Vulnerabilities > CVE-2006-0042 - Denial of Service vulnerability in Apache Libapreq2 Quadratic Behavior
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers to cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
Vulnerable Configurations
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200604-08.NASL description The remote host is affected by the vulnerability described in GLSA-200604-08 (libapreq2: Denial of Service vulnerability) A vulnerability has been reported in the apreq_parse_headers() and apreq_parse_urlencoded() functions of Apache2::Request. Impact : A remote attacker could possibly exploit the vulnerability to cause a Denial of Service by CPU consumption. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 21254 published 2006-04-21 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21254 title GLSA-200604-08 : libapreq2: Denial of Service vulnerability code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200604-08. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(21254); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:43"); script_cve_id("CVE-2006-0042"); script_xref(name:"GLSA", value:"200604-08"); script_name(english:"GLSA-200604-08 : libapreq2: Denial of Service vulnerability"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200604-08 (libapreq2: Denial of Service vulnerability) A vulnerability has been reported in the apreq_parse_headers() and apreq_parse_urlencoded() functions of Apache2::Request. Impact : A remote attacker could possibly exploit the vulnerability to cause a Denial of Service by CPU consumption. Workaround : There is no known workaround at this time." ); # http://svn.apache.org/viewcvs.cgi/httpd/apreq/tags/v2_07/CHANGES?rev=376998&view=markup script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2762e917" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200604-08" ); script_set_attribute( attribute:"solution", value: "All libapreq2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-apache/libapreq2-2.07'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:libapreq2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2006/04/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/04/21"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/02/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-apache/libapreq2", unaffected:make_list("ge 2.07"), vulnerable:make_list("lt 2.07"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libapreq2"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1000.NASL description Gunnar Wolf noticed that the correction for the following problem was not complete and requires an update. For completeness we last seen 2020-06-01 modified 2020-06-02 plugin id 22542 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22542 title Debian DSA-1000-2 : libapreq2-perl - design error code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1000. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(22542); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:19"); script_cve_id("CVE-2006-0042"); script_bugtraq_id(16710); script_xref(name:"DSA", value:"1000"); script_name(english:"Debian DSA-1000-2 : libapreq2-perl - design error"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Gunnar Wolf noticed that the correction for the following problem was not complete and requires an update. For completeness we're providing the original problem description : An algorithm weakness has been discovered in Apache2::Request, the generic request library for Apache2 which can be exploited remotely and cause a denial of service via CPU consumption." ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=354060" ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=358689" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2006/dsa-1000" ); script_set_attribute( attribute:"solution", value: "Upgrade the libapreq2, libapache2-mod-apreq2 and libapache2-request-perl packages. The old stable distribution (woody) does not contain this package. For the stable distribution (sarge) this problem has been fixed in version 2.04-dev-1sarge2." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libapreq2-perl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/02/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"libapache2-request-perl", reference:"2.04-dev-1sarge2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
References
- http://secunia.com/advisories/18846
- http://secunia.com/advisories/19139
- http://secunia.com/advisories/19658
- http://securityreason.com/securityalert/737
- http://svn.apache.org/viewcvs.cgi/httpd/apreq/tags/v2_07/CHANGES?rev=376998&view=markup
- http://www.debian.org/security/2006/dsa-1000
- http://www.gentoo.org/security/en/glsa/glsa-200604-08.xml
- http://www.securityfocus.com/bid/16710
- http://www.vupen.com/english/advisories/2006/0645
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24917