Vulnerabilities > CVE-2010-1452 - Unspecified vulnerability in Apache Http Server

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
apache
nessus

Summary

The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1021-1.NASL
    descriptionIt was discovered that Apache
    last seen2020-06-01
    modified2020-06-02
    plugin id50823
    published2010-11-28
    reporterUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/50823
    titleUbuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : apache2 vulnerabilities (USN-1021-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1021-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(50823);
      script_version("1.12");
      script_cvs_date("Date: 2019/09/19 12:54:26");
    
      script_cve_id("CVE-2010-1452", "CVE-2010-1623");
      script_bugtraq_id(41963, 43673);
      script_xref(name:"USN", value:"1021-1");
    
      script_name(english:"Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : apache2 vulnerabilities (USN-1021-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that Apache's mod_cache and mod_dav modules
    incorrectly handled requests that lacked a path. A remote attacker
    could exploit this with a crafted request and cause a denial of
    service. This issue affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04
    LTS. (CVE-2010-1452)
    
    It was discovered that Apache did not properly handle memory when
    destroying APR buckets. A remote attacker could exploit this with
    crafted requests and cause a denial of service via memory exhaustion.
    This issue affected Ubuntu 6.06 LTS and 10.10. (CVE-2010-1623).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/1021-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-event");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-itk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-perchild");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-prefork");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-worker");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-prefork-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-src");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-suexec");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-suexec-custom");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-threaded-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2.2-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2.2-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapr0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapr0-dev");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/07/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/11/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/28");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(6\.06|8\.04|9\.10|10\.04|10\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 8.04 / 9.10 / 10.04 / 10.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"6.06", pkgname:"apache2", pkgver:"2.0.55-4ubuntu2.12")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"apache2-common", pkgver:"2.0.55-4ubuntu2.12")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"apache2-doc", pkgver:"2.0.55-4ubuntu2.12")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"apache2-mpm-perchild", pkgver:"2.0.55-4ubuntu2.12")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"apache2-mpm-prefork", pkgver:"2.0.55-4ubuntu2.12")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"apache2-mpm-worker", pkgver:"2.0.55-4ubuntu2.12")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"apache2-prefork-dev", pkgver:"2.0.55-4ubuntu2.12")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"apache2-threaded-dev", pkgver:"2.0.55-4ubuntu2.12")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"apache2-utils", pkgver:"2.0.55-4ubuntu2.12")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"libapr0", pkgver:"2.0.55-4ubuntu2.12")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"libapr0-dev", pkgver:"2.0.55-4ubuntu2.12")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"apache2", pkgver:"2.2.8-1ubuntu0.19")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"apache2-doc", pkgver:"2.2.8-1ubuntu0.19")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"apache2-mpm-event", pkgver:"2.2.8-1ubuntu0.19")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"apache2-mpm-perchild", pkgver:"2.2.8-1ubuntu0.19")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"apache2-mpm-prefork", pkgver:"2.2.8-1ubuntu0.19")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"apache2-mpm-worker", pkgver:"2.2.8-1ubuntu0.19")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"apache2-prefork-dev", pkgver:"2.2.8-1ubuntu0.19")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"apache2-src", pkgver:"2.2.8-1ubuntu0.19")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"apache2-threaded-dev", pkgver:"2.2.8-1ubuntu0.19")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"apache2-utils", pkgver:"2.2.8-1ubuntu0.19")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"apache2.2-common", pkgver:"2.2.8-1ubuntu0.19")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"apache2", pkgver:"2.2.12-1ubuntu2.4")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"apache2-doc", pkgver:"2.2.12-1ubuntu2.4")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"apache2-mpm-event", pkgver:"2.2.12-1ubuntu2.4")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"apache2-mpm-itk", pkgver:"2.2.12-1ubuntu2.4")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"apache2-mpm-prefork", pkgver:"2.2.12-1ubuntu2.4")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"apache2-mpm-worker", pkgver:"2.2.12-1ubuntu2.4")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"apache2-prefork-dev", pkgver:"2.2.12-1ubuntu2.4")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"apache2-suexec", pkgver:"2.2.12-1ubuntu2.4")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"apache2-suexec-custom", pkgver:"2.2.12-1ubuntu2.4")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"apache2-threaded-dev", pkgver:"2.2.12-1ubuntu2.4")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"apache2-utils", pkgver:"2.2.12-1ubuntu2.4")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"apache2.2-bin", pkgver:"2.2.12-1ubuntu2.4")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"apache2.2-common", pkgver:"2.2.12-1ubuntu2.4")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"apache2", pkgver:"2.2.14-5ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"apache2-doc", pkgver:"2.2.14-5ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"apache2-mpm-event", pkgver:"2.2.14-5ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"apache2-mpm-itk", pkgver:"2.2.14-5ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"apache2-mpm-prefork", pkgver:"2.2.14-5ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"apache2-mpm-worker", pkgver:"2.2.14-5ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"apache2-prefork-dev", pkgver:"2.2.14-5ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"apache2-suexec", pkgver:"2.2.14-5ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"apache2-suexec-custom", pkgver:"2.2.14-5ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"apache2-threaded-dev", pkgver:"2.2.14-5ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"apache2-utils", pkgver:"2.2.14-5ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"apache2.2-bin", pkgver:"2.2.14-5ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"apache2.2-common", pkgver:"2.2.14-5ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"10.10", pkgname:"apache2", pkgver:"2.2.16-1ubuntu3.1")) flag++;
    if (ubuntu_check(osver:"10.10", pkgname:"apache2-doc", pkgver:"2.2.16-1ubuntu3.1")) flag++;
    if (ubuntu_check(osver:"10.10", pkgname:"apache2-mpm-event", pkgver:"2.2.16-1ubuntu3.1")) flag++;
    if (ubuntu_check(osver:"10.10", pkgname:"apache2-mpm-itk", pkgver:"2.2.16-1ubuntu3.1")) flag++;
    if (ubuntu_check(osver:"10.10", pkgname:"apache2-mpm-prefork", pkgver:"2.2.16-1ubuntu3.1")) flag++;
    if (ubuntu_check(osver:"10.10", pkgname:"apache2-mpm-worker", pkgver:"2.2.16-1ubuntu3.1")) flag++;
    if (ubuntu_check(osver:"10.10", pkgname:"apache2-prefork-dev", pkgver:"2.2.16-1ubuntu3.1")) flag++;
    if (ubuntu_check(osver:"10.10", pkgname:"apache2-suexec", pkgver:"2.2.16-1ubuntu3.1")) flag++;
    if (ubuntu_check(osver:"10.10", pkgname:"apache2-suexec-custom", pkgver:"2.2.16-1ubuntu3.1")) flag++;
    if (ubuntu_check(osver:"10.10", pkgname:"apache2-threaded-dev", pkgver:"2.2.16-1ubuntu3.1")) flag++;
    if (ubuntu_check(osver:"10.10", pkgname:"apache2-utils", pkgver:"2.2.16-1ubuntu3.1")) flag++;
    if (ubuntu_check(osver:"10.10", pkgname:"apache2.2-bin", pkgver:"2.2.16-1ubuntu3.1")) flag++;
    if (ubuntu_check(osver:"10.10", pkgname:"apache2.2-common", pkgver:"2.2.16-1ubuntu3.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2 / apache2-common / apache2-doc / apache2-mpm-event / etc");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0659.NASL
    descriptionUpdated httpd packages that fix two security issues and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Apache HTTP Server is a popular web server. A flaw was discovered in the way the mod_proxy module of the Apache HTTP Server handled the timeouts of requests forwarded by a reverse proxy to the back-end server. If the proxy was configured to reuse existing back-end connections, it could return a response intended for another user under certain timeout conditions, possibly leading to information disclosure. (CVE-2010-2791) A flaw was found in the way the mod_dav module of the Apache HTTP Server handled certain requests. If a remote attacker were to send a carefully crafted request to the server, it could cause the httpd child process to crash. (CVE-2010-1452) This update also fixes the following bugs : * numerous issues in the INFLATE filter provided by mod_deflate.
    last seen2020-06-01
    modified2020-06-02
    plugin id67078
    published2013-06-29
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67078
    titleCentOS 5 : httpd (CESA-2010:0659)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2010:0659 and 
    # CentOS Errata and Security Advisory 2010:0659 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67078);
      script_version("1.14");
      script_cvs_date("Date: 2019/10/25 13:36:05");
    
      script_cve_id("CVE-2010-1452", "CVE-2010-2068", "CVE-2010-2791");
      script_bugtraq_id(41963, 42102);
      script_xref(name:"RHSA", value:"2010:0659");
    
      script_name(english:"CentOS 5 : httpd (CESA-2010:0659)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated httpd packages that fix two security issues and multiple bugs
    are now available for Red Hat Enterprise Linux 5.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    The Apache HTTP Server is a popular web server.
    
    A flaw was discovered in the way the mod_proxy module of the Apache
    HTTP Server handled the timeouts of requests forwarded by a reverse
    proxy to the back-end server. If the proxy was configured to reuse
    existing back-end connections, it could return a response intended for
    another user under certain timeout conditions, possibly leading to
    information disclosure. (CVE-2010-2791)
    
    A flaw was found in the way the mod_dav module of the Apache HTTP
    Server handled certain requests. If a remote attacker were to send a
    carefully crafted request to the server, it could cause the httpd
    child process to crash. (CVE-2010-1452)
    
    This update also fixes the following bugs :
    
    * numerous issues in the INFLATE filter provided by mod_deflate.
    'Inflate error -5 on flush' errors may have been logged. This update
    upgrades mod_deflate to the newer upstream version from Apache HTTP
    Server 2.2.15. (BZ#625435)
    
    * the response would be corrupted if mod_filter applied the DEFLATE
    filter to a resource requiring a subrequest with an internal redirect.
    (BZ#625451)
    
    * the OID() function used in the mod_ssl 'SSLRequire' directive did
    not correctly evaluate extensions of an unknown type. (BZ#625452)
    
    All httpd users should upgrade to these updated packages, which
    contain backported patches to correct these issues. After installing
    the updated packages, the httpd daemon must be restarted for the
    update to take effect."
      );
      # https://lists.centos.org/pipermail/centos-announce/2010-August/016958.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?032c0c92"
      );
      # https://lists.centos.org/pipermail/centos-announce/2010-August/016959.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7fddb810"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected httpd packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:httpd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:httpd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:httpd-manual");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mod_ssl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/06/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/08/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/06/29");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-5", reference:"httpd-2.2.3-43.el5.centos.3")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"httpd-devel-2.2.3-43.el5.centos.3")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"httpd-manual-2.2.3-43.el5.centos.3")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"mod_ssl-2.2.3-43.el5.centos.3")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd / httpd-devel / httpd-manual / mod_ssl");
    }
    
  • NASL familyWeb Servers
    NASL idAPACHE_2_2_16.NASL
    descriptionAccording to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.16. It is, therefore, potentially affected by multiple vulnerabilities : - A denial of service vulnerability in mod_cache and mod_dav. (CVE-2010-1452) - An information disclosure vulnerability in mod_proxy_ajp, mod_reqtimeout, and mod_proxy_http relating to timeout conditions. Note that this issue only affects Apache on Windows, Netware, and OS/2. (CVE-2010-2068) Note that the remote web server may not actually be affected by these vulnerabilities. Nessus did not try to determine whether the affected modules are in use or to check for the issues themselves.
    last seen2020-06-01
    modified2020-06-02
    plugin id48205
    published2010-07-30
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/48205
    titleApache 2.2.x < 2.2.16 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(48205);
      script_version("1.28");
      script_cvs_date("Date: 2018/11/15 20:50:25");
    
      script_cve_id("CVE-2010-1452", "CVE-2010-2068");
      script_bugtraq_id(40827, 41963);
      script_xref(name:"Secunia", value:"40206");
    
      script_name(english:"Apache 2.2.x < 2.2.16 Multiple Vulnerabilities");
      script_summary(english:"Checks version in Server response header");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote web server is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its banner, the version of Apache 2.2.x running on the
    remote host is prior to 2.2.16. It is, therefore, potentially affected
    by multiple vulnerabilities :
    
      - A denial of service vulnerability in mod_cache and 
        mod_dav. (CVE-2010-1452)
      
      - An information disclosure vulnerability in mod_proxy_ajp,
        mod_reqtimeout, and mod_proxy_http relating to timeout 
        conditions. Note that this issue only affects Apache on 
        Windows, Netware, and OS/2. (CVE-2010-2068)
    
    Note that the remote web server may not actually be affected by these
    vulnerabilities.  Nessus did not try to determine whether the affected
    modules are in use or to check for the issues themselves." );
    
      script_set_attribute(attribute:"see_also", value:"http://httpd.apache.org/security/vulnerabilities_22.html");
      script_set_attribute(attribute:"see_also", value:"https://issues.apache.org/bugzilla/show_bug.cgi?id=49246");
      script_set_attribute(attribute:"see_also", value:"https://bz.apache.org/bugzilla/show_bug.cgi?id=49417");
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ce8ac446");
      script_set_attribute(attribute:"solution", value:"Upgrade to Apache version 2.2.16 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/06/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/07/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/30");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:http_server");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Web Servers");
    
      script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.");
    
      script_dependencies("apache_http_version.nasl");
      script_require_keys("installed_sw/Apache");
      script_require_ports("Services/www", 80);
    
      exit(0);
    }
    
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    include("audit.inc");
    include("install_func.inc");
    
    get_install_count(app_name:"Apache", exit_if_zero:TRUE);
    port = get_http_port(default:80);
    install = get_single_install(app_name:"Apache", port:port, exit_if_unknown_ver:TRUE);
    
    # Check if we could get a version first, then check if it was 
    # backported
    version = get_kb_item_or_exit('www/apache/'+port+'/version', exit_code:1);
    backported = get_kb_item_or_exit('www/apache/'+port+'/backported', exit_code:1);
    
    if (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, "Apache");
    source = get_kb_item_or_exit('www/apache/'+port+'/source', exit_code:1);
    
    # Check if the version looks like either ServerTokens Major/Minor
    # was used
    if (version =~ '^2(\\.2)?$') exit(1, "The banner from the Apache server listening on port "+port+" - "+source+" - is not granular enough to make a determination.");
    if (version !~ "^\d+(\.\d+)*$") exit(1, "The version of Apache listening on port " + port + " - " + version + " - is non-numeric and, therefore, cannot be used to make a determination.");
    if (version =~ '^2\\.2' && ver_compare(ver:version, fix:'2.2.16') == -1)
    {
      if (report_verbosity > 0)
      {
        report = 
          '\n  Version source    : ' + source +
          '\n  Installed version : ' + version +
          '\n  Fixed version     : 2.2.16\n';
        security_warning(port:port, extra:report);
      }
      else security_warning(port);
      exit(0);
    } 
    else audit(AUDIT_LISTEN_NOT_VULN, "Apache", port, install["version"]);
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0659.NASL
    descriptionFrom Red Hat Security Advisory 2010:0659 : Updated httpd packages that fix two security issues and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Apache HTTP Server is a popular web server. A flaw was discovered in the way the mod_proxy module of the Apache HTTP Server handled the timeouts of requests forwarded by a reverse proxy to the back-end server. If the proxy was configured to reuse existing back-end connections, it could return a response intended for another user under certain timeout conditions, possibly leading to information disclosure. (CVE-2010-2791) A flaw was found in the way the mod_dav module of the Apache HTTP Server handled certain requests. If a remote attacker were to send a carefully crafted request to the server, it could cause the httpd child process to crash. (CVE-2010-1452) This update also fixes the following bugs : * numerous issues in the INFLATE filter provided by mod_deflate.
    last seen2020-06-01
    modified2020-06-02
    plugin id68091
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68091
    titleOracle Linux 5 : httpd (ELSA-2010-0659)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2010:0659 and 
    # Oracle Linux Security Advisory ELSA-2010-0659 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(68091);
      script_version("1.13");
      script_cvs_date("Date: 2019/10/25 13:36:08");
    
      script_cve_id("CVE-2010-1452", "CVE-2010-2068", "CVE-2010-2791");
      script_bugtraq_id(41963, 42102);
      script_xref(name:"RHSA", value:"2010:0659");
    
      script_name(english:"Oracle Linux 5 : httpd (ELSA-2010-0659)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2010:0659 :
    
    Updated httpd packages that fix two security issues and multiple bugs
    are now available for Red Hat Enterprise Linux 5.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    The Apache HTTP Server is a popular web server.
    
    A flaw was discovered in the way the mod_proxy module of the Apache
    HTTP Server handled the timeouts of requests forwarded by a reverse
    proxy to the back-end server. If the proxy was configured to reuse
    existing back-end connections, it could return a response intended for
    another user under certain timeout conditions, possibly leading to
    information disclosure. (CVE-2010-2791)
    
    A flaw was found in the way the mod_dav module of the Apache HTTP
    Server handled certain requests. If a remote attacker were to send a
    carefully crafted request to the server, it could cause the httpd
    child process to crash. (CVE-2010-1452)
    
    This update also fixes the following bugs :
    
    * numerous issues in the INFLATE filter provided by mod_deflate.
    'Inflate error -5 on flush' errors may have been logged. This update
    upgrades mod_deflate to the newer upstream version from Apache HTTP
    Server 2.2.15. (BZ#625435)
    
    * the response would be corrupted if mod_filter applied the DEFLATE
    filter to a resource requiring a subrequest with an internal redirect.
    (BZ#625451)
    
    * the OID() function used in the mod_ssl 'SSLRequire' directive did
    not correctly evaluate extensions of an unknown type. (BZ#625452)
    
    All httpd users should upgrade to these updated packages, which
    contain backported patches to correct these issues. After installing
    the updated packages, the httpd daemon must be restarted for the
    update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2010-August/001618.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected httpd packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:httpd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:httpd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:httpd-manual");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mod_ssl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/06/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/08/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL5", reference:"httpd-2.2.3-43.0.1.el5_5.3")) flag++;
    if (rpm_check(release:"EL5", reference:"httpd-devel-2.2.3-43.0.1.el5_5.3")) flag++;
    if (rpm_check(release:"EL5", reference:"httpd-manual-2.2.3-43.0.1.el5_5.3")) flag++;
    if (rpm_check(release:"EL5", reference:"mod_ssl-2.2.3-43.0.1.el5_5.3")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd / httpd-devel / httpd-manual / mod_ssl");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-12478.NASL
    descriptionThis update contains the latest stable release of the Apache HTTP Server. One security fix is included: CVE-2010-1452: mod_dav, mod_cache: Fix Handling of requests without a path segment. Several bugs are also fixed: http://www.apache.org/dist/httpd/CHANGES_2.2.16 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id48327
    published2010-08-14
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/48327
    titleFedora 13 : httpd-2.2.16-1.fc13 (2010-12478)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201206-25.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201206-25 (Apache HTTP Server: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Apache HTTP Server. Please review the CVE identifiers referenced below for details. Impact : A remote attacker might obtain sensitive information, gain privileges, send requests to unintended servers behind proxies, bypass certain security restrictions, obtain the values of HTTPOnly cookies, or cause a Denial of Service in various ways. A local attacker could gain escalated privileges. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id59678
    published2012-06-25
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59678
    titleGLSA-201206-25 : Apache HTTP Server: Multiple vulnerabilities
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_28A7310F985511DF8D36001AA0166822.NASL
    descriptionApache ChangeLog reports : mod_dav, mod_cache: Fix Handling of requests without a path segment.
    last seen2020-06-01
    modified2020-06-02
    plugin id47818
    published2010-07-26
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47818
    titleFreeBSD : apache -- Remote DoS bug in mod_cache and mod_dav (28a7310f-9855-11df-8d36-001aa0166822)
  • NASL familyWeb Servers
    NASL idHPSMH_7_0_0_24.NASL
    descriptionAccording to the web server
    last seen2020-06-01
    modified2020-06-02
    plugin id58811
    published2012-04-20
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58811
    titleHP System Management Homepage < 7.0 Multiple Vulnerabilities
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2010-240-02.NASL
    descriptionNew httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id48920
    published2010-08-29
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/48920
    titleSlackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : httpd (SSA:2010-240-02)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_APACHE2-110831.NASL
    descriptionThis update fixes a remote denial of service bug (memory exhaustion) in the Apache 2 HTTP server, that could be triggered by remote attackers using multiple overlapping Request Ranges. (CVE-2011-3192) It also fixes a issue in mod_dav, where the (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x allowed remote attackers to cause a denial of service (process crash) via a request that lacks a path. (CVE-2010-1452) Also following bugs were fixed : - recommend the default MPM (prefork) via Recommends: in .spec - apache not sending error 304 if mod_deflate is enabled. - take LimitRequestFieldsize config option into account when parsing headers from backend.
    last seen2020-06-01
    modified2020-06-02
    plugin id57088
    published2011-12-13
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57088
    titleSuSE 11.1 Security Update : Apache (SAT Patch Number 5090)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0118_HTTPD.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has httpd packages installed that are affected by multiple vulnerabilities: - Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte. (CVE-2005-1268) - The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a Transfer-Encoding: chunked header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka HTTP Request Smuggling. (CVE-2005-2088) - ssl_engine_kernel.c in mod_ssl before 2.8.24, when using SSLVerifyClient optional in the global virtual host configuration, does not properly enforce SSLVerifyClient require in a per-location context, which allows remote attackers to bypass intended access restrictions. (CVE-2005-2700) - The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field. (CVE-2005-2728) - Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps. (CVE-2005-3352) - mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference. (CVE-2005-3357) - The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post- renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue. (CVE-2009-3555) - The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path. (CVE-2010-1452) - fs/ext4/extents.c in the Linux kernel before 3.0 does not mark a modified extent as dirty in certain cases of extent splitting, which allows local users to cause a denial of service (system crash) via vectors involving ext4 umount and mount operations. (CVE-2011-3638) - It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743) - It was discovered that the use of httpd
    last seen2020-06-01
    modified2020-06-02
    plugin id127360
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127360
    titleNewStart CGSL MAIN 4.05 : httpd Multiple Vulnerabilities (NS-SA-2019-0118)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_6_7.NASL
    descriptionThe remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.7. Mac OS X 10.6.7 contains security fixes for the following products : - AirPort - Apache - AppleScript - ATS - bzip2 - CarbonCore - ClamAV - CoreText - File Quarantine - HFS - ImageIO - Image RAW - Installer - Kerberos - Kernel - Libinfo - libxml - Mailman - PHP - QuickLook - QuickTime - Ruby - Samba - Subversion - Terminal - X11
    last seen2020-06-01
    modified2020-06-02
    plugin id52754
    published2011-03-22
    reporterThis script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/52754
    titleMac OS X 10.6.x < 10.6.7 Multiple Vulnerabilities
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-153.NASL
    descriptionMultiple vulnerabilities has been found and corrected in apache : The mod_cache and mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path (CVE-2010-1452). mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions (CVE-2010-2791). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=4 90 The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id48347
    published2010-08-17
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/48347
    titleMandriva Linux Security Advisory : apache (MDVSA-2010:153)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2298.NASL
    descriptionTwo issues have been found in the Apache HTTPD web server : - CVE-2011-3192 A vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache HTTPD server. This vulnerability allows an attacker to cause Apache HTTPD to use an excessive amount of memory, causing a denial of service. - CVE-2010-1452 A vulnerability has been found in mod_dav that allows an attacker to cause a daemon crash, causing a denial of service. This issue only affects the Debian 5.0 oldstable/lenny distribution.
    last seen2020-03-17
    modified2011-08-30
    plugin id55998
    published2011-08-30
    reporterThis script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55998
    titleDebian DSA-2298-2 : apache2 - denial of service
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-152.NASL
    descriptionA vulnerability has been found and corrected in apache : The mod_cache and mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path (CVE-2010-1452). Packages for 2008.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=4 90 The updated packages have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id48346
    published2010-08-17
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/48346
    titleMandriva Linux Security Advisory : apache (MDVSA-2010:152)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0659.NASL
    descriptionUpdated httpd packages that fix two security issues and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Apache HTTP Server is a popular web server. A flaw was discovered in the way the mod_proxy module of the Apache HTTP Server handled the timeouts of requests forwarded by a reverse proxy to the back-end server. If the proxy was configured to reuse existing back-end connections, it could return a response intended for another user under certain timeout conditions, possibly leading to information disclosure. (CVE-2010-2791) A flaw was found in the way the mod_dav module of the Apache HTTP Server handled certain requests. If a remote attacker were to send a carefully crafted request to the server, it could cause the httpd child process to crash. (CVE-2010-1452) This update also fixes the following bugs : * numerous issues in the INFLATE filter provided by mod_deflate.
    last seen2020-06-01
    modified2020-06-02
    plugin id48934
    published2010-08-31
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/48934
    titleRHEL 5 : httpd (RHSA-2010:0659)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20100830_HTTPD_ON_SL5_X.NASL
    descriptionA flaw was discovered in the way the mod_proxy module of the Apache HTTP Server handled the timeouts of requests forwarded by a reverse proxy to the back-end server. If the proxy was configured to reuse existing back-end connections, it could return a response intended for another user under certain timeout conditions, possibly leading to information disclosure. (CVE-2010-2791) A flaw was found in the way the mod_dav module of the Apache HTTP Server handled certain requests. If a remote attacker were to send a carefully crafted request to the server, it could cause the httpd child process to crash. (CVE-2010-1452) This update also fixes the following bugs : - numerous issues in the INFLATE filter provided by mod_deflate.
    last seen2020-06-01
    modified2020-06-02
    plugin id60847
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60847
    titleScientific Linux Security Update : httpd on SL5.x i386/x86_64
  • NASL familyWeb Servers
    NASL idAPACHE_2_0_64.NASL
    descriptionAccording to its banner, the version of Apache 2.0.x running on the remote host is prior to 2.0.64. It is, therefore, affected by the following vulnerabilities : - An unspecified error exists in the handling of requests without a path segment. (CVE-2010-1452) - Several modules, including
    last seen2020-06-01
    modified2020-06-02
    plugin id50069
    published2010-10-20
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50069
    titleApache 2.0.x < 2.0.64 Multiple Vulnerabilities
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2011-001.NASL
    descriptionThe remote host is running a version of Mac OS X 10.5 that does not have Security Update 2011-001 applied. This security update contains fixes for the following products : - Apache - bzip2 - ClamAV - ImageIO - Kerberos - Libinfo - libxml - Mailman - PHP - QuickLook - Ruby - X11
    last seen2020-06-01
    modified2020-06-02
    plugin id52753
    published2011-03-22
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/52753
    titleMac OS X Multiple Vulnerabilities (Security Update 2011-001)

Oval

  • accepted2014-07-14T04:00:09.941-04:00
    classvulnerability
    contributors
    • nameJ. Daniel Brown
      organizationDTCC
    • nameShane Shaffer
      organizationG2, Inc.
    • nameMaria Mikhno
      organizationALTX-SOFT
    definition_extensions
    commentApache HTTP Server 2.2.x is installed on the system
    ovaloval:org.mitre.oval:def:8550
    descriptionThe (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
    familywindows
    idoval:org.mitre.oval:def:11683
    statusaccepted
    submitted2010-07-27T17:30:00.000-05:00
    titleApache 'mod_cache' and 'mod_dav' Request Handling Denial of Service Vulnerability
    version11
  • accepted2015-04-20T04:00:22.150-04:00
    classvulnerability
    contributors
    • nameK, Balamurugan
      organizationHewlett-Packard
    • nameSushant Kumar Singh
      organizationHewlett-Packard
    • nameSushant Kumar Singh
      organizationHewlett-Packard
    • namePrashant Kumar
      organizationHewlett-Packard
    • nameMike Cokus
      organizationThe MITRE Corporation
    descriptionThe (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
    familyunix
    idoval:org.mitre.oval:def:12341
    statusaccepted
    submitted2011-02-01T12:25:57.000-05:00
    titleHP-UX Apache-based Web Server, Local Information Disclosure, Increase of Privilege, Remote Denial of Service (DoS)
    version49

Redhat

advisories
  • rhsa
    idRHSA-2010:0659
  • rhsa
    idRHSA-2011:0896
  • rhsa
    idRHSA-2011:0897
rpms
  • httpd-0:2.2.3-43.el5_5.3
  • httpd-debuginfo-0:2.2.3-43.el5_5.3
  • httpd-devel-0:2.2.3-43.el5_5.3
  • httpd-manual-0:2.2.3-43.el5_5.3
  • mod_ssl-1:2.2.3-43.el5_5.3
  • ant-0:1.7.1-13.jdk6.ep5.el4
  • ant-0:1.7.1-13.jdk6.ep5.el5
  • ant-0:1.7.1-14.ep5.el6
  • ant-antlr-0:1.7.1-13.jdk6.ep5.el5
  • ant-antlr-0:1.7.1-14.ep5.el6
  • ant-apache-bcel-0:1.7.1-13.jdk6.ep5.el5
  • ant-apache-bcel-0:1.7.1-14.ep5.el6
  • ant-apache-bsf-0:1.7.1-13.jdk6.ep5.el5
  • ant-apache-bsf-0:1.7.1-14.ep5.el6
  • ant-apache-log4j-0:1.7.1-13.jdk6.ep5.el5
  • ant-apache-log4j-0:1.7.1-14.ep5.el6
  • ant-apache-oro-0:1.7.1-13.jdk6.ep5.el5
  • ant-apache-oro-0:1.7.1-14.ep5.el6
  • ant-apache-regexp-0:1.7.1-13.jdk6.ep5.el5
  • ant-apache-regexp-0:1.7.1-14.ep5.el6
  • ant-apache-resolver-0:1.7.1-13.jdk6.ep5.el5
  • ant-apache-resolver-0:1.7.1-14.ep5.el6
  • ant-commons-logging-0:1.7.1-13.jdk6.ep5.el5
  • ant-commons-logging-0:1.7.1-14.ep5.el6
  • ant-commons-net-0:1.7.1-14.ep5.el6
  • ant-javamail-0:1.7.1-13.jdk6.ep5.el5
  • ant-javamail-0:1.7.1-14.ep5.el6
  • ant-jdepend-0:1.7.1-13.jdk6.ep5.el5
  • ant-jdepend-0:1.7.1-14.ep5.el6
  • ant-jmf-0:1.7.1-13.jdk6.ep5.el5
  • ant-jmf-0:1.7.1-14.ep5.el6
  • ant-jsch-0:1.7.1-13.jdk6.ep5.el5
  • ant-jsch-0:1.7.1-14.ep5.el6
  • ant-junit-0:1.7.1-13.jdk6.ep5.el5
  • ant-junit-0:1.7.1-14.ep5.el6
  • ant-nodeps-0:1.7.1-13.jdk6.ep5.el5
  • ant-nodeps-0:1.7.1-14.ep5.el6
  • ant-scripts-0:1.7.1-13.jdk6.ep5.el5
  • ant-scripts-0:1.7.1-14.ep5.el6
  • ant-swing-0:1.7.1-13.jdk6.ep5.el5
  • ant-swing-0:1.7.1-14.ep5.el6
  • ant-trax-0:1.7.1-13.jdk6.ep5.el5
  • ant-trax-0:1.7.1-14.ep5.el6
  • antlr-0:2.7.7-7.ep5.el4
  • antlr-0:2.7.7-7.ep5.el5
  • antlr-0:2.7.7-7.ep5.el6
  • bcel-0:5.2-8.1.ep5.el4
  • cglib-0:2.2-5.1.1.1.jdk6.ep5.el5
  • cglib-0:2.2-5.1.1.jdk6.ep5.el4
  • cglib-0:2.2-5.4.ep5.el6
  • dom4j-0:1.6.1-11.1.ep5.el6
  • dom4j-0:1.6.1-11.ep5.el4
  • dom4j-0:1.6.1-11.ep5.el5
  • ecj-1:3.3.1.1-3.2.2.jdk6.ep5.el4
  • ecj3-1:3.3.1.1-3.1.1.1.jdk6.ep5.el5
  • ecj3-1:3.3.1.1-4.ep5.el6
  • glassfish-jaf-0:1.1.0-6.1.1.jdk6.ep5.el4
  • glassfish-javamail-0:1.4.2-0.4.ep5.el4
  • glassfish-jsf-0:1.2_13-2.2.1.jdk6.ep5.el4
  • glassfish-jsf-0:1.2_13-3.1.1.jdk6.ep5.el5
  • glassfish-jsf-0:1.2_13-3.1.4.ep5.el6
  • hibernate3-1:3.3.2-1.4.GA_CP04.ep5.el5
  • hibernate3-1:3.3.2-1.5.GA_CP04.ep5.el4
  • hibernate3-1:3.3.2-1.8.GA_CP04.ep5.el6
  • hibernate3-annotations-0:3.4.0-3.2.GA_CP04.ep5.el5
  • hibernate3-annotations-0:3.4.0-3.3.GA_CP04.ep5.el4
  • hibernate3-annotations-0:3.4.0-3.5.GA_CP04.ep5.el6
  • hibernate3-annotations-javadoc-0:3.4.0-3.2.GA_CP04.ep5.el5
  • hibernate3-annotations-javadoc-0:3.4.0-3.3.GA_CP04.ep5.el4
  • hibernate3-annotations-javadoc-0:3.4.0-3.5.GA_CP04.ep5.el6
  • hibernate3-commons-annotations-0:3.1.0-1.8.ep5.el4
  • hibernate3-commons-annotations-0:3.1.0-1.8.ep5.el5
  • hibernate3-commons-annotations-0:3.1.0-1.8.ep5.el6
  • hibernate3-commons-annotations-javadoc-0:3.1.0-1.8.ep5.el4
  • hibernate3-commons-annotations-javadoc-0:3.1.0-1.8.ep5.el5
  • hibernate3-commons-annotations-javadoc-0:3.1.0-1.8.ep5.el6
  • hibernate3-ejb-persistence-3.0-api-1:1.0.2-3.1.jdk6.ep5.el5
  • hibernate3-ejb-persistence-3.0-api-1:1.0.2-3.3.ep5.el6
  • hibernate3-ejb-persistence-3.0-api-1:1.0.2-3.jdk6.ep5.el4
  • hibernate3-ejb-persistence-3.0-api-javadoc-1:1.0.2-3.1.jdk6.ep5.el5
  • hibernate3-ejb-persistence-3.0-api-javadoc-1:1.0.2-3.3.ep5.el6
  • hibernate3-ejb-persistence-3.0-api-javadoc-1:1.0.2-3.jdk6.ep5.el4
  • hibernate3-entitymanager-0:3.4.0-4.3.GA_CP04.ep5.el4
  • hibernate3-entitymanager-0:3.4.0-4.3.GA_CP04.ep5.el5
  • hibernate3-entitymanager-0:3.4.0-4.4.GA_CP04.ep5.el6
  • hibernate3-entitymanager-javadoc-0:3.4.0-4.3.GA_CP04.ep5.el4
  • hibernate3-entitymanager-javadoc-0:3.4.0-4.3.GA_CP04.ep5.el5
  • hibernate3-entitymanager-javadoc-0:3.4.0-4.4.GA_CP04.ep5.el6
  • hibernate3-javadoc-1:3.3.2-1.4.GA_CP04.ep5.el5
  • hibernate3-javadoc-1:3.3.2-1.5.GA_CP04.ep5.el4
  • hibernate3-javadoc-1:3.3.2-1.8.GA_CP04.ep5.el6
  • httpd-0:2.2.17-11.1.ep5.el5
  • httpd-0:2.2.17-11.2.ep5.el6
  • httpd-debuginfo-0:2.2.17-11.1.ep5.el5
  • httpd-debuginfo-0:2.2.17-11.2.ep5.el6
  • httpd-devel-0:2.2.17-11.1.ep5.el5
  • httpd-devel-0:2.2.17-11.2.ep5.el6
  • httpd-manual-0:2.2.17-11.1.ep5.el5
  • httpd-manual-0:2.2.17-11.2.ep5.el6
  • httpd-tools-0:2.2.17-11.2.ep5.el6
  • httpd22-0:2.2.17-14.ep5.el4
  • httpd22-apr-0:2.2.17-14.ep5.el4
  • httpd22-apr-devel-0:2.2.17-14.ep5.el4
  • httpd22-apr-util-0:2.2.17-14.ep5.el4
  • httpd22-apr-util-devel-0:2.2.17-14.ep5.el4
  • httpd22-debuginfo-0:2.2.17-14.ep5.el4
  • httpd22-devel-0:2.2.17-14.ep5.el4
  • httpd22-manual-0:2.2.17-14.ep5.el4
  • jakarta-commons-beanutils-0:1.8.0-4.1.1.jdk6.ep5.el4
  • jakarta-commons-beanutils-0:1.8.0-4.1.2.1.jdk6.ep5.el5
  • jakarta-commons-beanutils-0:1.8.0-9.ep5.el6
  • jakarta-commons-chain-0:1.2-2.2.1.ep5.el5
  • jakarta-commons-chain-0:1.2-2.2.2.ep5.el6
  • jakarta-commons-chain-0:1.2-2.2.ep5.el4
  • jakarta-commons-codec-0:1.3-12.1.ep5.el6
  • jakarta-commons-codec-0:1.3-9.1.1.jdk6.ep5.el4
  • jakarta-commons-codec-0:1.3-9.2.1.1.jdk6.ep5.el5
  • jakarta-commons-collections-0:3.2.1-4.1.ep5.el5
  • jakarta-commons-collections-0:3.2.1-4.ep5.el4
  • jakarta-commons-collections-0:3.2.1-4.ep5.el6
  • jakarta-commons-collections-tomcat5-0:3.2.1-4.1.ep5.el5
  • jakarta-commons-collections-tomcat5-0:3.2.1-4.ep5.el4
  • jakarta-commons-collections-tomcat5-0:3.2.1-4.ep5.el6
  • jakarta-commons-daemon-1:1.0.5-1.1.ep5.el6
  • jakarta-commons-daemon-1:1.0.5-1.ep5.el4
  • jakarta-commons-daemon-1:1.0.5-1.ep5.el5
  • jakarta-commons-daemon-jsvc-1:1.0.5-1.4.ep5.el4
  • jakarta-commons-daemon-jsvc-1:1.0.5-1.4.ep5.el5
  • jakarta-commons-daemon-jsvc-1:1.0.5-1.4.ep5.el6
  • jakarta-commons-daemon-jsvc-debuginfo-1:1.0.5-1.4.ep5.el4
  • jakarta-commons-daemon-jsvc-debuginfo-1:1.0.5-1.4.ep5.el5
  • jakarta-commons-daemon-jsvc-debuginfo-1:1.0.5-1.4.ep5.el6
  • jakarta-commons-dbcp-0:1.2.1-16.2.ep5.el6
  • jakarta-commons-dbcp-0:1.2.1-16.4.ep5.el4
  • jakarta-commons-dbcp-0:1.2.1-16.4.ep5.el5
  • jakarta-commons-dbcp-tomcat5-0:1.2.1-16.2.ep5.el6
  • jakarta-commons-dbcp-tomcat5-0:1.2.1-16.4.ep5.el4
  • jakarta-commons-dbcp-tomcat5-0:1.2.1-16.4.ep5.el5
  • jakarta-commons-digester-0:1.8.1-8.1.1.1.ep5.el6
  • jakarta-commons-digester-0:1.8.1-8.1.jdk6.ep5.el4
  • jakarta-commons-digester-0:1.8.1-8.1.jdk6.ep5.el5
  • jakarta-commons-el-0:1.0-19.2.jdk6.ep5.el4
  • jakarta-commons-fileupload-1:1.1.1-7.4.ep5.el4
  • jakarta-commons-fileupload-1:1.1.1-7.4.ep5.el5
  • jakarta-commons-fileupload-1:1.1.1-7.5.ep5.el6
  • jakarta-commons-httpclient-1:3.1-1.1.1.jdk6.ep5.el4
  • jakarta-commons-httpclient-1:3.1-1.2.1.jdk6.ep5.el5
  • jakarta-commons-httpclient-1:3.1-1.2.2.ep5.el6
  • jakarta-commons-io-0:1.4-1.3.1.jdk6.ep5.el4
  • jakarta-commons-io-0:1.4-1.3.1.jdk6.ep5.el5
  • jakarta-commons-io-0:1.4-4.ep5.el6
  • jakarta-commons-launcher-0:1.1-4.6.1.ep5.el4
  • jakarta-commons-logging-0:1.1.1-0.4.1.jdk6.ep5.el4
  • jakarta-commons-logging-0:1.1.1-0.4.1.jdk6.ep5.el5
  • jakarta-commons-logging-0:1.1.1-1.ep5.el6
  • jakarta-commons-logging-jboss-0:1.1-10.2.1.jdk6.ep5.el4
  • jakarta-commons-logging-jboss-0:1.1-10.2.1.jdk6.ep5.el5
  • jakarta-commons-logging-jboss-0:1.1-10.2.2.1.ep5.el6
  • jakarta-commons-logging-tomcat6-0:1.1.1-0.4.1.jdk6.ep5.el4
  • jakarta-commons-logging-tomcat6-0:1.1.1-0.4.1.jdk6.ep5.el5
  • jakarta-commons-logging-tomcat6-0:1.1.1-1.ep5.el6
  • jakarta-commons-modeler-0:2.0-4.ep5.el4
  • jakarta-commons-pool-0:1.3-11.2.1.jdk6.ep5.el4
  • jakarta-commons-pool-0:1.3-11.2.1.jdk6.ep5.el5
  • jakarta-commons-pool-0:1.3-15.ep5.el6
  • jakarta-commons-pool-tomcat5-0:1.3-11.2.1.jdk6.ep5.el4
  • jakarta-commons-pool-tomcat5-0:1.3-11.2.1.jdk6.ep5.el5
  • jakarta-commons-pool-tomcat5-0:1.3-15.ep5.el6
  • jakarta-commons-validator-0:1.3.1-7.5.1.ep5.el4
  • jakarta-commons-validator-0:1.3.1-7.5.2.ep5.el5
  • jakarta-commons-validator-0:1.3.1-7.5.2.ep5.el6
  • jakarta-oro-0:2.0.8-3.3.2.1.1.1.jdk6.ep5.el5
  • jakarta-oro-0:2.0.8-3.3.2.1.jdk6.ep5.el4
  • jakarta-oro-0:2.0.8-7.ep5.el6
  • jakarta-taglibs-standard-0:1.1.1-12.ep5.el6
  • jakarta-taglibs-standard-0:1.1.1-9.1.ep5.el5
  • jakarta-taglibs-standard-0:1.1.1-9.ep5.el4
  • javassist-0:3.12.0-1.jdk6.ep5.el4
  • javassist-0:3.12.0-1.jdk6.ep5.el5
  • javassist-0:3.12.0-3.ep5.el6
  • jboss-common-core-0:2.2.17-1.2.ep5.el6
  • jboss-common-core-0:2.2.17-1.ep5.el4
  • jboss-common-core-0:2.2.17-1.ep5.el5
  • jboss-common-logging-jdk-0:2.1.2-1.2.ep5.el6
  • jboss-common-logging-jdk-0:2.1.2-1.ep5.el4
  • jboss-common-logging-jdk-0:2.1.2-1.ep5.el5
  • jboss-common-logging-spi-0:2.1.2-1.ep5.el4
  • jboss-common-logging-spi-0:2.1.2-1.ep5.el5
  • jboss-common-logging-spi-0:2.1.2-1.ep5.el6
  • jboss-javaee-0:5.0.1-2.9.ep5.el5
  • jboss-javaee-0:5.0.1-2.9.ep5.el6
  • jboss-javaee-poms-0:5.0.1-2.9.ep5.el4
  • jboss-javaee-poms-0:5.0.1-2.9.ep5.el5
  • jboss-javaee-poms-0:5.0.1-2.9.ep5.el6
  • jboss-jms-1.1-api-0:5.0.1-2.9.ep5.el4
  • jboss-jms-1.1-api-0:5.0.1-2.9.ep5.el5
  • jboss-jms-1.1-api-0:5.0.1-2.9.ep5.el6
  • jboss-transaction-1.0.1-api-0:5.0.1-2.9.ep5.el4
  • jboss-transaction-1.0.1-api-0:5.0.1-2.9.ep5.el5
  • jboss-transaction-1.0.1-api-0:5.0.1-2.9.ep5.el6
  • jcommon-0:1.0.16-1.2.1.jdk6.ep5.el4
  • jcommon-0:1.0.16-1.2.1.jdk6.ep5.el5
  • jcommon-0:1.0.16-1.2.2.ep5.el6
  • jfreechart-0:1.0.13-2.3.2.1.2.ep5.el6
  • jfreechart-0:1.0.13-2.3.2.1.jdk6.ep5.el4
  • jfreechart-0:1.0.13-2.3.2.1.jdk6.ep5.el5
  • log4j-0:1.2.14-18.1.jdk6.ep5.el4
  • mod_cluster-demo-0:1.0.10-2.1.GA_CP01.ep5.el5
  • mod_cluster-demo-0:1.0.10-2.2.GA_CP01.ep5.el6
  • mod_cluster-demo-0:1.0.10-2.GA_CP01.ep5.el4
  • mod_cluster-jbossas-0:1.0.10-2.1.GA_CP01.ep5.el5
  • mod_cluster-jbossas-0:1.0.10-2.2.GA_CP01.ep5.el6
  • mod_cluster-jbossas-0:1.0.10-2.GA_CP01.ep5.el4
  • mod_cluster-jbossweb2-0:1.0.10-2.1.GA_CP01.ep5.el5
  • mod_cluster-jbossweb2-0:1.0.10-2.2.GA_CP01.ep5.el6
  • mod_cluster-jbossweb2-0:1.0.10-2.GA_CP01.ep5.el4
  • mod_cluster-native-0:1.0.10-2.1.1.GA_CP01.ep5.el6
  • mod_cluster-native-0:1.0.10-2.1.GA_CP01.ep5.el5
  • mod_cluster-native-0:1.0.10-2.GA_CP01.ep5.el4
  • mod_cluster-native-debuginfo-0:1.0.10-2.1.1.GA_CP01.ep5.el6
  • mod_cluster-native-debuginfo-0:1.0.10-2.1.GA_CP01.ep5.el5
  • mod_cluster-native-debuginfo-0:1.0.10-2.GA_CP01.ep5.el4
  • mod_cluster-tomcat6-0:1.0.10-2.1.GA_CP01.ep5.el5
  • mod_cluster-tomcat6-0:1.0.10-2.2.GA_CP01.ep5.el6
  • mod_cluster-tomcat6-0:1.0.10-2.GA_CP01.ep5.el4
  • mod_jk-ap20-0:1.2.31-1.1.2.ep5.el6
  • mod_jk-ap20-0:1.2.31-1.1.ep5.el5
  • mod_jk-ap20-0:1.2.31-1.ep5.el4
  • mod_jk-debuginfo-0:1.2.31-1.1.2.ep5.el6
  • mod_jk-debuginfo-0:1.2.31-1.1.ep5.el5
  • mod_jk-debuginfo-0:1.2.31-1.ep5.el4
  • mod_jk-manual-0:1.2.31-1.1.2.ep5.el6
  • mod_jk-manual-0:1.2.31-1.1.ep5.el5
  • mod_jk-manual-0:1.2.31-1.ep5.el4
  • mod_ssl-1:2.2.17-11.1.ep5.el5
  • mod_ssl-1:2.2.17-11.2.ep5.el6
  • mod_ssl22-1:2.2.17-14.ep5.el4
  • mx4j-1:3.0.1-9.3.4.ep5.el4
  • objectweb-asm-0:3.1-5.3.1.jdk6.ep5.el4
  • objectweb-asm-0:3.1-5.3.1.jdk6.ep5.el5
  • objectweb-asm31-0:3.1-12.1.ep5.el6
  • regexp-0:1.5-1.2.1.jdk6.ep5.el4
  • struts12-0:1.2.9-3.1.ep5.el5
  • struts12-0:1.2.9-3.1.ep5.el6
  • struts12-0:1.2.9-3.ep5.el4
  • tomcat-jkstatus-ant-0:1.2.31-2.1.ep5.el6
  • tomcat-jkstatus-ant-0:1.2.31-2.ep5.el4
  • tomcat-jkstatus-ant-0:1.2.31-2.ep5.el5
  • tomcat-native-0:1.1.20-2.0.ep5.el4
  • tomcat-native-0:1.1.20-2.1.2.ep5.el6
  • tomcat-native-0:1.1.20-2.1.ep5.el5
  • tomcat-native-debuginfo-0:1.1.20-2.0.ep5.el4
  • tomcat-native-debuginfo-0:1.1.20-2.1.2.ep5.el6
  • tomcat-native-debuginfo-0:1.1.20-2.1.ep5.el5
  • tomcat5-0:5.5.33-14_patch_04.ep5.el4
  • tomcat5-0:5.5.33-15_patch_04.ep5.el6
  • tomcat5-0:5.5.33-16_patch_04.ep5.el5
  • tomcat5-admin-webapps-0:5.5.33-14_patch_04.ep5.el4
  • tomcat5-admin-webapps-0:5.5.33-15_patch_04.ep5.el6
  • tomcat5-admin-webapps-0:5.5.33-16_patch_04.ep5.el5
  • tomcat5-common-lib-0:5.5.33-14_patch_04.ep5.el4
  • tomcat5-common-lib-0:5.5.33-15_patch_04.ep5.el6
  • tomcat5-common-lib-0:5.5.33-16_patch_04.ep5.el5
  • tomcat5-jasper-0:5.5.33-14_patch_04.ep5.el4
  • tomcat5-jasper-0:5.5.33-15_patch_04.ep5.el6
  • tomcat5-jasper-0:5.5.33-16_patch_04.ep5.el5
  • tomcat5-jasper-eclipse-0:5.5.33-14_patch_04.ep5.el4
  • tomcat5-jasper-eclipse-0:5.5.33-15_patch_04.ep5.el6
  • tomcat5-jasper-eclipse-0:5.5.33-16_patch_04.ep5.el5
  • tomcat5-jasper-javadoc-0:5.5.33-14_patch_04.ep5.el4
  • tomcat5-jasper-javadoc-0:5.5.33-15_patch_04.ep5.el6
  • tomcat5-jasper-javadoc-0:5.5.33-16_patch_04.ep5.el5
  • tomcat5-jsp-2.0-api-0:5.5.33-14_patch_04.ep5.el4
  • tomcat5-jsp-2.0-api-0:5.5.33-15_patch_04.ep5.el6
  • tomcat5-jsp-2.0-api-0:5.5.33-16_patch_04.ep5.el5
  • tomcat5-jsp-2.0-api-javadoc-0:5.5.33-14_patch_04.ep5.el4
  • tomcat5-jsp-2.0-api-javadoc-0:5.5.33-15_patch_04.ep5.el6
  • tomcat5-jsp-2.0-api-javadoc-0:5.5.33-16_patch_04.ep5.el5
  • tomcat5-parent-0:5.5.33-14_patch_04.ep5.el4
  • tomcat5-parent-0:5.5.33-15_patch_04.ep5.el6
  • tomcat5-parent-0:5.5.33-16_patch_04.ep5.el5
  • tomcat5-server-lib-0:5.5.33-14_patch_04.ep5.el4
  • tomcat5-server-lib-0:5.5.33-15_patch_04.ep5.el6
  • tomcat5-server-lib-0:5.5.33-16_patch_04.ep5.el5
  • tomcat5-servlet-2.4-api-0:5.5.33-14_patch_04.ep5.el4
  • tomcat5-servlet-2.4-api-0:5.5.33-15_patch_04.ep5.el6
  • tomcat5-servlet-2.4-api-0:5.5.33-16_patch_04.ep5.el5
  • tomcat5-servlet-2.4-api-javadoc-0:5.5.33-14_patch_04.ep5.el4
  • tomcat5-servlet-2.4-api-javadoc-0:5.5.33-15_patch_04.ep5.el6
  • tomcat5-servlet-2.4-api-javadoc-0:5.5.33-16_patch_04.ep5.el5
  • tomcat5-webapps-0:5.5.33-14_patch_04.ep5.el4
  • tomcat5-webapps-0:5.5.33-15_patch_04.ep5.el6
  • tomcat5-webapps-0:5.5.33-16_patch_04.ep5.el5
  • tomcat6-0:6.0.32-14_patch_03.ep5.el6
  • tomcat6-0:6.0.32-15.1_patch_03.ep5.el5
  • tomcat6-0:6.0.32-15_patch_03.ep5.el4
  • tomcat6-admin-webapps-0:6.0.32-14_patch_03.ep5.el6
  • tomcat6-admin-webapps-0:6.0.32-15.1_patch_03.ep5.el5
  • tomcat6-admin-webapps-0:6.0.32-15_patch_03.ep5.el4
  • tomcat6-docs-webapp-0:6.0.32-14_patch_03.ep5.el6
  • tomcat6-docs-webapp-0:6.0.32-15.1_patch_03.ep5.el5
  • tomcat6-docs-webapp-0:6.0.32-15_patch_03.ep5.el4
  • tomcat6-el-1.0-api-0:6.0.32-14_patch_03.ep5.el6
  • tomcat6-el-1.0-api-0:6.0.32-15.1_patch_03.ep5.el5
  • tomcat6-el-1.0-api-0:6.0.32-15_patch_03.ep5.el4
  • tomcat6-javadoc-0:6.0.32-14_patch_03.ep5.el6
  • tomcat6-javadoc-0:6.0.32-15.1_patch_03.ep5.el5
  • tomcat6-javadoc-0:6.0.32-15_patch_03.ep5.el4
  • tomcat6-jsp-2.1-api-0:6.0.32-14_patch_03.ep5.el6
  • tomcat6-jsp-2.1-api-0:6.0.32-15.1_patch_03.ep5.el5
  • tomcat6-jsp-2.1-api-0:6.0.32-15_patch_03.ep5.el4
  • tomcat6-lib-0:6.0.32-14_patch_03.ep5.el6
  • tomcat6-lib-0:6.0.32-15.1_patch_03.ep5.el5
  • tomcat6-lib-0:6.0.32-15_patch_03.ep5.el4
  • tomcat6-log4j-0:6.0.32-14_patch_03.ep5.el6
  • tomcat6-log4j-0:6.0.32-15.1_patch_03.ep5.el5
  • tomcat6-log4j-0:6.0.32-15_patch_03.ep5.el4
  • tomcat6-servlet-2.5-api-0:6.0.32-14_patch_03.ep5.el6
  • tomcat6-servlet-2.5-api-0:6.0.32-15.1_patch_03.ep5.el5
  • tomcat6-servlet-2.5-api-0:6.0.32-15_patch_03.ep5.el4
  • tomcat6-webapps-0:6.0.32-14_patch_03.ep5.el6
  • tomcat6-webapps-0:6.0.32-15.1_patch_03.ep5.el5
  • tomcat6-webapps-0:6.0.32-15_patch_03.ep5.el4
  • xalan-j2-0:2.7.1-5.3_patch_04.ep5.el4
  • xalan-j2-0:2.7.1-5.3_patch_04.ep5.el5
  • xalan-j2-0:2.7.1-5.3_patch_04.ep5.el6
  • xerces-j2-0:2.9.1-3.patch01.1.ep5.el4
  • xerces-j2-0:2.9.1-3.patch01.1.ep5.el5
  • xerces-j2-0:2.9.1-8.patch01.1.ep5.el6
  • xml-commons-0:1.3.04-7.10.jdk6.ep5.el5
  • xml-commons-0:1.3.04-7.14.ep5.el6
  • xml-commons-1:1.3.04-7.12.ep5.el4
  • xml-commons-jaxp-1.1-apis-0:1.3.04-7.14.ep5.el6
  • xml-commons-jaxp-1.2-apis-0:1.3.04-7.10.jdk6.ep5.el5
  • xml-commons-jaxp-1.2-apis-0:1.3.04-7.14.ep5.el6
  • xml-commons-jaxp-1.2-apis-1:1.3.04-7.12.ep5.el4
  • xml-commons-jaxp-1.3-apis-0:1.3.04-7.10.jdk6.ep5.el5
  • xml-commons-jaxp-1.3-apis-0:1.3.04-7.14.ep5.el6
  • xml-commons-jaxp-1.3-apis-1:1.3.04-7.12.ep5.el4
  • xml-commons-resolver10-0:1.3.04-7.14.ep5.el6
  • xml-commons-resolver11-0:1.3.04-7.14.ep5.el6
  • xml-commons-resolver12-0:1.3.04-7.10.jdk6.ep5.el5
  • xml-commons-resolver12-0:1.3.04-7.14.ep5.el6
  • xml-commons-resolver12-1:1.3.04-7.12.ep5.el4
  • xml-commons-which10-0:1.3.04-7.14.ep5.el6
  • xml-commons-which11-0:1.3.04-7.14.ep5.el6

References