleGLSA-200405-22 : Apache 1.3: Multiple vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200405-22.
    #
    # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(14508);
      script_version("1.17");
      script_cvs_date("Date: 2019/08/02 13:32:41");
    
      script_cve_id("CVE-2003-0020", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174");
      script_xref(name:"GLSA", value:"200405-22");
    
      script_name(english:"GLSA-200405-22 : Apache 1.3: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200405-22
    (Apache 1.3: Multiple vulnerabilities)
    
        On 64-bit big-endian platforms, mod_access does not properly parse
        Allow/Deny rules using IP addresses without a netmask which could result in
        failure to match certain IP addresses.
        Terminal escape sequences are not filtered from error logs. This could be
        used by an attacker to insert escape sequences into a terminal emulator
        vulnerable to escape sequences.
        mod_digest does not properly verify the nonce of a client response by using
        a AuthNonce secret. This could permit an attacker to replay the response of
        another website. This does not affect mod_auth_digest.
        On certain platforms there is a starvation issue where listening sockets
        fails to handle short-lived connection on a rarely-accessed listening
        socket. This causes the child to hold the accept mutex and block out new
        connections until another connection arrives on the same rarely-accessed
        listening socket thus leading to a denial of service.
      
    Impact :
    
        These vulnerabilities could lead to attackers bypassing intended access
        restrictions, denial of service, and possibly execution of arbitrary code.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200405-22"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All users should upgrade to the latest stable version of Apache 1.3.
        # emerge sync
        # emerge -pv '>=www-servers/apache-1.3.31'
        # emerge '>=www-servers/apache-1.3.31'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:apache");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/05/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/30");
      script_set_attribute(attribute:"vuln_publication_date", value:"2004/12/02");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"www-servers/apache", unaffected:make_list("ge 1.3.31"), vulnerable:make_list("lt 1.3.31"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Apache 1.3");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2004-600.NASL
    descriptionUpdated apache and mod_ssl packages that fix various minor security issues and bugs in the Apache Web server are now available for Red Hat Enterprise Linux 2.1. The Apache HTTP Server is a powerful, full-featured, efficient, and freely-available Web server. The mod_ssl module provides strong cryptography for the Apache Web server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. A buffer overflow was discovered in the mod_include module. This flaw could allow a local user who is authorized to create server-side include (SSI) files to gain the privileges of a httpd child (user
    last seen2020-06-01
    modified2020-06-02
    plugin id15960
    published2004-12-14
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/15960
    titleRHEL 2.1 : apache, mod_ssl (RHSA-2004:600)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD20041202.NASL
    descriptionThe remote host is missing Security Update 2004-12-02. This security update contains a number of fixes for the following programs : - Apache - Apache2 - AppKit - Cyrus IMAP - HIToolbox - Kerberos - Postfix - PSNormalizer - QuickTime Streaming Server - Safari - Terminal These programs contain multiple vulnerabilities that could allow a remote attacker to execute arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id15898
    published2004-12-02
    reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15898
    titleMac OS X Multiple Vulnerabilities (Security Update 2004-12-02)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2004-133-01.NASL
    descriptionNew apache packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix security issues. These include a possible denial-of-service attack as well as the ability to possible pipe shell escapes through Apache
    last seen2020-06-01
    modified2020-06-02
    plugin id18787
    published2005-07-13
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18787
    titleSlackware 8.1 / 9.0 / 9.1 / current : apache (SSA:2004-133-01)

Oval

  • accepted2005-11-16T08:02:00.000-04:00
    classvulnerability
    contributors
    nameRobert L. Hollis
    organizationThreatGuard, Inc.
    descriptionmod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
    familyunix
    idoval:org.mitre.oval:def:100108
    statusaccepted
    submitted2005-08-16T12:00:00.000-04:00
    titleApache Nonce Verification Response Replay Vulnerability
    version36
  • accepted2004-12-09T08:46:00.000-04:00
    classvulnerability
    contributors
    • nameBrian Soby
      organizationThe MITRE Corporation
    • nameBrian Soby
      organizationThe MITRE Corporation
    • nameBrian Soby
      organizationThe MITRE Corporation
    descriptionmod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
    familyunix
    idoval:org.mitre.oval:def:4416
    statusaccepted
    submitted2004-10-14T01:14:00.000-04:00
    titleApache mod_digest Nonce Verification Vulnerability
    version35

Redhat

advisories
  • rhsa
    idRHSA-2004:600
  • rhsa
    idRHSA-2005:816

Statements

contributorMark J Cox
lastmodified2008-07-02
organizationApache
statementFixed in Apache HTTP Server 1.3.31: http://httpd.apache.org/security/vulnerabilities_13.html

References