Vulnerabilities > CVE-2004-0492
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 | |
Application | 5 | |
Application | 4 | |
Application | 1 | |
OS | 1 | |
OS | 3 |
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-245.NASL description Updated httpd and mod_ssl packages that fix minor security issues in the Apache Web server are now available for Red Hat Enterprise Linux 2.1. The Apache HTTP Server is a powerful, full-featured, efficient, and freely-available Web server. A buffer overflow was found in the Apache proxy module, mod_proxy, which can be triggered by receiving an invalid Content-Length header. In order to exploit this issue, an attacker would need an Apache installation that was configured as a proxy to connect to a malicious site. This would cause the Apache child processing the request to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0492 to this issue. On Red Hat Enterprise Linux platforms Red Hat believes this issue cannot lead to remote code execution. This issue also does not represent a Denial of Service attack as requests will continue to be handled by other Apache child processes. A stack-based buffer overflow was discovered in mod_ssl which can be triggered if using the FakeBasicAuth option. If mod_ssl is sent a client certificate with a subject DN field longer than 6000 characters, a stack overflow can occur if FakeBasicAuth has been enabled. In order to exploit this issue the carefully crafted malicious certificate would have to be signed by a Certificate Authority which mod_ssl is configured to trust. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0488 to this issue. This update also fixes a DNS handling bug in mod_proxy. The mod_auth_digest module is now included in the Apache package and should be used instead of mod_digest for sites requiring Digest authentication. Red Hat Enterprise Linux 2.1 users of the Apache HTTP Server should upgrade to these erratum packages, which contains Apache version 1.3.27 with backported patches correcting these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 12506 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12506 title RHEL 2.1 : apache, mod_ssl (RHSA-2004:245) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2004:245. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(12506); script_version ("1.31"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2004-0488", "CVE-2004-0492"); script_bugtraq_id(10508); script_xref(name:"RHSA", value:"2004:245"); script_name(english:"RHEL 2.1 : apache, mod_ssl (RHSA-2004:245)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated httpd and mod_ssl packages that fix minor security issues in the Apache Web server are now available for Red Hat Enterprise Linux 2.1. The Apache HTTP Server is a powerful, full-featured, efficient, and freely-available Web server. A buffer overflow was found in the Apache proxy module, mod_proxy, which can be triggered by receiving an invalid Content-Length header. In order to exploit this issue, an attacker would need an Apache installation that was configured as a proxy to connect to a malicious site. This would cause the Apache child processing the request to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0492 to this issue. On Red Hat Enterprise Linux platforms Red Hat believes this issue cannot lead to remote code execution. This issue also does not represent a Denial of Service attack as requests will continue to be handled by other Apache child processes. A stack-based buffer overflow was discovered in mod_ssl which can be triggered if using the FakeBasicAuth option. If mod_ssl is sent a client certificate with a subject DN field longer than 6000 characters, a stack overflow can occur if FakeBasicAuth has been enabled. In order to exploit this issue the carefully crafted malicious certificate would have to be signed by a Certificate Authority which mod_ssl is configured to trust. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0488 to this issue. This update also fixes a DNS handling bug in mod_proxy. The mod_auth_digest module is now included in the Apache package and should be used instead of mod_digest for sites requiring Digest authentication. Red Hat Enterprise Linux 2.1 users of the Apache HTTP Server should upgrade to these erratum packages, which contains Apache version 1.3.27 with backported patches correcting these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0488" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0492" ); script_set_attribute( attribute:"see_also", value:"http://www.apacheweek.com/issues/04-06-11#security" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2004:245" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-manual"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_ssl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/07/07"); script_set_attribute(attribute:"patch_publication_date", value:"2004/06/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2004:245"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"apache-1.3.27-8.ent")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"apache-devel-1.3.27-8.ent")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"apache-manual-1.3.27-8.ent")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mod_ssl-2.8.12-4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache / apache-devel / apache-manual / mod_ssl"); } }
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200406-16.NASL description The remote host is affected by the vulnerability described in GLSA-200406-16 (Apache 1.3: Buffer overflow in mod_proxy) A bug in the proxy_util.c file may lead to a remote buffer overflow. To trigger the vulnerability an attacker would have to get mod_proxy to connect to a malicous server which returns an invalid (negative) Content-Length. Impact : An attacker could cause a Denial of Service as the Apache child handling the request, which will die and under some circumstances execute arbitrary code as the user running Apache, usually last seen 2020-06-01 modified 2020-06-02 plugin id 14527 published 2004-08-30 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14527 title GLSA-200406-16 : Apache 1.3: Buffer overflow in mod_proxy code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200406-16. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(14527); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:32:41"); script_cve_id("CVE-2004-0492"); script_xref(name:"GLSA", value:"200406-16"); script_name(english:"GLSA-200406-16 : Apache 1.3: Buffer overflow in mod_proxy"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200406-16 (Apache 1.3: Buffer overflow in mod_proxy) A bug in the proxy_util.c file may lead to a remote buffer overflow. To trigger the vulnerability an attacker would have to get mod_proxy to connect to a malicous server which returns an invalid (negative) Content-Length. Impact : An attacker could cause a Denial of Service as the Apache child handling the request, which will die and under some circumstances execute arbitrary code as the user running Apache, usually 'apache'. Workaround : There is no known workaround at this time. All users are encouraged to upgrade to the latest available version:" ); script_set_attribute( attribute:"see_also", value:"http://www.guninski.com/modproxy1.html" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200406-16" ); script_set_attribute( attribute:"solution", value: "Apache 1.x users should upgrade to the latest version of Apache: # emerge sync # emerge -pv '>=www-servers/apache-1.3.31-r2' # emerge '>=www-servers/apache-1.3.31-r2'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:apache"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2004/06/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/30"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/06/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-servers/apache", unaffected:make_list("ge 1.3.31-r2"), vulnerable:make_list("le 1.3.31-r1"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Apache 1.3"); }
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_CA6C8F350A5F11D9AD6F00061BC2AD93.NASL description A buffer overflow exists in mod_proxy which may allow an attacker to launch local DoS attacks and possibly execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 36428 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36428 title FreeBSD : apache -- heap overflow in mod_proxy (ca6c8f35-0a5f-11d9-ad6f-00061bc2ad93) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(36428); script_version("1.10"); script_cvs_date("Date: 2019/08/02 13:32:36"); script_cve_id("CVE-2004-0492"); script_name(english:"FreeBSD : apache -- heap overflow in mod_proxy (ca6c8f35-0a5f-11d9-ad6f-00061bc2ad93)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "A buffer overflow exists in mod_proxy which may allow an attacker to launch local DoS attacks and possibly execute arbitrary code." ); script_set_attribute( attribute:"see_also", value:"http://www.guninski.com/modproxy1.html" ); # https://vuxml.freebsd.org/freebsd/ca6c8f35-0a5f-11d9-ad6f-00061bc2ad93.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7848c935" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:apache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:apache13+ipv6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:apache13-modperl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:apache13-modssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:apache13-ssl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/06/10"); script_set_attribute(attribute:"patch_publication_date", value:"2004/09/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"apache<1.3.31_1")) flag++; if (pkg_test(save_report:TRUE, pkg:"apache13-ssl<=1.3.29.1.53_2")) flag++; if (pkg_test(save_report:TRUE, pkg:"apache13-modssl<1.3.31+2.8.18_4")) flag++; if (pkg_test(save_report:TRUE, pkg:"apache13+ipv6<=1.3.29_2")) flag++; if (pkg_test(save_report:TRUE, pkg:"apache13-modperl<=1.3.31")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2004-299-01.NASL description New apache and mod_ssl packages are available for Slackware 8.1, 9.0, 9.1, 10.0, and -current to fix security issues. Apache has been upgraded to version 1.3.32 which fixes a heap-based buffer overflow in mod_proxy. mod_ssl was upgraded from version mod_ssl-2.8.19-1.3.31 to version 2.8.21-1.3.32 which corrects a flaw allowing a client to use a cipher which the server does not consider secure enough. A new PHP package (php-4.3.9) is also available for all of these platforms. last seen 2020-06-01 modified 2020-06-02 plugin id 18793 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18793 title Slackware 10.0 / 8.1 / 9.0 / 9.1 / current : apache, mod_ssl, php (SSA:2004-299-01) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2004-299-01. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(18793); script_version("1.16"); script_cvs_date("Date: 2019/10/25 13:36:20"); script_cve_id("CVE-2004-0492", "CVE-2004-0885"); script_xref(name:"SSA", value:"2004-299-01"); script_name(english:"Slackware 10.0 / 8.1 / 9.0 / 9.1 / current : apache, mod_ssl, php (SSA:2004-299-01)"); script_summary(english:"Checks for updated packages in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New apache and mod_ssl packages are available for Slackware 8.1, 9.0, 9.1, 10.0, and -current to fix security issues. Apache has been upgraded to version 1.3.32 which fixes a heap-based buffer overflow in mod_proxy. mod_ssl was upgraded from version mod_ssl-2.8.19-1.3.31 to version 2.8.21-1.3.32 which corrects a flaw allowing a client to use a cipher which the server does not consider secure enough. A new PHP package (php-4.3.9) is also available for all of these platforms." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.661410 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?037194c4" ); script_set_attribute( attribute:"solution", value:"Update the affected apache, mod_ssl and / or php packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:apache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:mod_ssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:php"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:8.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.1"); script_set_attribute(attribute:"patch_publication_date", value:"2004/10/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/13"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/06/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"8.1", pkgname:"apache", pkgver:"1.3.32", pkgarch:"i386", pkgnum:"1")) flag++; if (slackware_check(osver:"8.1", pkgname:"mod_ssl", pkgver:"2.8.21_1.3.32", pkgarch:"i386", pkgnum:"1")) flag++; if (slackware_check(osver:"8.1", pkgname:"php", pkgver:"4.3.9", pkgarch:"i386", pkgnum:"1")) flag++; if (slackware_check(osver:"9.0", pkgname:"apache", pkgver:"1.3.32", pkgarch:"i386", pkgnum:"1")) flag++; if (slackware_check(osver:"9.0", pkgname:"mod_ssl", pkgver:"2.8.21_1.3.32", pkgarch:"i386", pkgnum:"1")) flag++; if (slackware_check(osver:"9.0", pkgname:"php", pkgver:"4.3.9", pkgarch:"i386", pkgnum:"1")) flag++; if (slackware_check(osver:"9.1", pkgname:"apache", pkgver:"1.3.32", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"9.1", pkgname:"mod_ssl", pkgver:"2.8.21_1.3.32", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"9.1", pkgname:"php", pkgver:"4.3.9", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"10.0", pkgname:"apache", pkgver:"1.3.32", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"10.0", pkgname:"mod_ssl", pkgver:"2.8.21_1.3.32", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"10.0", pkgname:"php", pkgver:"4.3.9", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"current", pkgname:"apache", pkgver:"1.3.32", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"current", pkgname:"mod_ssl", pkgver:"2.8.21_1.3.32", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"current", pkgname:"php", pkgver:"4.3.9", pkgarch:"i486", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Solaris Local Security Checks NASL id SOLARIS9_113146.NASL description SunOS 5.9: Apache Security Patch. Date this patch was last updated by Sun : Mar/05/10 last seen 2020-06-01 modified 2020-06-02 plugin id 13530 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13530 title Solaris 9 (sparc) : 113146-13 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(13530); script_version("1.40"); script_cvs_date("Date: 2019/10/25 13:36:26"); script_cve_id("CVE-2003-0020", "CVE-2003-0542", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2004-0492", "CVE-2007-1349"); script_name(english:"Solaris 9 (sparc) : 113146-13"); script_summary(english:"Check for patch 113146-13"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 113146-13" ); script_set_attribute( attribute:"description", value: "SunOS 5.9: Apache Security Patch. Date this patch was last updated by Sun : Mar/05/10" ); script_set_attribute( attribute:"see_also", value:"http://download.oracle.com/sunalerts/1021709.1.html" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2010/03/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"113146-13", obsoleted_by:"", package:"SUNWapchu", version:"11.9.0,REV=2002.03.02.00.35") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"113146-13", obsoleted_by:"", package:"SUNWapchd", version:"11.9.0,REV=2002.03.02.00.35") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"113146-13", obsoleted_by:"", package:"SUNWapchS", version:"11.9.0,REV=2002.03.02.00.35") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"113146-13", obsoleted_by:"", package:"SUNWapchr", version:"11.9.0,REV=2002.03.02.00.35") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report()); else security_hole(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");
NASL family Solaris Local Security Checks NASL id SOLARIS8_116973.NASL description SunOS 5.8: Apache Patch. Date this patch was last updated by Sun : Apr/24/08 last seen 2020-06-01 modified 2020-06-02 plugin id 15482 published 2004-10-17 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15482 title Solaris 8 (sparc) : 116973-07 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(15482); script_version("1.36"); script_cvs_date("Date: 2019/10/25 13:36:25"); script_cve_id("CVE-2003-0020", "CVE-2003-0542", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2004-0492", "CVE-2007-1349"); script_name(english:"Solaris 8 (sparc) : 116973-07"); script_summary(english:"Check for patch 116973-07"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 116973-07" ); script_set_attribute( attribute:"description", value: "SunOS 5.8: Apache Patch. Date this patch was last updated by Sun : Apr/24/08" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/116973-07" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2008/04/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"116973-07", obsoleted_by:"", package:"SUNWapchu", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"116973-07", obsoleted_by:"", package:"SUNWapchd", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"116973-07", obsoleted_by:"", package:"SUNWapchS", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"116973-07", obsoleted_by:"", package:"SUNWapchr", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report()); else security_hole(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");
NASL family FreeBSD Local Security Checks NASL id FREEBSD_APACHE_1331_6_MOD_PROXY.NASL description The following package needs to be updated: apache13+ipv6 last seen 2016-09-26 modified 2004-09-28 plugin id 14845 published 2004-09-28 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=14845 title FreeBSD : apache -- heap overflow in mod_proxy (10) code #%NASL_MIN_LEVEL 999999 # @DEPRECATED@ # # This script has been deprecated by freebsd_pkg_ca6c8f350a5f11d9ad6f00061bc2ad93.nasl. # # Disabled on 2011/10/02. # # # (C) Tenable Network Security, Inc. # # This script contains information extracted from VuXML : # # Copyright 2003-2006 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # include('compat.inc'); if ( description ) { script_id(14845); script_version("1.9"); script_cve_id("CVE-2004-0492"); script_name(english:"FreeBSD : apache -- heap overflow in mod_proxy (10)"); script_set_attribute(attribute:'synopsis', value: 'The remote host is missing a security update'); script_set_attribute(attribute:'description', value:'The following package needs to be updated: apache13+ipv6'); script_set_attribute(attribute: 'cvss_vector', value: 'CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C'); script_set_attribute(attribute:'solution', value: 'Update the package on the remote host'); script_set_attribute(attribute: 'see_also', value: 'http://mozillanews.org/?article_date=2004-12-08+06-48-46 http://secunia.com/advisories/13129/ http://secunia.com/advisories/13254/ http://secunia.com/multiple_browsers_window_injection_vulnerability_test/ http://www.guninski.com/modproxy1.html http://www.mozilla.org/security/announce/2006/mfsa2006-09.html http://www.mozilla.org/security/announce/2006/mfsa2006-10.html http://www.mozilla.org/security/announce/2006/mfsa2006-11.html http://www.mozilla.org/security/announce/2006/mfsa2006-12.html http://www.mozilla.org/security/announce/2006/mfsa2006-13.html http://www.mozilla.org/security/announce/2006/mfsa2006-14.html http://www.mozilla.org/security/announce/2006/mfsa2006-15.html http://www.mozilla.org/security/announce/2006/mfsa2006-16.html http://www.mozilla.org/security/announce/2006/mfsa2006-17.html http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6 http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-2.txt http://www.xfocus.org/advisories/200603/11.html https://bugzilla.mozilla.org/show_bug.cgi?id=103638 https://bugzilla.mozilla.org/show_bug.cgi?id=273699'); script_set_attribute(attribute:'see_also', value: 'http://www.FreeBSD.org/ports/portaudit/ca6c8f35-0a5f-11d9-ad6f-00061bc2ad93.html'); script_set_attribute(attribute:"plugin_publication_date", value: "2004/09/28"); script_end_attributes(); script_summary(english:"Check for apache13+ipv6"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); family["english"] = "FreeBSD Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/FreeBSD/pkg_info"); exit(0); } # Deprecated. exit(0, "This plugin has been deprecated. Refer to plugin #36428 (freebsd_pkg_ca6c8f350a5f11d9ad6f00061bc2ad93.nasl) instead."); global_var cvss_score; cvss_score=10; include('freebsd_package.inc'); pkg_test(pkg:"apache<1.3.31_1"); pkg_test(pkg:"apache13-ssl<=1.3.29.1.53_2"); pkg_test(pkg:"apache13-modssl<1.3.31+2.8.18_4"); pkg_test(pkg:"apache13+ipv6<=1.3.29_2"); pkg_test(pkg:"apache13-modperl<=1.3.31");
NASL family Web Servers NASL id APACHE_MOD_PROXY_BUFF_OVERFLOW.NASL description The remote web server appears to be running a version of Apache that is older than version 1.3.32. This version is reportedly vulnerable to a heap-based buffer overflow in proxy_util.c for mod_proxy. This issue may lead remote attackers to cause a denial of service and possibly execute arbitrary code on the server. last seen 2020-06-01 modified 2020-06-02 plugin id 15555 published 2004-10-25 reporter This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/15555 title Apache mod_proxy Content-Length Overflow code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(15555); script_version("1.26"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12"); script_cve_id("CVE-2004-0492"); script_bugtraq_id(10508); script_xref(name:"RHSA", value:"2004:245"); script_xref(name:"Secunia", value:"11841"); script_xref(name:"Secunia", value:"11854"); script_xref(name:"Secunia", value:"11859"); script_xref(name:"Secunia", value:"11866"); script_xref(name:"Secunia", value:"11917"); script_xref(name:"Secunia", value:"11946"); script_xref(name:"Secunia", value:"11957"); script_xref(name:"Secunia", value:"11968"); script_xref(name:"Secunia", value:"12971"); script_xref(name:"Secunia", value:"13115"); script_name(english:"Apache mod_proxy Content-Length Overflow"); script_summary(english:"Checks for version of Apache"); script_set_attribute(attribute:"synopsis", value: "The remote web server is affected by a heap-based buffer overflow vulnerability." ); script_set_attribute(attribute:"description", value: "The remote web server appears to be running a version of Apache that is older than version 1.3.32. This version is reportedly vulnerable to a heap-based buffer overflow in proxy_util.c for mod_proxy. This issue may lead remote attackers to cause a denial of service and possibly execute arbitrary code on the server." ); script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2004/Jun/293" ); script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2004/Jun/297" ); script_set_attribute(attribute:"solution", value: "Upgrade to Apache 1.3.32 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/10/25"); script_set_attribute(attribute:"vuln_publication_date", value: "2004/06/10"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe",value:"cpe:/a:apache:http_server"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Web Servers"); script_dependencie("http_version.nasl", "os_fingerprint.nasl", "redhat-RHSA-2004-244.nasl", "macosx_SecUpd20041202.nasl"); script_require_keys("www/apache"); script_require_ports("Services/www", 80); exit(0); } # # The script code starts here # include("http_func.inc"); include("backport.inc"); if ( get_kb_item("CVE-2004-0492") ) exit(0); port = get_http_port(default:80, embedded:TRUE); if(!port)exit(0); if(!get_port_state(port))exit(0); banner = get_backport_banner(banner:get_http_banner(port: port)); if(!banner)exit(0); serv = strstr(banner, "Server"); if(ereg(pattern:"^Server:.*Apache(-AdvancedExtranetServer)?/(1\.(3\.(2[6-9]|3[01])))([^0-9]|$)", string:serv)) { security_hole(port); exit(0); }
NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_116974.NASL description SunOS 5.8_x86: Apache Patch. Date this patch was last updated by Sun : Apr/23/08 last seen 2020-06-01 modified 2020-06-02 plugin id 15483 published 2004-10-17 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15483 title Solaris 8 (x86) : 116974-07 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(15483); script_version("1.33"); script_cvs_date("Date: 2019/10/25 13:36:25"); script_cve_id("CVE-2003-0020", "CVE-2003-0542", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2004-0492", "CVE-2007-1349"); script_name(english:"Solaris 8 (x86) : 116974-07"); script_summary(english:"Check for patch 116974-07"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 116974-07" ); script_set_attribute( attribute:"description", value: "SunOS 5.8_x86: Apache Patch. Date this patch was last updated by Sun : Apr/23/08" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/116974-07" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2008/04/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"116974-07", obsoleted_by:"", package:"SUNWapchu", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"116974-07", obsoleted_by:"", package:"SUNWapchd", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"116974-07", obsoleted_by:"", package:"SUNWapchS", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"116974-07", obsoleted_by:"", package:"SUNWapchr", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report()); else security_hole(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-525.NASL description Georgi Guninski discovered a buffer overflow bug in Apache last seen 2020-06-01 modified 2020-06-02 plugin id 15362 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15362 title Debian DSA-525-1 : apache - buffer overflow code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-525. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(15362); script_version("1.21"); script_cvs_date("Date: 2019/08/02 13:32:18"); script_cve_id("CVE-2004-0492"); script_bugtraq_id(10508); script_xref(name:"DSA", value:"525"); script_name(english:"Debian DSA-525-1 : apache - buffer overflow"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Georgi Guninski discovered a buffer overflow bug in Apache's mod_proxy module, whereby a remote user could potentially cause arbitrary code to be executed with the privileges of an Apache httpd child process (by default, user www-data). Note that this bug is only exploitable if the mod_proxy module is in use. Note that this bug exists in a module in the apache-common package, shared by apache, apache-ssl and apache-perl, so this update is sufficient to correct the bug for all three builds of Apache httpd. However, on systems using apache-ssl or apache-perl, httpd will not automatically be restarted." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2004/dsa-525" ); script_set_attribute( attribute:"solution", value: "For the current stable distribution (woody), this problem has been fixed in version 1.3.26-0woody5. We recommend that you update your apache package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:apache"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2004/06/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/06/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"apache", reference:"1.3.26-0woody5")) flag++; if (deb_check(release:"3.0", prefix:"apache-common", reference:"1.3.26-0woody5")) flag++; if (deb_check(release:"3.0", prefix:"apache-dev", reference:"1.3.26-0woody5")) flag++; if (deb_check(release:"3.0", prefix:"apache-doc", reference:"1.3.26-0woody5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_114145.NASL description SunOS 5.9_x86: Apache Security Patch. Date this patch was last updated by Sun : Mar/05/10 last seen 2020-06-01 modified 2020-06-02 plugin id 13593 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13593 title Solaris 9 (x86) : 114145-12 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(13593); script_version("1.38"); script_cvs_date("Date: 2019/10/25 13:36:26"); script_cve_id("CVE-2003-0020", "CVE-2003-0542", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2004-0492", "CVE-2007-1349"); script_name(english:"Solaris 9 (x86) : 114145-12"); script_summary(english:"Check for patch 114145-12"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 114145-12" ); script_set_attribute( attribute:"description", value: "SunOS 5.9_x86: Apache Security Patch. Date this patch was last updated by Sun : Mar/05/10" ); script_set_attribute( attribute:"see_also", value:"http://download.oracle.com/sunalerts/1021709.1.html" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2010/03/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114145-12", obsoleted_by:"", package:"SUNWapchu", version:"11.9.0,REV=2002.08.06.16.05") < 0) flag++; if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114145-12", obsoleted_by:"", package:"SUNWapchd", version:"11.9.0,REV=2002.08.06.16.05") < 0) flag++; if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114145-12", obsoleted_by:"", package:"SUNWapchS", version:"11.9.0,REV=2002.08.06.16.05") < 0) flag++; if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114145-12", obsoleted_by:"", package:"SUNWapchr", version:"11.9.0,REV=2002.08.06.16.05") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report()); else security_hole(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-065.NASL description A buffer overflow vulnerability was found by George Guninski in Apache last seen 2020-06-01 modified 2020-06-02 plugin id 14164 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14164 title Mandrake Linux Security Advisory : apache (MDKSA-2004:065) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2004:065. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(14164); script_version ("1.19"); script_cvs_date("Date: 2019/08/02 13:32:47"); script_cve_id("CVE-2004-0492"); script_xref(name:"MDKSA", value:"2004:065"); script_name(english:"Mandrake Linux Security Advisory : apache (MDKSA-2004:065)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A buffer overflow vulnerability was found by George Guninski in Apache's mod_proxy module, which can be exploited by a remote user to potentially execute arbitrary code with the privileges of an httpd child process (user apache). This can only be exploited, however, if mod_proxy is actually in use. It is recommended that you stop Apache prior to updating and then restart it again once the update is complete ('service httpd stop' and 'service httpd start' respectively)." ); script_set_attribute( attribute:"see_also", value:"http://www.guninski.com/modproxy1.html" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-modules"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-source"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.2"); script_set_attribute(attribute:"patch_publication_date", value:"2004/06/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK10.0", reference:"apache-1.3.29-1.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"apache-devel-1.3.29-1.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"apache-modules-1.3.29-1.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"apache-source-1.3.29-1.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache-1.3.27-8.3.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache-devel-1.3.27-8.3.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache-modules-1.3.27-8.3.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache-source-1.3.27-8.3.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"apache-1.3.28-3.3.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"apache-devel-1.3.28-3.3.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"apache-modules-1.3.28-3.3.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"apache-source-1.3.28-3.3.92mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD20041202.NASL description The remote host is missing Security Update 2004-12-02. This security update contains a number of fixes for the following programs : - Apache - Apache2 - AppKit - Cyrus IMAP - HIToolbox - Kerberos - Postfix - PSNormalizer - QuickTime Streaming Server - Safari - Terminal These programs contain multiple vulnerabilities that could allow a remote attacker to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 15898 published 2004-12-02 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15898 title Mac OS X Multiple Vulnerabilities (Security Update 2004-12-02) code # # (C) Tenable Network Security, Inc. # if (NASL_LEVEL < 3004) exit(0); # a large number of xrefs. if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(15898); script_version ("1.24"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id("CVE-2004-1082", "CVE-2003-0020", "CVE-2003-0987", "CVE-2004-0174", "CVE-2004-0488", "CVE-2004-0492", "CVE-2004-0885", "CVE-2004-0940", "CVE-2004-1083", "CVE-2004-1084", "CVE-2004-0747", "CVE-2004-0786", "CVE-2004-0751", "CVE-2004-0748", "CVE-2004-1081", "CVE-2004-0803", "CVE-2004-0804", "CVE-2004-0886", "CVE-2004-1089", "CVE-2004-1085", "CVE-2004-0642", "CVE-2004-0643", "CVE-2004-0644", "CVE-2004-0772", "CVE-2004-1088", "CVE-2004-1086", "CVE-2004-1123", "CVE-2004-1121", "CVE-2004-1122", "CVE-2004-1087"); script_bugtraq_id(9921, 9930, 9571, 11471, 11360, 11469, 10508, 11802); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2004-12-02)"); script_summary(english:"Check for Security Update 2004-12-02"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes a security issue." ); script_set_attribute( attribute:"description", value: "The remote host is missing Security Update 2004-12-02. This security update contains a number of fixes for the following programs : - Apache - Apache2 - AppKit - Cyrus IMAP - HIToolbox - Kerberos - Postfix - PSNormalizer - QuickTime Streaming Server - Safari - Terminal These programs contain multiple vulnerabilities that could allow a remote attacker to execute arbitrary code." ); # http://web.archive.org/web/20080915104713/http://support.apple.com/kb/HT1646? script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?210abeb5" ); script_set_attribute( attribute:"solution", value:"Install Security Update 2004-12-02." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(119); script_set_attribute(attribute:"plugin_publication_date", value: "2004/12/02"); script_set_attribute(attribute:"vuln_publication_date", value: "2003/02/24"); script_set_attribute(attribute:"patch_publication_date", value: "2004/12/02"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages"); exit(0); } packages = get_kb_item("Host/MacOSX/packages"); if ( ! packages ) exit(0); uname = get_kb_item("Host/uname"); # MacOS X 10.2.8, 10.3.6 only if ( egrep(pattern:"Darwin.* (6\.8\.|7\.6\.)", string:uname) ) { if ( ! egrep(pattern:"^SecUpd(Srvr)?2004-12-02", string:packages) ) security_hole(0); else non_vuln = 1; } else if ( egrep(pattern:"Darwin.* (6\.9|[0-9][0-9]\.|7\.([7-9]|[0-9][0-9]\.|[8-9]\.))", string:uname) ) non_vuln = 1; if ( non_vuln ) { set_kb_item(name:"CVE-2004-1082", value:TRUE); set_kb_item(name:"CVE-2003-0020", value:TRUE); set_kb_item(name:"CVE-2003-0987", value:TRUE); set_kb_item(name:"CVE-2004-0174", value:TRUE); set_kb_item(name:"CVE-2004-0488", value:TRUE); set_kb_item(name:"CVE-2004-0492", value:TRUE); set_kb_item(name:"CVE-2004-0885", value:TRUE); set_kb_item(name:"CVE-2004-0940", value:TRUE); set_kb_item(name:"CVE-2004-1083", value:TRUE); set_kb_item(name:"CVE-2004-1084", value:TRUE); set_kb_item(name:"CVE-2004-0747", value:TRUE); set_kb_item(name:"CVE-2004-0786", value:TRUE); set_kb_item(name:"CVE-2004-0751", value:TRUE); set_kb_item(name:"CVE-2004-0748", value:TRUE); set_kb_item(name:"CVE-2004-1081", value:TRUE); set_kb_item(name:"CVE-2004-0803", value:TRUE); set_kb_item(name:"CVE-2004-0804", value:TRUE); set_kb_item(name:"CVE-2004-0886", value:TRUE); set_kb_item(name:"CVE-2004-1089", value:TRUE); set_kb_item(name:"CVE-2004-1085", value:TRUE); set_kb_item(name:"CVE-2004-0642", value:TRUE); set_kb_item(name:"CVE-2004-0643", value:TRUE); set_kb_item(name:"CVE-2004-0644", value:TRUE); set_kb_item(name:"CVE-2004-0772", value:TRUE); set_kb_item(name:"CVE-2004-1088", value:TRUE); set_kb_item(name:"CVE-2004-1086", value:TRUE); set_kb_item(name:"CVE-2004-1123", value:TRUE); set_kb_item(name:"CVE-2004-1121", value:TRUE); set_kb_item(name:"CVE-2004-1122", value:TRUE); set_kb_item(name:"CVE-2004-1087", value:TRUE); }
Oval
accepted 2008-11-24T04:00:08.014-05:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Jonathan Baker organization The MITRE Corporation
description Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied. family unix id oval:org.mitre.oval:def:100112 status accepted submitted 2005-08-16T12:00:00.000-04:00 title Apache mod_proxy Content-Length Header Buffer Overflow version 36 accepted 2004-12-09T08:46:00.000-04:00 class vulnerability contributors name Brian Soby organization The MITRE Corporation name Brian Soby organization The MITRE Corporation name Brian Soby organization The MITRE Corporation
description Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied. family unix id oval:org.mitre.oval:def:4863 status accepted submitted 2004-10-14T01:12:00.000-04:00 title Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow version 35
Redhat
advisories |
|
Statements
contributor | Mark J Cox |
lastmodified | 2008-07-02 |
organization | Apache |
statement | Fixed in Apache HTTP Server 1.3.32: http://httpd.apache.org/security/vulnerabilities_13.html |
References
- http://www.debian.org/security/2004/dsa-525
- http://rhn.redhat.com/errata/RHSA-2004-245.html
- http://seclists.org/lists/fulldisclosure/2004/Jun/0296.html
- http://www.guninski.com/modproxy1.html
- https://bugzilla.fedora.us/show_bug.cgi?id=1737
- ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc
- http://www.kb.cert.org/vuls/id/541310
- http://secunia.com/advisories/11841
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:065
- http://marc.info/?l=bugtraq&m=130497311408250&w=2
- http://marc.info/?l=bugtraq&m=108711172710140&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16387
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4863
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100112
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E