Vulnerabilities > CVE-2004-0700

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
mod-ssl
gentoo
nessus

Summary

Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.

Nessus

  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_APACHE+SSL_13312819.NASL
    descriptionThe following package needs to be updated: apache+mod_ssl+ipv6
    last seen2016-09-26
    modified2011-10-03
    plugin id15509
    published2004-10-19
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=15509
    titleFreeBSD : apache13-modssl -- format string vulnerability in proxy support (8)
    code
    #%NASL_MIN_LEVEL 999999
    
    # @DEPRECATED@
    #
    # This script has been deprecated by freebsd_pkg_18974c8a1fbd11d9814e0001020eed82.nasl.
    #
    # Disabled on 2011/10/02.
    #
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # This script contains information extracted from VuXML :
    #
    # Copyright 2003-2006 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #   copyright notice, this list of conditions and the following
    #   disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #   published online in any format, converted to PDF, PostScript,
    #   RTF and other formats) must reproduce the above copyright
    #   notice, this list of conditions and the following disclaimer
    #   in the documentation and/or other materials provided with the
    #   distribution.
    #
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    #
    #
    
    include('compat.inc');
    
    if ( description )
    {
     script_id(15509);
     script_version("1.12");
     script_bugtraq_id(10736);
     script_cve_id("CVE-2004-0700");
    
     script_name(english:"FreeBSD : apache13-modssl -- format string vulnerability in proxy support (8)");
    
    script_set_attribute(attribute:'synopsis', value: 'The remote host is missing a security update');
    script_set_attribute(attribute:'description', value:'The following package needs to be updated: apache+mod_ssl+ipv6');
     script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
     script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"false");
    script_set_attribute(attribute:'solution', value: 'Update the package on the remote host');
    script_set_attribute(attribute: 'see_also', value: 'http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=482
    http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483
    http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=564
    http://packetstormsecurity.org/0407-advisories/modsslFormat.txt
    http://secunia.com/advisories/32200/
    http://www.mozilla.org/security/announce/2007/mfsa2007-01.html
    http://www.mozilla.org/security/announce/2007/mfsa2007-02.html
    http://www.openpkg.org/security/OpenPKG-SA-2004.032-apache.html
    http://www.opera.com/support/search/view/861/
    http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-gopher_html_parsing');
    script_set_attribute(attribute:'see_also', value: 'http://www.FreeBSD.org/ports/portaudit/18974c8a-1fbd-11d9-814e-0001020eed82.html');
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2004/10/19");
     script_cvs_date("Date: 2018/07/20  0:18:52");
     script_end_attributes();
     script_summary(english:"Check for apache+mod_ssl+ipv6");
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
     family["english"] = "FreeBSD Local Security Checks";
     script_family(english:family["english"]);
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/FreeBSD/pkg_info");
     exit(0);
    }
    
    # Deprecated.
    exit(0, "This plugin has been deprecated. Refer to plugin #36579 (freebsd_pkg_18974c8a1fbd11d9814e0001020eed82.nasl) instead.");
    
    global_var cvss_score;
    cvss_score=7;
    include('freebsd_package.inc');
    
    
    pkg_test(pkg:"apache+mod_ssl<1.3.31+2.8.19");
    
    pkg_test(pkg:"apache+mod_ssl+ipv6<1.3.31+2.8.19");
    
    pkg_test(pkg:"ru-apache+mod_ssl<1.3.31+30.20+2.8.19");
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_18974C8A1FBD11D9814E0001020EED82.NASL
    descriptionA OpenPKG Security Advisory reports : Triggered by a report to Packet Storm from Virulent, a format string vulnerability was found in mod_ssl, the Apache SSL/TLS interface to OpenSSL, version (up to and including) 2.8.18 for Apache 1.3. The mod_ssl in Apache 2.x is not affected. The vulnerability could be exploitable if Apache is used as a proxy for HTTPS URLs and the attacker established a own specially prepared DNS and origin server environment.
    last seen2020-06-01
    modified2020-06-02
    plugin id36579
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36579
    titleFreeBSD : apache13-modssl -- format string vulnerability in proxy support (18974c8a-1fbd-11d9-814e-0001020eed82)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(36579);
      script_version("1.16");
      script_cvs_date("Date: 2019/08/02 13:32:36");
    
      script_cve_id("CVE-2004-0700");
      script_bugtraq_id(10736);
      script_xref(name:"CERT", value:"303448");
    
      script_name(english:"FreeBSD : apache13-modssl -- format string vulnerability in proxy support (18974c8a-1fbd-11d9-814e-0001020eed82)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A OpenPKG Security Advisory reports :
    
    Triggered by a report to Packet Storm from Virulent, a format string
    vulnerability was found in mod_ssl, the Apache SSL/TLS interface to
    OpenSSL, version (up to and including) 2.8.18 for Apache 1.3. The
    mod_ssl in Apache 2.x is not affected. The vulnerability could be
    exploitable if Apache is used as a proxy for HTTPS URLs and the
    attacker established a own specially prepared DNS and origin server
    environment."
      );
      # http://www.openpkg.org/security/OpenPKG-SA-2004.032-apache.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://meta.openpkg.org/global-sitemap.php"
      );
      # http://packetstormsecurity.org/0407-advisories/modsslFormat.txt
      script_set_attribute(
        attribute:"see_also",
        value:"https://packetstormsecurity.com/0407-advisories/modsslFormat.txt"
      );
      # http://marc.theaimsgroup.com/?l=apache-modssl&m=109001100906749
      script_set_attribute(
        attribute:"see_also",
        value:"https://marc.info/?l=apache-modssl&m=109001100906749"
      );
      # https://vuxml.freebsd.org/freebsd/18974c8a-1fbd-11d9-814e-0001020eed82.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?2a568480"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:apache+mod_ssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:apache+mod_ssl+ipv6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:ru-apache+mod_ssl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2004/07/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2004/10/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"apache+mod_ssl<1.3.31+2.8.19")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"apache+mod_ssl+ipv6<1.3.31+2.8.19")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"ru-apache+mod_ssl<1.3.31+30.20+2.8.19")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2004-408.NASL
    descriptionAn updated mod_ssl package for Apache that fixes a format string vulnerability is now available. The mod_ssl module provides strong cryptography for the Apache Web server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. A format string issue was discovered in mod_ssl for Apache 1.3 which can be triggered if mod_ssl is configured to allow a client to proxy to remote SSL sites. In order to exploit this issue, a user who is authorized to use Apache as a proxy would have to attempt to connect to a carefully crafted hostname via SSL. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0700 to this issue. Users of mod_ssl should upgrade to this updated package, which contains a backported patch to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id14698
    published2004-09-09
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/14698
    titleRHEL 2.1 : mod_ssl (RHSA-2004:408)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2004:408. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(14698);
      script_version ("1.25");
      script_cvs_date("Date: 2019/10/25 13:36:10");
    
      script_cve_id("CVE-2004-0700");
      script_xref(name:"RHSA", value:"2004:408");
    
      script_name(english:"RHEL 2.1 : mod_ssl (RHSA-2004:408)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An updated mod_ssl package for Apache that fixes a format string
    vulnerability is now available.
    
    The mod_ssl module provides strong cryptography for the Apache Web
    server via the Secure Sockets Layer (SSL) and Transport Layer Security
    (TLS) protocols.
    
    A format string issue was discovered in mod_ssl for Apache 1.3 which
    can be triggered if mod_ssl is configured to allow a client to proxy
    to remote SSL sites. In order to exploit this issue, a user who is
    authorized to use Apache as a proxy would have to attempt to connect
    to a carefully crafted hostname via SSL. The Common Vulnerabilities
    and Exposures project (cve.mitre.org) has assigned the name
    CVE-2004-0700 to this issue.
    
    Users of mod_ssl should upgrade to this updated package, which
    contains a backported patch to correct this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0700"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2004:408"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mod_ssl package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_ssl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2004/07/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2004/09/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/09");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2004:408";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mod_ssl-2.8.12-6")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mod_ssl");
      }
    }
    
  • NASL familyWeb Servers
    NASL idMOD_SSL_HOOK_FUNCTIONS_FORMAT_STRING_VULN.NASL
    descriptionThe remote host is using a version vulnerable of mod_ssl which is older than 2.8.19. There is a format string condition in the log functions of the remote module which may allow an attacker to execute arbitrary code on the remote host. *** Some vendors patched older versions of mod_ssl, so this *** might be a false positive. Check with your vendor to determine *** if you have a version of mod_ssl that is patched for this *** vulnerability
    last seen2020-06-01
    modified2020-06-02
    plugin id13651
    published2004-07-16
    reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13651
    titleApache mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
     script_id(13651);
     script_version("1.26");
     script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12");
    
     script_cve_id("CVE-2004-0700");
     script_bugtraq_id(10736);
    
     script_name(english:"Apache mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String");
     script_summary(english:"Checks for version of mod_ssl");
    
     script_set_attribute(attribute:"synopsis", value:
    "The remote web server is using a module that is affected by a remote
    code execution vulnerability.");
     script_set_attribute(attribute:"description", value:
    "The remote host is using a version vulnerable of mod_ssl which is
    older than 2.8.19. There is a format string condition in the log
    functions of the remote module which may allow an attacker to execute
    arbitrary code on the remote host.
    
    *** Some vendors patched older versions of mod_ssl, so this
    *** might be a false positive. Check with your vendor to determine
    *** if you have a version of mod_ssl that is patched for this
    *** vulnerability");
     script_set_attribute(attribute:"see_also", value:"http://marc.info/?l=apache-modssl&m=109001100906749&w=2");
     script_set_attribute(attribute:"see_also", value:"https://marc.info/?l=bugtraq&m=109005001205991&w=2");
     script_set_attribute(attribute:"solution", value:
    "Upgrade to mod_ssl version 2.8.19 or newer");
     script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
     script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"false");
    
     script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/16");
     script_set_attribute(attribute:"vuln_publication_date", value:"2004/07/16");
    script_set_attribute(attribute:"plugin_type", value:"remote");
    script_end_attributes();
    
    
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2004-2020 Tenable Network Security, Inc.");
     script_family(english:"Web Servers");
     script_dependencie("http_version.nasl");
     script_require_ports("Services/www", 80);
     script_require_keys("www/apache");
     exit(0);
    }
    
    #
    # The script code starts here
    #
    include("http_func.inc");
    include('backport.inc');
    
    if ( get_kb_item("CVE-2004-0700") ) exit(0);
    
    port = get_http_port(default:80, embedded:TRUE);
    
    if(get_port_state(port))
    {
     banner = get_backport_banner(banner:get_http_banner(port:port));
     if(!banner || backported )exit(0);
     if ( "Darwin" >< banner )exit(0);
    
     serv = strstr(banner, "Server");
     if("Apache/" >!< serv ) exit(0);
     if("Apache/2" >< serv) exit(0);
     if("Apache-AdvancedExtranetServer/2" >< serv)exit(0);
    
     if(ereg(pattern:".*mod_ssl/(1.*|2\.([0-7]\..*|8\.([0-9]|1[0-8])[^0-9])).*", string:serv))
     {
       security_hole(port);
     }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0523.NASL
    descriptionRed Hat Network Proxy Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Proxy Server components. This update has been rated as having low security impact by the Red Hat Security Response Team. The Red Hat Network Proxy Server 4.2.3 release corrects several security vulnerabilities in several shipped components. In a typical operating environment, these components are not exposed to users of Proxy Server in a vulnerable manner. These security updates will reduce risk in unique Proxy Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting or denial-of-service attack. (CVE-2007-6388, CVE-2007-5000, CVE-2007-4465, CVE-2007-3304, CVE-2006-5752, CVE-2006-3918, CVE-2005-3352) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) Multiple flaws in mod_ssl. (CVE-2004-0488, CVE-2004-0700, CVE-2004-0885) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Users of Red Hat Network Proxy Server 4.2 are advised to upgrade to 4.2.3, which resolves these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id63857
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63857
    titleRHEL 3 / 4 : Proxy Server (RHSA-2008:0523)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-177-1.NASL
    descriptionApache did not honour the
    last seen2020-06-01
    modified2020-06-02
    plugin id20587
    published2006-01-15
    reporterUbuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20587
    titleUbuntu 4.10 / 5.04 : apache2, libapache-mod-ssl vulnerabilities (USN-177-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-532.NASL
    descriptionTwo vulnerabilities were discovered in libapache-mod-ssl : - CAN-2004-0488 Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN. - CAN-2004-0700 Format string vulnerability in the ssl_log function in ssl_engine_log.c in mod_ssl 2.8.19 for Apache 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS.
    last seen2020-06-01
    modified2020-06-02
    plugin id15369
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15369
    titleDebian DSA-532-2 : libapache-mod-ssl - several vulnerabilities
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2004-075.NASL
    descriptionRalf S. Engelschall found a remaining risky call to ssl_log while reviewing code for another issue reported by Virulent. The updated packages are patched to correct the problem.
    last seen2020-06-01
    modified2020-06-02
    plugin id14173
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14173
    titleMandrake Linux Security Advisory : mod_ssl (MDKSA-2004:075)

Redhat

advisories
  • rhsa
    idRHSA-2004:405
  • rhsa
    idRHSA-2004:408
rpms
  • jabberd-0:2.0s10-3.37.rhn
  • jabberd-0:2.0s10-3.38.rhn
  • rhn-apache-0:1.3.27-36.rhn.rhel3
  • rhn-apache-0:1.3.27-36.rhn.rhel4
  • rhn-modperl-0:1.29-16.rhel3
  • rhn-modperl-0:1.29-16.rhel4