Vulnerabilities > CVE-2007-3304

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."

Vulnerable Configurations

Part Description Count
Application
Apache
112
OS
Fedoraproject
1
OS
Redhat
3
OS
Canonical
3

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0261.NASL
    descriptionRed Hat Network Satellite Server version 5.0.2 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. During an internal security review, a cross-site scripting flaw was found that affected the Red Hat Network channel search feature. (CVE-2007-5961) This release also corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting, denial-of-service, or information disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306) Multiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) Two arbitrary code execution flaws were fixed in the OpenMotif package. (CVE-2005-3964, CVE-2005-0605) A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898) Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128, CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510) Users of Red Hat Network Satellite Server 5.0 are advised to upgrade to 5.0.2, which resolves these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43835
    published2010-01-10
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43835
    titleRHEL 4 : Satellite Server (RHSA-2008:0261)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2008:0261. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(43835);
      script_version ("1.27");
      script_cvs_date("Date: 2019/10/25 13:36:13");
    
      script_cve_id("CVE-2004-0885", "CVE-2005-0605", "CVE-2005-2090", "CVE-2005-3510", "CVE-2005-3964", "CVE-2005-4838", "CVE-2006-0254", "CVE-2006-0898", "CVE-2006-1329", "CVE-2006-3835", "CVE-2006-5752", "CVE-2006-7195", "CVE-2006-7196", "CVE-2006-7197", "CVE-2007-0243", "CVE-2007-0450", "CVE-2007-1349", "CVE-2007-1355", "CVE-2007-1358", "CVE-2007-1860", "CVE-2007-2435", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-2788", "CVE-2007-2789", "CVE-2007-3304", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-4465", "CVE-2007-5000", "CVE-2007-5461", "CVE-2007-5961", "CVE-2007-6306", "CVE-2007-6388", "CVE-2008-0128");
      script_bugtraq_id(15325, 16802, 19106, 22085, 22960, 23192, 24004, 24147, 24215, 24475, 24476, 24524, 24645, 25316, 25531, 25653, 26070, 26752, 26838, 27237, 27365, 28481);
      script_xref(name:"RHSA", value:"2008:0261");
    
      script_name(english:"RHEL 4 : Satellite Server (RHSA-2008:0261)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Red Hat Network Satellite Server version 5.0.2 is now available. This
    update includes fixes for a number of security issues in Red Hat
    Network Satellite Server components.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    During an internal security review, a cross-site scripting flaw was
    found that affected the Red Hat Network channel search feature.
    (CVE-2007-5961)
    
    This release also corrects several security vulnerabilities in various
    components shipped as part of the Red Hat Network Satellite Server. In
    a typical operating environment, these components are not exposed to
    users of Satellite Server in a vulnerable manner. These security
    updates will reduce risk in unique Satellite Server environments.
    
    Multiple flaws were fixed in the Apache HTTPD server. These flaws
    could result in a cross-site scripting, denial-of-service, or
    information disclosure attacks. (CVE-2004-0885, CVE-2006-5752,
    CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465,
    CVE-2007-5000, CVE-2007-6388)
    
    A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)
    
    A denial-of-service flaw was fixed in the jabberd server.
    (CVE-2006-1329)
    
    Multiple cross-site scripting flaws were fixed in the image map
    feature in the JFreeChart package. (CVE-2007-6306)
    
    Multiple flaws were fixed in the IBM Java 1.4.2 Runtime.
    (CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789)
    
    Two arbitrary code execution flaws were fixed in the OpenMotif
    package. (CVE-2005-3964, CVE-2005-0605)
    
    A flaw which could result in weak encryption was fixed in the
    perl-Crypt-CBC package. (CVE-2006-0898)
    
    Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128,
    CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358,
    CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450,
    CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254,
    CVE-2005-2090, CVE-2005-4838, CVE-2005-3510)
    
    Users of Red Hat Network Satellite Server 5.0 are advised to upgrade
    to 5.0.2, which resolves these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0885"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-0605"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-2090"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-3510"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-3964"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-4838"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-0254"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-0898"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-1329"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-3835"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-5752"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-7195"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-7196"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-7197"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-0243"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-0450"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-1349"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-1355"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-1358"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-1860"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-2435"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-2449"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-2450"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-2788"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-2789"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-3304"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-3382"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-3385"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-4465"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-5000"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-5461"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-5961"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-6306"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-6388"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-0128"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2008:0261"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_cwe_id(16, 20, 22, 79, 119, 189, 200, 264, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jabberd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jfreechart");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openmotif21");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Crypt-CBC");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhn-apache");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhn-modjk-ap13");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhn-modperl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhn-modssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2004/11/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/05/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/10");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2008:0261";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
    
      if (! (rpm_exists(release:"RHEL4", rpm:"rhns-app-"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "Satellite Server");
    
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"jabberd-2.0s10-3.38.rhn")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"java-1.4.2-ibm-1.4.2.10-1jpp.2.el4")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jfreechart-0.9.20-3.rhn")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"openmotif21-2.1.30-11.RHEL4.6")) flag++;
      if (rpm_check(release:"RHEL4", reference:"perl-Crypt-CBC-2.24-1.el4")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"rhn-apache-1.3.27-36.rhn.rhel4")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"rhn-modjk-ap13-1.2.23-2rhn.rhel4")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"rhn-modperl-1.29-16.rhel4")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"rhn-modssl-2.8.12-8.rhn.10.rhel4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"tomcat5-5.0.30-0jpp_10rh")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "jabberd / java-1.4.2-ibm / java-1.4.2-ibm-devel / jfreechart / etc");
      }
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20070713_HTTPD_ON_SL4_X.NASL
    descriptionThe Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service. (CVE-2007-3304).
    last seen2020-06-01
    modified2020-06-02
    plugin id60226
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60226
    titleScientific Linux Security Update : httpd on SL4.x, SL3.x i386/x86_64
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(60226);
      script_version("1.4");
      script_cvs_date("Date: 2019/10/25 13:36:17");
    
      script_cve_id("CVE-2007-3304");
    
      script_name(english:"Scientific Linux Security Update : httpd on SL4.x, SL3.x i386/x86_64");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The Apache HTTP Server did not verify that a process was an Apache
    child process before sending it signals. A local attacker with the
    ability to run scripts on the Apache HTTP Server could manipulate the
    scoreboard and cause arbitrary processes to be terminated which could
    lead to a denial of service. (CVE-2007-3304)."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0707&L=scientific-linux-errata&T=0&P=1294
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?c319d177"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/07/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL3", reference:"httpd-2.0.46-68.sl3")) flag++;
    if (rpm_check(release:"SL3", reference:"httpd-devel-2.0.46-68.sl3")) flag++;
    if (rpm_check(release:"SL3", reference:"mod_ssl-2.0.46-68.sl3")) flag++;
    
    if (rpm_check(release:"SL4", reference:"httpd-2.0.52-32.3.sl4")) flag++;
    if (rpm_check(release:"SL4", reference:"httpd-devel-2.0.52-32.3.sl4")) flag++;
    if (rpm_check(release:"SL4", reference:"httpd-manual-2.0.52-32.3.sl4")) flag++;
    if (rpm_check(release:"SL4", reference:"httpd-suexec-2.0.52-32.3.sl4")) flag++;
    if (rpm_check(release:"SL4", reference:"mod_ssl-2.0.52-32.3.sl4")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200711-06.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200711-06 (Apache: Multiple vulnerabilities) Multiple cross-site scripting vulnerabilities have been discovered in mod_status and mod_autoindex (CVE-2006-5752, CVE-2007-4465). An error has been discovered in the recall_headers() function in mod_mem_cache (CVE-2007-1862). The mod_cache module does not properly sanitize requests before processing them (CVE-2007-1863). The Prefork module does not properly check PID values before sending signals (CVE-2007-3304). The mod_proxy module does not correctly check headers before processing them (CVE-2007-3847). Impact : A remote attacker could exploit one of these vulnerabilities to inject arbitrary script or HTML content, obtain sensitive information or cause a Denial of Service. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id27823
    published2007-11-08
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27823
    titleGLSA-200711-06 : Apache: Multiple vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200711-06.
    #
    # The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(27823);
      script_version("1.18");
      script_cvs_date("Date: 2019/08/02 13:32:44");
    
      script_cve_id("CVE-2006-5752", "CVE-2007-1862", "CVE-2007-1863", "CVE-2007-3304", "CVE-2007-3847", "CVE-2007-4465");
      script_xref(name:"GLSA", value:"200711-06");
    
      script_name(english:"GLSA-200711-06 : Apache: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200711-06
    (Apache: Multiple vulnerabilities)
    
        Multiple cross-site scripting vulnerabilities have been discovered in
        mod_status and mod_autoindex (CVE-2006-5752, CVE-2007-4465). An error
        has been discovered in the recall_headers() function in mod_mem_cache
        (CVE-2007-1862). The mod_cache module does not properly sanitize
        requests before processing them (CVE-2007-1863). The Prefork module
        does not properly check PID values before sending signals
        (CVE-2007-3304). The mod_proxy module does not correctly check headers
        before processing them (CVE-2007-3847).
      
    Impact :
    
        A remote attacker could exploit one of these vulnerabilities to inject
        arbitrary script or HTML content, obtain sensitive information or cause
        a Denial of Service.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200711-06"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Apache users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=www-servers/apache-2.0.59-r5'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(79);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:apache");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/11/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/08");
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/02/06");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"www-servers/apache", unaffected:make_list("rge 2.0.59-r5", "ge 2.2.6"), vulnerable:make_list("lt 2.2.6"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Apache");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-617.NASL
    descriptionThe Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service (CVE-2007-3304). This issue is not exploitable on Fedora if using the default SELinux targeted policy. A flaw was found in the Apache HTTP Server mod_status module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. On Fedora the server-status page is not enabled by default and it is best practice to not make this publicly available. (CVE-2006-5752) A bug was found in the Apache HTTP Server mod_cache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-1863) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id25659
    published2007-07-03
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25659
    titleFedora Core 5 : httpd-2.2.2-1.3 (2007-617)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2007-617.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(25659);
      script_version ("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:26");
    
      script_xref(name:"FEDORA", value:"2007-617");
    
      script_name(english:"Fedora Core 5 : httpd-2.2.2-1.3 (2007-617)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora Core host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The Apache HTTP Server did not verify that a process was an Apache
    child process before sending it signals. A local attacker with the
    ability to run scripts on the Apache HTTP Server could manipulate the
    scoreboard and cause arbitrary processes to be terminated which could
    lead to a denial of service (CVE-2007-3304). This issue is not
    exploitable on Fedora if using the default SELinux targeted policy.
    
    A flaw was found in the Apache HTTP Server mod_status module. On sites
    where the server-status page is publicly accessible and ExtendedStatus
    is enabled this could lead to a cross-site scripting attack. On Fedora
    the server-status page is not enabled by default and it is best
    practice to not make this publicly available. (CVE-2006-5752)
    
    A bug was found in the Apache HTTP Server mod_cache module. On sites
    where caching is enabled, a remote attacker could send a carefully
    crafted request that would cause the Apache child process handling
    that request to crash. This could lead to a denial of service if using
    a threaded Multi-Processing Module. (CVE-2007-1863)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2007-July/002498.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?a50b800f"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_attribute(attribute:"risk_factor", value:"High");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:httpd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:httpd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:httpd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:httpd-manual");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mod_ssl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:5");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/07/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/07/03");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 5.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC5", reference:"httpd-2.2.2-1.3")) flag++;
    if (rpm_check(release:"FC5", reference:"httpd-debuginfo-2.2.2-1.3")) flag++;
    if (rpm_check(release:"FC5", reference:"httpd-devel-2.2.2-1.3")) flag++;
    if (rpm_check(release:"FC5", reference:"httpd-manual-2.2.2-1.3")) flag++;
    if (rpm_check(release:"FC5", reference:"mod_ssl-2.2.2-1.3")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd / httpd-debuginfo / httpd-devel / httpd-manual / mod_ssl");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0662.NASL
    descriptionUpdated Apache httpd packages that correct a security issue are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service. (CVE-2007-3304). Users of httpd should upgrade to these updated packages, which contain backported patches to correct this issue. Users should restart Apache after installing this update.
    last seen2020-06-01
    modified2020-06-02
    plugin id25725
    published2007-07-18
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25725
    titleRHEL 3 / 4 : httpd (RHSA-2007:0662)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2007:0662. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(25725);
      script_version ("1.24");
      script_cvs_date("Date: 2019/10/25 13:36:12");
    
      script_cve_id("CVE-2007-3304");
      script_bugtraq_id(24215);
      script_xref(name:"RHSA", value:"2007:0662");
    
      script_name(english:"RHEL 3 / 4 : httpd (RHSA-2007:0662)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated Apache httpd packages that correct a security issue are now
    available for Red Hat Enterprise Linux 3 and 4.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    The Apache HTTP Server is a popular Web server.
    
    The Apache HTTP Server did not verify that a process was an Apache
    child process before sending it signals. A local attacker with the
    ability to run scripts on the Apache HTTP Server could manipulate the
    scoreboard and cause arbitrary processes to be terminated which could
    lead to a denial of service. (CVE-2007-3304).
    
    Users of httpd should upgrade to these updated packages, which contain
    backported patches to correct this issue. Users should restart Apache
    after installing this update."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-3304"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2007:0662"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-manual");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-suexec");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_ssl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/06/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/07/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/07/18");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x / 4.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2007:0662";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL3", reference:"httpd-2.0.46-68.ent")) flag++;
    
      if (rpm_check(release:"RHEL3", reference:"httpd-devel-2.0.46-68.ent")) flag++;
    
      if (rpm_check(release:"RHEL3", reference:"mod_ssl-2.0.46-68.ent")) flag++;
    
    
      if (rpm_check(release:"RHEL4", reference:"httpd-2.0.52-32.3.ent")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"httpd-devel-2.0.52-32.3.ent")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"httpd-manual-2.0.52-32.3.ent")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"httpd-suexec-2.0.52-32.3.ent")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"mod_ssl-2.0.52-32.3.ent")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd / httpd-devel / httpd-manual / httpd-suexec / mod_ssl");
      }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0263.NASL
    descriptionRed Hat Network Proxy Server version 5.0.2 is now available. This update includes fixes for a number of security issues in Red Hat Network Proxy Server components. This update has been rated as having low security impact by the Red Hat Security Response Team. The Red Hat Network Proxy Server 5.0.2 release corrects several security vulnerabilities in several shipped components. In a typical operating environment, these components are not exposed to users of Proxy Server in a vulnerable manner. These security updates will reduce risk in unique Proxy Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting or denial-of-service attack. (CVE-2007-6388, CVE-2007-5000, CVE-2007-3304, CVE-2006-5752) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Users of Red Hat Network Proxy Server 5.0 are advised to upgrade to 5.0.2, which resolves these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id63853
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63853
    titleRHEL 4 : Proxy Server (RHSA-2008:0263)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2008:0263. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(63853);
      script_version("1.10");
      script_cvs_date("Date: 2019/10/25 13:36:13");
    
      script_cve_id("CVE-2006-1329", "CVE-2006-5752", "CVE-2007-1349", "CVE-2007-3304", "CVE-2007-5000", "CVE-2007-6388");
      script_xref(name:"RHSA", value:"2008:0263");
    
      script_name(english:"RHEL 4 : Proxy Server (RHSA-2008:0263)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Red Hat Network Proxy Server version 5.0.2 is now available. This
    update includes fixes for a number of security issues in Red Hat
    Network Proxy Server components.
    
    This update has been rated as having low security impact by the Red
    Hat Security Response Team.
    
    The Red Hat Network Proxy Server 5.0.2 release corrects several
    security vulnerabilities in several shipped components. In a typical
    operating environment, these components are not exposed to users of
    Proxy Server in a vulnerable manner. These security updates will
    reduce risk in unique Proxy Server environments.
    
    Multiple flaws were fixed in the Apache HTTPD server. These flaws
    could result in a cross-site scripting or denial-of-service attack.
    (CVE-2007-6388, CVE-2007-5000, CVE-2007-3304, CVE-2006-5752)
    
    A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)
    
    A denial-of-service flaw was fixed in the jabberd server.
    (CVE-2006-1329)
    
    Users of Red Hat Network Proxy Server 5.0 are advised to upgrade to
    5.0.2, which resolves these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2006-1329.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2006-5752.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2007-1349.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2007-3304.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2007-5000.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2007-6388.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://rhn.redhat.com/errata/RHSA-2008-0263.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected jabberd, rhn-apache and / or rhn-modperl packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_cwe_id(79, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jabberd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhn-apache");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhn-modperl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/05/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    flag = 0;
    if (rpm_check(release:"RHEL4", cpu:"i386", reference:"jabberd-2.0s10-3.38.rhn")) flag++;
    if (rpm_check(release:"RHEL4", cpu:"i386", reference:"rhn-apache-1.3.27-36.rhn.rhel4")) flag++;
    if (rpm_check(release:"RHEL4", cpu:"i386", reference:"rhn-modperl-1.29-16.rhel4")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20070626_HTTPD_ON_SL5_X.NASL
    descriptionThe Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service (CVE-2007-3304). This issue is not exploitable on Scientific Linux 5 if using the default SELinux targeted policy. A flaw was found in the Apache HTTP Server mod_status module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. On Scientific Linux the server-status page is not enabled by default and it is best practice to not make this publicly available. (CVE-2006-5752) A bug was found in the Apache HTTP Server mod_cache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-1863)
    last seen2020-06-01
    modified2020-06-02
    plugin id60217
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60217
    titleScientific Linux Security Update : httpd on SL5.x, SL4.x i386/x86_64
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(60217);
      script_version("1.6");
      script_cvs_date("Date: 2019/10/25 13:36:17");
    
      script_cve_id("CVE-2006-5752", "CVE-2007-1863", "CVE-2007-3304");
    
      script_name(english:"Scientific Linux Security Update : httpd on SL5.x, SL4.x i386/x86_64");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The Apache HTTP Server did not verify that a process was an Apache
    child process before sending it signals. A local attacker with the
    ability to run scripts on the Apache HTTP Server could manipulate the
    scoreboard and cause arbitrary processes to be terminated which could
    lead to a denial of service (CVE-2007-3304). This issue is not
    exploitable on Scientific Linux 5 if using the default SELinux
    targeted policy.
    
    A flaw was found in the Apache HTTP Server mod_status module. On sites
    where the server-status page is publicly accessible and ExtendedStatus
    is enabled this could lead to a cross-site scripting attack. On
    Scientific Linux the server-status page is not enabled by default and
    it is best practice to not make this publicly available.
    (CVE-2006-5752)
    
    A bug was found in the Apache HTTP Server mod_cache module. On sites
    where caching is enabled, a remote attacker could send a carefully
    crafted request that would cause the Apache child process handling
    that request to crash. This could lead to a denial of service if using
    a threaded Multi-Processing Module. (CVE-2007-1863)"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0706&L=scientific-linux-errata&T=0&P=4157
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?fad32c32"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/06/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL4", reference:"httpd-2.0.52-32.2.sl4")) flag++;
    if (rpm_check(release:"SL4", reference:"httpd-devel-2.0.52-32.2.sl4")) flag++;
    if (rpm_check(release:"SL4", reference:"httpd-manual-2.0.52-32.2.sl4")) flag++;
    if (rpm_check(release:"SL4", reference:"httpd-suexec-2.0.52-32.2.sl4")) flag++;
    if (rpm_check(release:"SL4", reference:"mod_ssl-2.0.52-32.2.sl4")) flag++;
    
    if (rpm_check(release:"SL5", reference:"httpd-2.2.3-7.sl5")) flag++;
    if (rpm_check(release:"SL5", reference:"httpd-devel-2.2.3-7.sl5")) flag++;
    if (rpm_check(release:"SL5", reference:"httpd-manual-2.2.3-7.sl5")) flag++;
    if (rpm_check(release:"SL5", reference:"mod_ssl-2.2.3-7.sl5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0523.NASL
    descriptionRed Hat Network Proxy Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Proxy Server components. This update has been rated as having low security impact by the Red Hat Security Response Team. The Red Hat Network Proxy Server 4.2.3 release corrects several security vulnerabilities in several shipped components. In a typical operating environment, these components are not exposed to users of Proxy Server in a vulnerable manner. These security updates will reduce risk in unique Proxy Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting or denial-of-service attack. (CVE-2007-6388, CVE-2007-5000, CVE-2007-4465, CVE-2007-3304, CVE-2006-5752, CVE-2006-3918, CVE-2005-3352) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) Multiple flaws in mod_ssl. (CVE-2004-0488, CVE-2004-0700, CVE-2004-0885) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Users of Red Hat Network Proxy Server 4.2 are advised to upgrade to 4.2.3, which resolves these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id63857
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63857
    titleRHEL 3 / 4 : Proxy Server (RHSA-2008:0523)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0556.NASL
    descriptionFrom Red Hat Security Advisory 2007:0556 : Updated Apache httpd packages that correct three security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service (CVE-2007-3304). This issue is not exploitable on Red Hat Enterprise Linux 5 if using the default SELinux targeted policy. A flaw was found in the Apache HTTP Server mod_status module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. On Red Hat Enterprise Linux the server-status page is not enabled by default and it is best practice to not make this publicly available. (CVE-2006-5752) A bug was found in the Apache HTTP Server mod_cache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-1863) Users of httpd should upgrade to these updated packages, which contain backported patches to correct these issues. Users should restart Apache after installing this update.
    last seen2020-06-01
    modified2020-06-02
    plugin id67533
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67533
    titleOracle Linux 5 : httpd (ELSA-2007-0556)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0532.NASL
    descriptionUpdated Apache httpd packages that correct two security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker who has the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated, which could lead to a denial of service. (CVE-2007-3304) A flaw was found in the Apache HTTP Server mod_status module. Sites with the server-status page publicly accessible and ExtendedStatus enabled were vulnerable to a cross-site scripting attack. On Red Hat Enterprise Linux the server-status page is not enabled by default and it is best practice to not make this publicly available. (CVE-2006-5752) Users of Apache should upgrade to these updated packages, which contain backported patches to correct these issues. Users should restart Apache after installing this update.
    last seen2020-06-01
    modified2020-06-02
    plugin id25608
    published2007-06-27
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25608
    titleRHEL 2.1 : apache (RHSA-2007:0532)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-0662.NASL
    descriptionUpdated Apache httpd packages that correct a security issue are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service. (CVE-2007-3304). Users of httpd should upgrade to these updated packages, which contain backported patches to correct this issue. Users should restart Apache after installing this update.
    last seen2020-06-01
    modified2020-06-02
    plugin id25713
    published2007-07-18
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25713
    titleCentOS 3 / 4 : httpd (CESA-2007:0662)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_APACHE2-4666.NASL
    descriptionSeveral bugs were fixed in the Apache2 webserver : These include the following security issues : - CVE-2006-5752: mod_status: Fix a possible XSS attack against a site with a public server-status page and ExtendedStatus enabled, for browsers which perform charset
    last seen2020-06-01
    modified2020-06-02
    plugin id28282
    published2007-11-20
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/28282
    titleopenSUSE 10 Security Update : apache2 (apache2-4666)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-2214.NASL
    descriptionThis update includes the latest stable release of the Apache HTTP Server. A flaw was found in the Apache HTTP Server mod_proxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker could cause a similar crash if a user could be persuaded to visit a malicious site using the proxy. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-3847) A flaw was found in the mod_autoindex module. On sites where directory listings are used, and the AddDefaultCharset directive has been removed from the configuration, a cross-site-scripting attack may be possible against browsers which do not correctly derive the response character set following the rules in RFC 2616. (CVE-2007-4465) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27758
    published2007-11-06
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27758
    titleFedora 7 : httpd-2.2.6-1.fc7 (2007-2214)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-499-1.NASL
    descriptionStefan Esser discovered that mod_status did not force a character set, which could result in browsers becoming vulnerable to XSS attacks when processing the output. If a user were tricked into viewing server status output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. By default, mod_status is disabled in Ubuntu. (CVE-2006-5752) Niklas Edmundsson discovered that the mod_cache module could be made to crash using a specially crafted request. A remote user could use this to cause a denial of service if Apache was configured to use a threaded worker. By default, mod_cache is disabled in Ubuntu. (CVE-2007-1863) A flaw was discovered in the signal handling of Apache. A local attacker could trick Apache into sending SIGUSR1 to other processes. The vulnerable code was only present in Ubuntu Feisty. (CVE-2007-3304). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id28102
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28102
    titleUbuntu 6.06 LTS / 6.10 / 7.04 : apache2 vulnerabilities (USN-499-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0524.NASL
    descriptionRed Hat Network Satellite Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having low security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server 4.2. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting, denial-of-service, or information disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306) Multiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) Multiple flaws were fixed in the OpenMotif package. (CVE-2004-0687, CVE-2004-0688, CVE-2004-0914, CVE-2005-3964, CVE-2005-0605) A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898) Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128, CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510) Users of Red Hat Network Satellite Server 4.2 are advised to upgrade to 4.2.3, which resolves these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43837
    published2010-01-10
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43837
    titleRHEL 3 / 4 : Satellite Server (RHSA-2008:0524)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_APACHE2-4669.NASL
    descriptionSeveral bugs were fixed in the Apache2 webserver : These include the following security issues : - mod_status: Fix a possible XSS attack against a site with a public server-status page and ExtendedStatus enabled, for browsers which perform charset
    last seen2020-06-01
    modified2020-06-02
    plugin id29373
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29373
    titleSuSE 10 Security Update : apache2 (ZYPP Patch Number 4669)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-0704.NASL
    descriptionThe Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service (CVE-2007-3304). This issue is not exploitable on Fedora if using the default SELinux targeted policy. A flaw was found in the Apache HTTP Server mod_status module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. On Fedora the server-status page is not enabled by default and it is best practice to not make this publicly available. (CVE-2006-5752) A bug was found in the Apache HTTP Server mod_cache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-1863) A bug was found in the mod_mem_cache module. On sites where caching is enabled using this module, an information leak could occur which revealed portions of sensitive memory to remote users. (CVE-2007-1862) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27675
    published2007-11-06
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27675
    titleFedora 7 : httpd-2.2.4-4.1.fc7 (2007-0704)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-615.NASL
    descriptionThe Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service (CVE-2007-3304). This issue is not exploitable on Fedora if using the default SELinux targeted policy. A flaw was found in the Apache HTTP Server mod_status module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. On Fedora the server-status page is not enabled by default and it is best practice to not make this publicly available. (CVE-2006-5752) A bug was found in the Apache HTTP Server mod_cache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-1863) A bug was found in the mod_mem_cache module. On sites where caching is enabled using this module, an information leak could occur which revealed portions of sensitive memory to remote users. (CVE-2007-1862) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id25716
    published2007-07-18
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25716
    titleFedora Core 6 : httpd-2.2.4-2.1.fc6 (2007-615)
  • NASL familyWeb Servers
    NASL idAPACHE_2_2_6.NASL
    descriptionAccording to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.6. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability in mod_proxy. - A cross-site scripting vulnerability in mod_status. - A local denial of service vulnerability associated with the Prefork MPM module. - An information leak in mod_cache. - A denial of service vulnerability in mod_cache. In addition, it offers a workaround for a cross-site scripting issue in mod_autoindex. Note that the remote web server may not actually be affected by these vulnerabilities. Nessus did not try to determine whether any of the affected modules are in use on the remote server or to check for the issues themselves.
    last seen2020-06-01
    modified2020-06-02
    plugin id26023
    published2007-09-14
    reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/26023
    titleApache 2.2.x < 2.2.6 Multiple Vulnerabilities (DoS, XSS, Info Disc)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-0556.NASL
    descriptionUpdated Apache httpd packages that correct three security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service (CVE-2007-3304). This issue is not exploitable on Red Hat Enterprise Linux 5 if using the default SELinux targeted policy. A flaw was found in the Apache HTTP Server mod_status module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. On Red Hat Enterprise Linux the server-status page is not enabled by default and it is best practice to not make this publicly available. (CVE-2006-5752) A bug was found in the Apache HTTP Server mod_cache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-1863) Users of httpd should upgrade to these updated packages, which contain backported patches to correct these issues. Users should restart Apache after installing this update.
    last seen2020-06-01
    modified2020-06-02
    plugin id25579
    published2007-06-27
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25579
    titleCentOS 5 : httpd (CESA-2007:0556)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0662.NASL
    descriptionFrom Red Hat Security Advisory 2007:0662 : Updated Apache httpd packages that correct a security issue are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service. (CVE-2007-3304). Users of httpd should upgrade to these updated packages, which contain backported patches to correct this issue. Users should restart Apache after installing this update.
    last seen2020-06-01
    modified2020-06-02
    plugin id67539
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67539
    titleOracle Linux 3 / 4 : httpd (ELSA-2007-0662)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_C115271D602B11DC898C001921AB2FA4.NASL
    descriptionApache HTTP server project reports : The following potential security flaws are addressed : - CVE-2007-3847: mod_proxy: Prevent reading past the end of a buffer when parsing date-related headers. - CVE-2007-1863: mod_cache: Prevent a segmentation fault if attributes are listed in a Cache-Control header without any value. - CVE-2007-3304: prefork, worker, event MPMs: Ensure that the parent process cannot be forced to kill processes outside its process group. - CVE-2006-5752: mod_status: Fix a possible XSS attack against a site with a public server-status page and ExtendedStatus enabled, for browsers which perform charset
    last seen2020-06-01
    modified2020-06-02
    plugin id26039
    published2007-09-14
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/26039
    titleFreeBSD : apache -- multiple vulnerabilities (c115271d-602b-11dc-898c-001921ab2fa4)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-140.NASL
    descriptionA vulnerability was discovered in the the Apache mod_status module that could lead to a cross-site scripting attack on sites where the server-status page was publically accessible and ExtendedStatus was enabled (CVE-2006-5752). A vulnerability was found in the Apache mod_cache module that could cause the httpd server child process to crash if it was sent a carefully crafted request. This could lead to a denial of service if using a threaded MPM (CVE-2007-1863). The Apache server also did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the server could manipulate the scoreboard and cause arbitrary processes to be terminated (CVE-2007-3304). Updated packages have been patched to prevent the above issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id25670
    published2007-07-05
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25670
    titleMandrake Linux Security Advisory : apache (MDKSA-2007:140)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0556.NASL
    descriptionUpdated Apache httpd packages that correct three security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service (CVE-2007-3304). This issue is not exploitable on Red Hat Enterprise Linux 5 if using the default SELinux targeted policy. A flaw was found in the Apache HTTP Server mod_status module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. On Red Hat Enterprise Linux the server-status page is not enabled by default and it is best practice to not make this publicly available. (CVE-2006-5752) A bug was found in the Apache HTTP Server mod_cache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-1863) Users of httpd should upgrade to these updated packages, which contain backported patches to correct these issues. Users should restart Apache after installing this update.
    last seen2020-06-01
    modified2020-06-02
    plugin id25610
    published2007-06-27
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25610
    titleRHEL 5 : httpd (RHSA-2007:0556)

Oval

accepted2013-04-29T04:14:49.970-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionApache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
familyunix
idoval:org.mitre.oval:def:11589
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleApache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
version27

Redhat

advisories
  • bugzilla
    id245112
    titleCVE-2006-5752 httpd mod_status XSS
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commenthttpd is earlier than 0:2.2.3-7.el5
            ovaloval:com.redhat.rhsa:tst:20070556001
          • commenthttpd is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070556002
        • AND
          • commenthttpd-manual is earlier than 0:2.2.3-7.el5
            ovaloval:com.redhat.rhsa:tst:20070556003
          • commenthttpd-manual is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070556004
        • AND
          • commenthttpd-devel is earlier than 0:2.2.3-7.el5
            ovaloval:com.redhat.rhsa:tst:20070556005
          • commenthttpd-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070556006
        • AND
          • commentmod_ssl is earlier than 1:2.2.3-7.el5
            ovaloval:com.redhat.rhsa:tst:20070556007
          • commentmod_ssl is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070556008
    rhsa
    idRHSA-2007:0556
    released2007-06-26
    severityModerate
    titleRHSA-2007:0556: httpd security update (Moderate)
  • bugzilla
    id245111
    titleCVE-2007-3304 httpd scoreboard lack of PID protection
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • commenthttpd is earlier than 0:2.0.52-32.3.ent
            ovaloval:com.redhat.rhsa:tst:20070662001
          • commenthttpd is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060159006
        • AND
          • commenthttpd-devel is earlier than 0:2.0.52-32.3.ent
            ovaloval:com.redhat.rhsa:tst:20070662003
          • commenthttpd-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060159008
        • AND
          • commenthttpd-suexec is earlier than 0:2.0.52-32.3.ent
            ovaloval:com.redhat.rhsa:tst:20070662005
          • commenthttpd-suexec is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060159002
        • AND
          • commentmod_ssl is earlier than 1:2.0.52-32.3.ent
            ovaloval:com.redhat.rhsa:tst:20070662007
          • commentmod_ssl is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060159010
        • AND
          • commenthttpd-manual is earlier than 0:2.0.52-32.3.ent
            ovaloval:com.redhat.rhsa:tst:20070662009
          • commenthttpd-manual is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060159004
    rhsa
    idRHSA-2007:0662
    released2008-01-07
    severityModerate
    titleRHSA-2007:0662: httpd security update (Moderate)
  • rhsa
    idRHSA-2007:0532
  • rhsa
    idRHSA-2007:0557
  • rhsa
    idRHSA-2008:0261
rpms
  • apache-0:1.3.27-12.ent
  • apache-devel-0:1.3.27-12.ent
  • apache-manual-0:1.3.27-12.ent
  • httpd-0:2.2.3-7.el5
  • httpd-debuginfo-0:2.2.3-7.el5
  • httpd-devel-0:2.2.3-7.el5
  • httpd-manual-0:2.2.3-7.el5
  • mod_ssl-1:2.2.3-7.el5
  • httpd-0:2.0.59-1.el4s1.7
  • httpd-debuginfo-0:2.0.59-1.el4s1.7
  • httpd-devel-0:2.0.59-1.el4s1.7
  • httpd-manual-0:2.0.59-1.el4s1.7
  • mod_ssl-1:2.0.59-1.el4s1.7
  • httpd-0:2.0.46-68.ent
  • httpd-0:2.0.52-32.3.ent
  • httpd-debuginfo-0:2.0.46-68.ent
  • httpd-debuginfo-0:2.0.52-32.3.ent
  • httpd-devel-0:2.0.46-68.ent
  • httpd-devel-0:2.0.52-32.3.ent
  • httpd-manual-0:2.0.52-32.3.ent
  • httpd-suexec-0:2.0.52-32.3.ent
  • mod_ssl-1:2.0.46-68.ent
  • mod_ssl-1:2.0.52-32.3.ent
  • jabberd-0:2.0s10-3.38.rhn
  • java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4
  • java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4
  • jfreechart-0:0.9.20-3.rhn
  • openmotif21-0:2.1.30-11.RHEL4.6
  • openmotif21-debuginfo-0:2.1.30-11.RHEL4.6
  • perl-Crypt-CBC-0:2.24-1.el4
  • rhn-apache-0:1.3.27-36.rhn.rhel4
  • rhn-modjk-ap13-0:1.2.23-2rhn.rhel4
  • rhn-modperl-0:1.29-16.rhel4
  • rhn-modssl-0:2.8.12-8.rhn.10.rhel4
  • tomcat5-0:5.0.30-0jpp_10rh
  • jabberd-0:2.0s10-3.38.rhn
  • rhn-apache-0:1.3.27-36.rhn.rhel4
  • rhn-modperl-0:1.29-16.rhel4
  • jabberd-0:2.0s10-3.37.rhn
  • jabberd-0:2.0s10-3.38.rhn
  • rhn-apache-0:1.3.27-36.rhn.rhel3
  • rhn-apache-0:1.3.27-36.rhn.rhel4
  • rhn-modperl-0:1.29-16.rhel3
  • rhn-modperl-0:1.29-16.rhel4
  • jabberd-0:2.0s10-3.37.rhn
  • jabberd-0:2.0s10-3.38.rhn
  • java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3
  • java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4
  • java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3
  • java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4
  • jfreechart-0:0.9.20-3.rhn
  • openmotif21-0:2.1.30-11.RHEL4.6
  • openmotif21-0:2.1.30-9.RHEL3.8
  • openmotif21-debuginfo-0:2.1.30-11.RHEL4.6
  • openmotif21-debuginfo-0:2.1.30-9.RHEL3.8
  • perl-Crypt-CBC-0:2.24-1.el3
  • perl-Crypt-CBC-0:2.24-1.el4
  • rhn-apache-0:1.3.27-36.rhn.rhel3
  • rhn-apache-0:1.3.27-36.rhn.rhel4
  • rhn-modjk-ap13-0:1.2.23-2rhn.rhel3
  • rhn-modjk-ap13-0:1.2.23-2rhn.rhel4
  • rhn-modperl-0:1.29-16.rhel3
  • rhn-modperl-0:1.29-16.rhel4
  • rhn-modssl-0:2.8.12-8.rhn.10.rhel3
  • rhn-modssl-0:2.8.12-8.rhn.10.rhel4
  • tomcat5-0:5.0.30-0jpp_10rh
  • ant-0:1.6.5-1jpp_1rh
  • avalon-logkit-0:1.2-2jpp_4rh
  • axis-0:1.2.1-1jpp_3rh
  • classpathx-jaf-0:1.0-2jpp_6rh
  • classpathx-mail-0:1.1.1-2jpp_8rh
  • geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh
  • geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh
  • geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh
  • geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh
  • geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh
  • geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh
  • geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh
  • geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh
  • geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh
  • geronimo-specs-0:1.0-0.M4.1jpp_10rh
  • geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh
  • jakarta-commons-modeler-0:2.0-3jpp_2rh
  • log4j-0:1.2.12-1jpp_1rh
  • mx4j-1:3.0.1-1jpp_4rh
  • pcsc-lite-0:1.3.3-3.el4
  • pcsc-lite-debuginfo-0:1.3.3-3.el4
  • pcsc-lite-doc-0:1.3.3-3.el4
  • pcsc-lite-libs-0:1.3.3-3.el4
  • rhpki-ca-0:7.3.0-20.el4
  • rhpki-java-tools-0:7.3.0-10.el4
  • rhpki-kra-0:7.3.0-14.el4
  • rhpki-manage-0:7.3.0-19.el4
  • rhpki-native-tools-0:7.3.0-6.el4
  • rhpki-ocsp-0:7.3.0-13.el4
  • rhpki-tks-0:7.3.0-13.el4
  • tomcat5-0:5.5.23-0jpp_4rh.16
  • tomcat5-common-lib-0:5.5.23-0jpp_4rh.16
  • tomcat5-jasper-0:5.5.23-0jpp_4rh.16
  • tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16
  • tomcat5-server-lib-0:5.5.23-0jpp_4rh.16
  • tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16
  • xerces-j2-0:2.7.1-1jpp_1rh
  • xml-commons-0:1.3.02-2jpp_1rh
  • xml-commons-apis-0:1.3.02-2jpp_1rh

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 24215 CVE(CAN) ID: CVE-2007-3304 Apache HTTP Server是一款流行的Web服务器。 Apache HTTP Server Worker进程实现上存在多个漏洞,本地攻击者可能利用这些漏洞导致服务不可用。 在发送信号之前Apache HTTP Server没有验证进程为Apache子进程。能够在Apache HTTP Server上运行脚本的本地攻击者可以控制记分板并终止任意进程,导致拒绝服务。 如果Apache httpd安装了Prefork MPM模块的话,本地攻击者就可以修改worker_score和process_score数组使其引用任意进程ID,主进程向其发送了SIGUSR1信号的话就会导致拒绝服务。 Apache Group Apache 2.2.4 Apache Group Apache 2.0.59 Apache Group Apache 1.3.37 厂商补丁: Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href="http://svn.apache.org/viewvc?view=rev&revision=547987" target="_blank">http://svn.apache.org/viewvc?view=rev&revision=547987</a> RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2007:0662-01)以及相应补丁: RHSA-2007:0662-01:Moderate: httpd security update 链接:<a href="https://www.redhat.com/support/errata/RHSA-2007-0662.html" target="_blank">https://www.redhat.com/support/errata/RHSA-2007-0662.html</a> SGI --- SGI已经为此发布了一个安全公告(20070701-01-P)以及相应补丁: 20070701-01-P:SGI Advanced Linux Environment 3 Security Update #78 链接:<a href="ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc" target="_blank">ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc</a>
idSSV:2174
last seen2017-11-19
modified2007-08-29
published2007-08-29
reporterRoot
titleApache HTTP Server Worker进程多个本地拒绝服务漏洞

Statements

contributorMark J Cox
lastmodified2008-07-02
organizationApache
statementFixed in Apache HTTP Server 2.2.6, 2.0.61, and 1.3.39: http://httpd.apache.org/security/vulnerabilities_22.html http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_13.html

References