Vulnerabilities > CVE-2003-0993 - Unspecified vulnerability in Apache Http Server
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN apache
nessus
Summary
mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
Vulnerable Configurations
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-046.NASL description Four security vulnerabilities were fixed with the 1.3.31 release of Apache. All of these issues have been backported and applied to the provided packages. Thanks to Ralf Engelschall of OpenPKG for providing the patches. Apache 1.3 prior to 1.3.30 did not filter terminal escape sequences from its error logs. This could make it easier for attackers to insert those sequences into the terminal emulators of administrators viewing the error logs that contain vulnerabilities related to escape sequence handling (CVE-2003-0020). mod_digest in Apache 1.3 prior to 1.3.31 did not properly verify the nonce of a client response by using an AuthNonce secret. Apache now verifies the nonce returned in the client response to check whether it was issued by itself by means of a last seen 2020-06-01 modified 2020-06-02 plugin id 14145 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14145 title Mandrake Linux Security Advisory : apache-mod_perl (MDKSA-2004:046-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2004:046. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(14145); script_version ("1.21"); script_cvs_date("Date: 2019/08/02 13:32:47"); script_cve_id("CVE-2003-0020", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2004-1082"); script_xref(name:"MDKSA", value:"2004:046-1"); script_name(english:"Mandrake Linux Security Advisory : apache-mod_perl (MDKSA-2004:046-1)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Four security vulnerabilities were fixed with the 1.3.31 release of Apache. All of these issues have been backported and applied to the provided packages. Thanks to Ralf Engelschall of OpenPKG for providing the patches. Apache 1.3 prior to 1.3.30 did not filter terminal escape sequences from its error logs. This could make it easier for attackers to insert those sequences into the terminal emulators of administrators viewing the error logs that contain vulnerabilities related to escape sequence handling (CVE-2003-0020). mod_digest in Apache 1.3 prior to 1.3.31 did not properly verify the nonce of a client response by using an AuthNonce secret. Apache now verifies the nonce returned in the client response to check whether it was issued by itself by means of a 'AuthDigestRealmSeed' secret exposed as an MD5 checksum (CVE-2003-0987). mod_access in Apache 1.3 prior to 1.3.30, when running on big-endian 64-bit platforms, did not properly parse Allow/Deny rules using IP addresses without a netmask. This could allow a remote attacker to bypass intended access restrictions (CVE-2003-0993). Apache 1.3 prior to 1.3.30, when using multiple listening sockets on certain platforms, allows a remote attacker to cause a DoS by blocking new connections via a short-lived connection on a rarely-accessed listening socket (CVE-2004-0174). While this particular vulnerability does not affect Linux, we felt it prudent to include the fix. Update : Due to the changes in mod_digest.so, mod_perl needed to be rebuilt against the patched Apache packages in order for httpd-perl to properly load the module. The appropriate mod_perl packages have been rebuilt and are now available." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:HTML-Embperl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mod_perl-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mod_perl-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.2"); script_set_attribute(attribute:"patch_publication_date", value:"2004/05/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK10.0", reference:"HTML-Embperl-1.3.29_1.3.6-3.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"apache-mod_perl-1.3.29_1.29-3.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"mod_perl-common-1.3.29_1.29-3.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"mod_perl-devel-1.3.29_1.29-3.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"HTML-Embperl-1.3.27_1.3.4-7.1.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache-mod_perl-1.3.27_1.27-7.1.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"mod_perl-common-1.3.27_1.27-7.1.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"mod_perl-devel-1.3.27_1.27-7.1.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"HTML-Embperl-1.3.28_1.3.4-1.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"apache-mod_perl-1.3.28_1.28-1.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"mod_perl-common-1.3.28_1.28-1.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"mod_perl-devel-1.3.28_1.28-1.1.92mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Web Servers NASL id APACHE_ACCESS_WO_NETMASK.NASL description The remote host is running a version of Apache web server prior to 1.3.31. It is, therefore, affected by an access control bypass vulnerability due to a failure, on big-endian 64-bit platforms, to properly match last seen 2020-06-01 modified 2020-06-02 plugin id 14177 published 2004-07-31 reporter This script is Copyright (C) 2004-2018 George A. Theall source https://www.tenable.com/plugins/nessus/14177 title Apache < 1.3.31 mod_access IP Address Netmask Rule Bypass code # # This script was written by George A. Theall, <[email protected]>. # # See the Nessus Scripts License for details. # include("compat.inc"); if (description) { script_id(14177); script_version("1.31"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12"); script_cve_id("CVE-2003-0993"); script_bugtraq_id(9829); script_xref(name:"GLSA", value:"GLSA 200405-22"); script_xref(name:"MDKSA", value:"MDKSA-2004:046"); script_xref(name:"SSA", value:"SSA:2004-133-01"); script_xref(name:"Secunia", value:"11088"); script_xref(name:"Secunia", value:"11681"); script_xref(name:"Secunia", value:"11719"); script_xref(name:"Secunia", value:"12246"); script_name(english:"Apache < 1.3.31 mod_access IP Address Netmask Rule Bypass"); script_summary(english:"Checks for Apache version"); script_set_attribute(attribute:"synopsis", value: "The remote web server is affected by an access control bypass vulnerability."); script_set_attribute(attribute:"description", value: "The remote host is running a version of Apache web server prior to 1.3.31. It is, therefore, affected by an access control bypass vulnerability due to a failure, on big-endian 64-bit platforms, to properly match 'allow' or 'deny' rules that contain an IP address but lack a corresponding netmask. Nessus has determined the vulnerability exists only by looking at the Server header returned by the web server running on the target. If the target is not a big-endian 64-bit platform, consider this a false positive."); script_set_attribute(attribute:"see_also", value:"http://www.apacheweek.com/features/security-13"); script_set_attribute(attribute:"see_also", value:"http://marc.info/?l=apache-cvs&m=107869603013722" ); script_set_attribute(attribute:"see_also", value:"https://bz.apache.org/bugzilla/show_bug.cgi?id=23850" ); script_set_attribute(attribute:"solution", value:"Upgrade to Apache web server version 1.3.31 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/03/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:http_server"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2020 George A. Theall"); script_family(english:"Web Servers"); script_dependencie("apache_http_version.nasl", "ssh_get_info.nasl"); script_require_keys("installed_sw/Apache", "Settings/ParanoidReport"); script_require_ports("Services/www", 80); exit(0); } include("audit.inc"); include("backport.inc"); include("global_settings.inc"); include("http_func.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); uname = get_kb_item("Host/uname"); if ( uname ) { if ( pgrep(pattern:"i.86", string:uname) ) exit(0); } host = get_host_name(); port = get_http_port(default:80, embedded:TRUE); if (!get_port_state(port)) exit(0); # Check the web server's banner for the version. banner = get_http_banner(port:port); if (!banner) exit(0); banner = get_backport_banner(banner:banner); sig = strstr(banner, "Server:"); if (!sig) exit(0); if(preg(pattern:"^Server:.*Apache(-AdvancedExtranetServer)?/1\.([0-2]\.[0-9]|3\.([0-9][^0-9]|[0-2][0-9]))", string:sig)) { security_hole(port); }NASL family Solaris Local Security Checks NASL id SOLARIS9_113146.NASL description SunOS 5.9: Apache Security Patch. Date this patch was last updated by Sun : Mar/05/10 last seen 2020-06-01 modified 2020-06-02 plugin id 13530 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13530 title Solaris 9 (sparc) : 113146-13 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(13530); script_version("1.40"); script_cvs_date("Date: 2019/10/25 13:36:26"); script_cve_id("CVE-2003-0020", "CVE-2003-0542", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2004-0492", "CVE-2007-1349"); script_name(english:"Solaris 9 (sparc) : 113146-13"); script_summary(english:"Check for patch 113146-13"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 113146-13" ); script_set_attribute( attribute:"description", value: "SunOS 5.9: Apache Security Patch. Date this patch was last updated by Sun : Mar/05/10" ); script_set_attribute( attribute:"see_also", value:"http://download.oracle.com/sunalerts/1021709.1.html" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2010/03/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"113146-13", obsoleted_by:"", package:"SUNWapchu", version:"11.9.0,REV=2002.03.02.00.35") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"113146-13", obsoleted_by:"", package:"SUNWapchd", version:"11.9.0,REV=2002.03.02.00.35") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"113146-13", obsoleted_by:"", package:"SUNWapchS", version:"11.9.0,REV=2002.03.02.00.35") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"113146-13", obsoleted_by:"", package:"SUNWapchr", version:"11.9.0,REV=2002.03.02.00.35") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report()); else security_hole(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");NASL family Solaris Local Security Checks NASL id SOLARIS8_116973.NASL description SunOS 5.8: Apache Patch. Date this patch was last updated by Sun : Apr/24/08 last seen 2020-06-01 modified 2020-06-02 plugin id 15482 published 2004-10-17 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15482 title Solaris 8 (sparc) : 116973-07 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(15482); script_version("1.36"); script_cvs_date("Date: 2019/10/25 13:36:25"); script_cve_id("CVE-2003-0020", "CVE-2003-0542", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2004-0492", "CVE-2007-1349"); script_name(english:"Solaris 8 (sparc) : 116973-07"); script_summary(english:"Check for patch 116973-07"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 116973-07" ); script_set_attribute( attribute:"description", value: "SunOS 5.8: Apache Patch. Date this patch was last updated by Sun : Apr/24/08" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/116973-07" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2008/04/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"116973-07", obsoleted_by:"", package:"SUNWapchu", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"116973-07", obsoleted_by:"", package:"SUNWapchd", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"116973-07", obsoleted_by:"", package:"SUNWapchS", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"116973-07", obsoleted_by:"", package:"SUNWapchr", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report()); else security_hole(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_116974.NASL description SunOS 5.8_x86: Apache Patch. Date this patch was last updated by Sun : Apr/23/08 last seen 2020-06-01 modified 2020-06-02 plugin id 15483 published 2004-10-17 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15483 title Solaris 8 (x86) : 116974-07 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(15483); script_version("1.33"); script_cvs_date("Date: 2019/10/25 13:36:25"); script_cve_id("CVE-2003-0020", "CVE-2003-0542", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2004-0492", "CVE-2007-1349"); script_name(english:"Solaris 8 (x86) : 116974-07"); script_summary(english:"Check for patch 116974-07"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 116974-07" ); script_set_attribute( attribute:"description", value: "SunOS 5.8_x86: Apache Patch. Date this patch was last updated by Sun : Apr/23/08" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/116974-07" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2008/04/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"116974-07", obsoleted_by:"", package:"SUNWapchu", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"116974-07", obsoleted_by:"", package:"SUNWapchd", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"116974-07", obsoleted_by:"", package:"SUNWapchS", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"116974-07", obsoleted_by:"", package:"SUNWapchr", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report()); else security_hole(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_114145.NASL description SunOS 5.9_x86: Apache Security Patch. Date this patch was last updated by Sun : Mar/05/10 last seen 2020-06-01 modified 2020-06-02 plugin id 13593 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13593 title Solaris 9 (x86) : 114145-12 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(13593); script_version("1.38"); script_cvs_date("Date: 2019/10/25 13:36:26"); script_cve_id("CVE-2003-0020", "CVE-2003-0542", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2004-0492", "CVE-2007-1349"); script_name(english:"Solaris 9 (x86) : 114145-12"); script_summary(english:"Check for patch 114145-12"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 114145-12" ); script_set_attribute( attribute:"description", value: "SunOS 5.9_x86: Apache Security Patch. Date this patch was last updated by Sun : Mar/05/10" ); script_set_attribute( attribute:"see_also", value:"http://download.oracle.com/sunalerts/1021709.1.html" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2010/03/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114145-12", obsoleted_by:"", package:"SUNWapchu", version:"11.9.0,REV=2002.08.06.16.05") < 0) flag++; if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114145-12", obsoleted_by:"", package:"SUNWapchd", version:"11.9.0,REV=2002.08.06.16.05") < 0) flag++; if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114145-12", obsoleted_by:"", package:"SUNWapchS", version:"11.9.0,REV=2002.08.06.16.05") < 0) flag++; if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114145-12", obsoleted_by:"", package:"SUNWapchr", version:"11.9.0,REV=2002.08.06.16.05") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report()); else security_hole(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200405-22.NASL description The remote host is affected by the vulnerability described in GLSA-200405-22 (Apache 1.3: Multiple vulnerabilities) On 64-bit big-endian platforms, mod_access does not properly parse Allow/Deny rules using IP addresses without a netmask which could result in failure to match certain IP addresses. Terminal escape sequences are not filtered from error logs. This could be used by an attacker to insert escape sequences into a terminal emulator vulnerable to escape sequences. mod_digest does not properly verify the nonce of a client response by using a AuthNonce secret. This could permit an attacker to replay the response of another website. This does not affect mod_auth_digest. On certain platforms there is a starvation issue where listening sockets fails to handle short-lived connection on a rarely-accessed listening socket. This causes the child to hold the accept mutex and block out new connections until another connection arrives on the same rarely-accessed listening socket thus leading to a denial of service. Impact : These vulnerabilities could lead to attackers bypassing intended access restrictions, denial of service, and possibly execution of arbitrary code. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 14508 published 2004-08-30 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14508 title GLSA-200405-22 : Apache 1.3: Multiple vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200405-22. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(14508); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:41"); script_cve_id("CVE-2003-0020", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174"); script_xref(name:"GLSA", value:"200405-22"); script_name(english:"GLSA-200405-22 : Apache 1.3: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200405-22 (Apache 1.3: Multiple vulnerabilities) On 64-bit big-endian platforms, mod_access does not properly parse Allow/Deny rules using IP addresses without a netmask which could result in failure to match certain IP addresses. Terminal escape sequences are not filtered from error logs. This could be used by an attacker to insert escape sequences into a terminal emulator vulnerable to escape sequences. mod_digest does not properly verify the nonce of a client response by using a AuthNonce secret. This could permit an attacker to replay the response of another website. This does not affect mod_auth_digest. On certain platforms there is a starvation issue where listening sockets fails to handle short-lived connection on a rarely-accessed listening socket. This causes the child to hold the accept mutex and block out new connections until another connection arrives on the same rarely-accessed listening socket thus leading to a denial of service. Impact : These vulnerabilities could lead to attackers bypassing intended access restrictions, denial of service, and possibly execution of arbitrary code. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200405-22" ); script_set_attribute( attribute:"solution", value: "All users should upgrade to the latest stable version of Apache 1.3. # emerge sync # emerge -pv '>=www-servers/apache-1.3.31' # emerge '>=www-servers/apache-1.3.31'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:apache"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2004/05/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/30"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/12/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-servers/apache", unaffected:make_list("ge 1.3.31"), vulnerable:make_list("lt 1.3.31"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Apache 1.3"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_09D418DB70FD11D8873F0020ED76EF5A.NASL description Henning Brauer discovered a programming error in Apache 1.3 last seen 2020-06-01 modified 2020-06-02 plugin id 18833 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18833 title FreeBSD : Apache 1.3 IP address access control failure on some 64-bit platforms (09d418db-70fd-11d8-873f-0020ed76ef5a) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(18833); script_version("1.23"); script_cvs_date("Date: 2019/08/02 13:32:36"); script_cve_id("CVE-2003-0993"); script_bugtraq_id(9829); script_name(english:"FreeBSD : Apache 1.3 IP address access control failure on some 64-bit platforms (09d418db-70fd-11d8-873f-0020ed76ef5a)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "Henning Brauer discovered a programming error in Apache 1.3's mod_access that results in the netmasks in IP address access control rules being interpreted incorrectly on 64-bit, big-endian platforms. In some cases, this could cause a `deny from' IP address access control rule including a netmask to fail." ); # http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/modules/standard/mod_access.c?r1=1.46&r2=1.47 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?fef70f41" ); script_set_attribute( attribute:"see_also", value:"http://www.apacheweek.com/features/security-13" ); # http://marc.theaimsgroup.com/?l=apache-cvs&m=107869603013722 script_set_attribute( attribute:"see_also", value:"https://marc.info/?l=apache-cvs&m=107869603013722" ); # https://vuxml.freebsd.org/freebsd/09d418db-70fd-11d8-873f-0020ed76ef5a.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?815f5d53" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:apache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:apache+mod_ssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:apache+ssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:ru-apache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:ru-apache+mod_ssl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/03/07"); script_set_attribute(attribute:"patch_publication_date", value:"2004/03/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"apache<1.3.29_2")) flag++; if (pkg_test(save_report:TRUE, pkg:"apache+mod_ssl<1.3.29+2.8.16_1")) flag++; if (pkg_test(save_report:TRUE, pkg:"apache+ssl<1.3.29.1.53_1")) flag++; if (pkg_test(save_report:TRUE, pkg:"ru-apache<1.3.29+30.19_1")) flag++; if (pkg_test(save_report:TRUE, pkg:"ru-apache+mod_ssl<1.3.29+30.19+2.8.16_1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2004-133-01.NASL description New apache packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix security issues. These include a possible denial-of-service attack as well as the ability to possible pipe shell escapes through Apache last seen 2020-06-01 modified 2020-06-02 plugin id 18787 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18787 title Slackware 8.1 / 9.0 / 9.1 / current : apache (SSA:2004-133-01) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2004-133-01. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(18787); script_version("1.16"); script_cvs_date("Date: 2019/10/25 13:36:20"); script_cve_id("CVE-2003-0020", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174"); script_xref(name:"SSA", value:"2004-133-01"); script_name(english:"Slackware 8.1 / 9.0 / 9.1 / current : apache (SSA:2004-133-01)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New apache packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix security issues. These include a possible denial-of-service attack as well as the ability to possible pipe shell escapes through Apache's errorlog (which could create an exploit if the error log is read in a terminal program that does not filter such escapes). We recommend that sites running Apache upgrade to the new Apache package." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6e6ddedc" ); script_set_attribute( attribute:"solution", value:"Update the affected apache package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:apache"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:8.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.1"); script_set_attribute(attribute:"patch_publication_date", value:"2004/05/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/13"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/03/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"8.1", pkgname:"apache", pkgver:"1.3.29", pkgarch:"i386", pkgnum:"2")) flag++; if (slackware_check(osver:"9.0", pkgname:"apache", pkgver:"1.3.29", pkgarch:"i386", pkgnum:"2")) flag++; if (slackware_check(osver:"9.1", pkgname:"apache", pkgver:"1.3.29", pkgarch:"i486", pkgnum:"2")) flag++; if (slackware_check(osver:"current", pkgname:"apache", pkgver:"1.3.31", pkgarch:"i486", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Oval
accepted 2005-11-16T08:02:00.000-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. description mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions. family unix id oval:org.mitre.oval:def:100111 status accepted submitted 2005-08-16T12:00:00.000-04:00 title Apache Allow/Deny Parsing Error version 36 accepted 2004-12-09T08:46:00.000-04:00 class vulnerability contributors name Brian Soby organization The MITRE Corporation name Brian Soby organization The MITRE Corporation name Brian Soby organization The MITRE Corporation
description mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions. family unix id oval:org.mitre.oval:def:4670 status accepted submitted 2004-10-14T01:13:00.000-04:00 title Apache Mod_Access Access Control Rule Bypass Vulnerability version 35
Statements
| contributor | Mark J Cox |
| lastmodified | 2008-07-02 |
| organization | Apache |
| statement | Fixed in Apach HTTP Server 1.3.31: http://httpd.apache.org/security/vulnerabilities_13.html |
References
- http://www.apacheweek.com/features/security-13
- http://www.securityfocus.com/bid/9829
- http://issues.apache.org/bugzilla/show_bug.cgi?id=23850
- http://security.gentoo.org/glsa/glsa-200405-22.xml
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:046
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1
- http://www.trustix.org/errata/2004/0027
- http://marc.info/?l=apache-cvs&m=107869603013722
- http://marc.info/?l=bugtraq&m=108437852004207&w=2
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4670
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100111
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15422
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E