Vulnerabilities > CVE-2010-2068 - Information Exposure vulnerability in Apache Http Server
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 9 | |
OS | 1 | |
OS | 1 | |
OS | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Subverting Environment Variable Values The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
- Footprinting An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
- Exploiting Trust in Client (aka Make the Client Invisible) An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
- Browser Fingerprinting An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
- Session Credential Falsification through Prediction This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
Nessus
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0659.NASL description Updated httpd packages that fix two security issues and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Apache HTTP Server is a popular web server. A flaw was discovered in the way the mod_proxy module of the Apache HTTP Server handled the timeouts of requests forwarded by a reverse proxy to the back-end server. If the proxy was configured to reuse existing back-end connections, it could return a response intended for another user under certain timeout conditions, possibly leading to information disclosure. (CVE-2010-2791) A flaw was found in the way the mod_dav module of the Apache HTTP Server handled certain requests. If a remote attacker were to send a carefully crafted request to the server, it could cause the httpd child process to crash. (CVE-2010-1452) This update also fixes the following bugs : * numerous issues in the INFLATE filter provided by mod_deflate. last seen 2020-06-01 modified 2020-06-02 plugin id 67078 published 2013-06-29 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67078 title CentOS 5 : httpd (CESA-2010:0659) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2010:0659 and # CentOS Errata and Security Advisory 2010:0659 respectively. # include("compat.inc"); if (description) { script_id(67078); script_version("1.14"); script_cvs_date("Date: 2019/10/25 13:36:05"); script_cve_id("CVE-2010-1452", "CVE-2010-2068", "CVE-2010-2791"); script_bugtraq_id(41963, 42102); script_xref(name:"RHSA", value:"2010:0659"); script_name(english:"CentOS 5 : httpd (CESA-2010:0659)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated httpd packages that fix two security issues and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Apache HTTP Server is a popular web server. A flaw was discovered in the way the mod_proxy module of the Apache HTTP Server handled the timeouts of requests forwarded by a reverse proxy to the back-end server. If the proxy was configured to reuse existing back-end connections, it could return a response intended for another user under certain timeout conditions, possibly leading to information disclosure. (CVE-2010-2791) A flaw was found in the way the mod_dav module of the Apache HTTP Server handled certain requests. If a remote attacker were to send a carefully crafted request to the server, it could cause the httpd child process to crash. (CVE-2010-1452) This update also fixes the following bugs : * numerous issues in the INFLATE filter provided by mod_deflate. 'Inflate error -5 on flush' errors may have been logged. This update upgrades mod_deflate to the newer upstream version from Apache HTTP Server 2.2.15. (BZ#625435) * the response would be corrupted if mod_filter applied the DEFLATE filter to a resource requiring a subrequest with an internal redirect. (BZ#625451) * the OID() function used in the mod_ssl 'SSLRequire' directive did not correctly evaluate extensions of an unknown type. (BZ#625452) All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect." ); # https://lists.centos.org/pipermail/centos-announce/2010-August/016958.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?032c0c92" ); # https://lists.centos.org/pipermail/centos-announce/2010-August/016959.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7fddb810" ); script_set_attribute( attribute:"solution", value:"Update the affected httpd packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:httpd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:httpd-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:httpd-manual"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mod_ssl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/06/18"); script_set_attribute(attribute:"patch_publication_date", value:"2010/08/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/06/29"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-5", reference:"httpd-2.2.3-43.el5.centos.3")) flag++; if (rpm_check(release:"CentOS-5", reference:"httpd-devel-2.2.3-43.el5.centos.3")) flag++; if (rpm_check(release:"CentOS-5", reference:"httpd-manual-2.2.3-43.el5.centos.3")) flag++; if (rpm_check(release:"CentOS-5", reference:"mod_ssl-2.2.3-43.el5.centos.3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd / httpd-devel / httpd-manual / mod_ssl"); }
NASL family Web Servers NASL id APACHE_2_2_16.NASL description According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.16. It is, therefore, potentially affected by multiple vulnerabilities : - A denial of service vulnerability in mod_cache and mod_dav. (CVE-2010-1452) - An information disclosure vulnerability in mod_proxy_ajp, mod_reqtimeout, and mod_proxy_http relating to timeout conditions. Note that this issue only affects Apache on Windows, Netware, and OS/2. (CVE-2010-2068) Note that the remote web server may not actually be affected by these vulnerabilities. Nessus did not try to determine whether the affected modules are in use or to check for the issues themselves. last seen 2020-06-01 modified 2020-06-02 plugin id 48205 published 2010-07-30 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/48205 title Apache 2.2.x < 2.2.16 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(48205); script_version("1.28"); script_cvs_date("Date: 2018/11/15 20:50:25"); script_cve_id("CVE-2010-1452", "CVE-2010-2068"); script_bugtraq_id(40827, 41963); script_xref(name:"Secunia", value:"40206"); script_name(english:"Apache 2.2.x < 2.2.16 Multiple Vulnerabilities"); script_summary(english:"Checks version in Server response header"); script_set_attribute(attribute:"synopsis", value: "The remote web server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.16. It is, therefore, potentially affected by multiple vulnerabilities : - A denial of service vulnerability in mod_cache and mod_dav. (CVE-2010-1452) - An information disclosure vulnerability in mod_proxy_ajp, mod_reqtimeout, and mod_proxy_http relating to timeout conditions. Note that this issue only affects Apache on Windows, Netware, and OS/2. (CVE-2010-2068) Note that the remote web server may not actually be affected by these vulnerabilities. Nessus did not try to determine whether the affected modules are in use or to check for the issues themselves." ); script_set_attribute(attribute:"see_also", value:"http://httpd.apache.org/security/vulnerabilities_22.html"); script_set_attribute(attribute:"see_also", value:"https://issues.apache.org/bugzilla/show_bug.cgi?id=49246"); script_set_attribute(attribute:"see_also", value:"https://bz.apache.org/bugzilla/show_bug.cgi?id=49417"); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ce8ac446"); script_set_attribute(attribute:"solution", value:"Upgrade to Apache version 2.2.16 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/06/11"); script_set_attribute(attribute:"patch_publication_date", value:"2010/07/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/30"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:http_server"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc."); script_dependencies("apache_http_version.nasl"); script_require_keys("installed_sw/Apache"); script_require_ports("Services/www", 80); exit(0); } include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("audit.inc"); include("install_func.inc"); get_install_count(app_name:"Apache", exit_if_zero:TRUE); port = get_http_port(default:80); install = get_single_install(app_name:"Apache", port:port, exit_if_unknown_ver:TRUE); # Check if we could get a version first, then check if it was # backported version = get_kb_item_or_exit('www/apache/'+port+'/version', exit_code:1); backported = get_kb_item_or_exit('www/apache/'+port+'/backported', exit_code:1); if (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, "Apache"); source = get_kb_item_or_exit('www/apache/'+port+'/source', exit_code:1); # Check if the version looks like either ServerTokens Major/Minor # was used if (version =~ '^2(\\.2)?$') exit(1, "The banner from the Apache server listening on port "+port+" - "+source+" - is not granular enough to make a determination."); if (version !~ "^\d+(\.\d+)*$") exit(1, "The version of Apache listening on port " + port + " - " + version + " - is non-numeric and, therefore, cannot be used to make a determination."); if (version =~ '^2\\.2' && ver_compare(ver:version, fix:'2.2.16') == -1) { if (report_verbosity > 0) { report = '\n Version source : ' + source + '\n Installed version : ' + version + '\n Fixed version : 2.2.16\n'; security_warning(port:port, extra:report); } else security_warning(port); exit(0); } else audit(AUDIT_LISTEN_NOT_VULN, "Apache", port, install["version"]);
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0659.NASL description From Red Hat Security Advisory 2010:0659 : Updated httpd packages that fix two security issues and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Apache HTTP Server is a popular web server. A flaw was discovered in the way the mod_proxy module of the Apache HTTP Server handled the timeouts of requests forwarded by a reverse proxy to the back-end server. If the proxy was configured to reuse existing back-end connections, it could return a response intended for another user under certain timeout conditions, possibly leading to information disclosure. (CVE-2010-2791) A flaw was found in the way the mod_dav module of the Apache HTTP Server handled certain requests. If a remote attacker were to send a carefully crafted request to the server, it could cause the httpd child process to crash. (CVE-2010-1452) This update also fixes the following bugs : * numerous issues in the INFLATE filter provided by mod_deflate. last seen 2020-06-01 modified 2020-06-02 plugin id 68091 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68091 title Oracle Linux 5 : httpd (ELSA-2010-0659) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2010:0659 and # Oracle Linux Security Advisory ELSA-2010-0659 respectively. # include("compat.inc"); if (description) { script_id(68091); script_version("1.13"); script_cvs_date("Date: 2019/10/25 13:36:08"); script_cve_id("CVE-2010-1452", "CVE-2010-2068", "CVE-2010-2791"); script_bugtraq_id(41963, 42102); script_xref(name:"RHSA", value:"2010:0659"); script_name(english:"Oracle Linux 5 : httpd (ELSA-2010-0659)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2010:0659 : Updated httpd packages that fix two security issues and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Apache HTTP Server is a popular web server. A flaw was discovered in the way the mod_proxy module of the Apache HTTP Server handled the timeouts of requests forwarded by a reverse proxy to the back-end server. If the proxy was configured to reuse existing back-end connections, it could return a response intended for another user under certain timeout conditions, possibly leading to information disclosure. (CVE-2010-2791) A flaw was found in the way the mod_dav module of the Apache HTTP Server handled certain requests. If a remote attacker were to send a carefully crafted request to the server, it could cause the httpd child process to crash. (CVE-2010-1452) This update also fixes the following bugs : * numerous issues in the INFLATE filter provided by mod_deflate. 'Inflate error -5 on flush' errors may have been logged. This update upgrades mod_deflate to the newer upstream version from Apache HTTP Server 2.2.15. (BZ#625435) * the response would be corrupted if mod_filter applied the DEFLATE filter to a resource requiring a subrequest with an internal redirect. (BZ#625451) * the OID() function used in the mod_ssl 'SSLRequire' directive did not correctly evaluate extensions of an unknown type. (BZ#625452) All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2010-August/001618.html" ); script_set_attribute( attribute:"solution", value:"Update the affected httpd packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:httpd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:httpd-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:httpd-manual"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mod_ssl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/06/18"); script_set_attribute(attribute:"patch_publication_date", value:"2010/08/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL5", reference:"httpd-2.2.3-43.0.1.el5_5.3")) flag++; if (rpm_check(release:"EL5", reference:"httpd-devel-2.2.3-43.0.1.el5_5.3")) flag++; if (rpm_check(release:"EL5", reference:"httpd-manual-2.2.3-43.0.1.el5_5.3")) flag++; if (rpm_check(release:"EL5", reference:"mod_ssl-2.2.3-43.0.1.el5_5.3")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd / httpd-devel / httpd-manual / mod_ssl"); }
NASL family Web Servers NASL id HPSMH_7_0_0_24.NASL description According to the web server last seen 2020-06-01 modified 2020-06-02 plugin id 58811 published 2012-04-20 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58811 title HP System Management Homepage < 7.0 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(58811); script_version("1.26"); script_cvs_date("Date: 2018/11/15 20:50:25"); script_cve_id( "CVE-2009-0037", "CVE-2010-0734", "CVE-2010-1452", "CVE-2010-1623", "CVE-2010-2068", "CVE-2010-2791", "CVE-2010-3436", "CVE-2010-4409", "CVE-2010-4645", "CVE-2011-0014", "CVE-2011-0195", "CVE-2011-0419", "CVE-2011-1148", "CVE-2011-1153", "CVE-2011-1464", "CVE-2011-1467", "CVE-2011-1468", "CVE-2011-1470", "CVE-2011-1471", "CVE-2011-1928", "CVE-2011-1938", "CVE-2011-1945", "CVE-2011-2192", "CVE-2011-2202", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-3189", "CVE-2011-3192", "CVE-2011-3207", "CVE-2011-3210", "CVE-2011-3267", "CVE-2011-3268", "CVE-2011-3348", "CVE-2011-3368", "CVE-2011-3639", "CVE-2011-3846", "CVE-2012-0135", "CVE-2012-1993" ); script_bugtraq_id( 33962, 38162, 40827, 41963, 42102, 43673, 44723, 45119, 45668, 46264, 46843, 46854, 46968, 46969, 46975, 46977, 47668, 47820, 47888, 47929, 47950, 48259, 48434, 49241, 49249, 49303, 49376, 49469, 49471, 49616, 49957, 52974, 53121 ); script_name(english:"HP System Management Homepage < 7.0 Multiple Vulnerabilities"); script_summary(english:"Does a banner check"); script_set_attribute( attribute:"synopsis", value:"The remote web server is affected by multiple vulnerabilities." ); script_set_attribute( attribute:"description", value: "According to the web server's banner, the version of HP System Management Homepage (SMH) hosted on the remote host is earlier than 7.0. As such, it is reportedly affected by the following vulnerabilities : - An error exists in the 'generate-id' function in the bundled libxslt library that can allow disclosure of heap memory addresses. (CVE-2011-0195) - An unspecified input validation error exists and can allow cross-site request forgery attacks. (CVE-2011-3846) - Unspecified errors can allow attackers to carry out denial of service attacks via unspecified vectors. (CVE-2012-0135, CVE-2012-1993) - The bundled version of PHP contains multiple vulnerabilities. (CVE-2010-3436, CVE-2010-4409, CVE-2010-4645, CVE-2011-1148, CVE-2011-1153, CVE-2011-1464, CVE-2011-1467, CVE-2011-1468, CVE-2011-1470, CVE-2011-1471, CVE-2011-1938, CVE-2011-2202, CVE-2011-2483, CVE-2011-3182, CVE-2011-3189, CVE-2011-3267, CVE-2011-3268) - The bundled version of Apache contains multiple vulnerabilities. (CVE-2010-1452, CVE-2010-1623, CVE-2010-2068, CVE-2010-2791, CVE-2011-0419, CVE-2011-1928, CVE-2011-3192, CVE-2011-3348, CVE-2011-3368, CVE-2011-3639) - OpenSSL libraries are contained in several of the bundled components and contain multiple vulnerabilities. (CVE-2011-0014, CVE-2011-1468, CVE-2011-1945, CVE-2011-3207,CVE-2011-3210) - Curl libraries are contained in several of the bundled components and contain multiple vulnerabilities. (CVE-2009-0037, CVE-2010-0734, CVE-2011-2192)" ); script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?106ec533" ); script_set_attribute( attribute:"solution", value:"Upgrade to HP System Management Homepage 7.0 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploithub_sku", value:"EH-14-410"); script_set_attribute(attribute:"exploit_framework_exploithub", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(352); script_set_attribute(attribute:"vuln_publication_date", value:"2012/04/16"); script_set_attribute(attribute:"patch_publication_date", value:"2012/04/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/20"); script_set_attribute(attribute:"cpe", value:"cpe:/a:hp:system_management_homepage"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_dependencies("compaq_wbem_detect.nasl"); script_require_keys("www/hp_smh"); script_require_ports("Services/www", 2301, 2381); exit(0); } include("global_settings.inc"); include("audit.inc"); include("misc_func.inc"); include("http.inc"); include("webapp_func.inc"); port = get_http_port(default:2381, embedded:TRUE); install = get_install_from_kb(appname:'hp_smh', port:port, exit_on_fail:TRUE); dir = install['dir']; version = install['ver']; prod = get_kb_item_or_exit("www/"+port+"/hp_smh/variant"); if (version == UNKNOWN_VER) exit(1, 'The version of '+prod+' installed at '+build_url(port:port, qs:dir+"/")+' is unknown.'); # nb: 'version' can have non-numeric characters in it so we'll create # an alternate form and make sure that's safe for use in 'ver_compare()'. version_alt = ereg_replace(pattern:"[_-]", replace:".", string:version); if (!ereg(pattern:"^[0-9][0-9.]+$", string:version_alt)) exit(1, 'The version of '+prod+' installed at '+build_url(port:port, qs:dir+"/")+' does not look valid ('+version+').'); fixed_version = '7.0.0.24'; if (ver_compare(ver:version_alt, fix:fixed_version, strict:FALSE) == -1) { set_kb_item(name:'www/'+port+'/XSS', value:TRUE); set_kb_item(name:'www/'+port+'/XSRF', value:TRUE); if (report_verbosity > 0) { source_line = get_kb_item("www/"+port+"/hp_smh/source"); report = '\n Product : ' + prod; if (!isnull(source_line)) report += '\n Version source : ' + source_line; report += '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else audit(AUDIT_LISTEN_NOT_VULN, prod, port, version);
NASL family Web Servers NASL id HPSMH_6_2_0_12.NASL description According to its self-reported version number, the HP System Management Homepage install on the remote host is earlier than 6.2. Such versions are reportedly affected by the following vulnerabilities : - Session renegotiations are not handled properly, which could be exploited to insert arbitrary plaintext in a man-in-the-middle attack. (CVE-2009-3555) - An attacker may be able to upload files using a POST request with last seen 2020-06-01 modified 2020-06-02 plugin id 49272 published 2010-09-17 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49272 title HP System Management Homepage < 6.2 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(49272); script_version("1.23"); script_cvs_date("Date: 2018/11/15 20:50:25"); script_cve_id( "CVE-2009-3555", "CVE-2009-4017", "CVE-2009-4018", "CVE-2009-4143", "CVE-2010-1586", "CVE-2010-2068", "CVE-2010-3009", "CVE-2010-3011", "CVE-2010-3012", "CVE-2010-3283", "CVE-2010-3284" ); script_bugtraq_id( 36935, 37079, 37138, 37390, 43208, 43269, 43334, 43423, 43462, 43463 ); script_name(english:"HP System Management Homepage < 6.2 Multiple Vulnerabilities"); script_summary(english:"Does a banner check"); script_set_attribute(attribute:"synopsis", value:"The remote web server is affected by multiple vulnerabilities."); script_set_attribute( attribute:"description", value: "According to its self-reported version number, the HP System Management Homepage install on the remote host is earlier than 6.2. Such versions are reportedly affected by the following vulnerabilities : - Session renegotiations are not handled properly, which could be exploited to insert arbitrary plaintext in a man-in-the-middle attack. (CVE-2009-3555) - An attacker may be able to upload files using a POST request with 'multipart/form-data' content even if the target script doesn't actually support file uploads per se. (CVE-2009-4017) - PHP's 'proc_open' function can be abused to bypass 'safe_mode_allowed_env_vars' and 'safe_mode_protected_env_vars' directives. (CVE-2009-4018) - PHP does not properly protect session data as relates to interrupt corruption of '$_SESSION' and the 'session.save_path' directive. (CVE-2009-4143) - The application allows arbitrary URL redirections. (CVE-2010-1586 and CVE-2010-3283) - An information disclosure vulnerability exists in Apache's mod_proxy_ajp, mod_reqtimeout, and mod_proxy_http relating to timeout conditions. Note that this issue only affects SMH on Windows. (CVE-2010-2068) - An as-yet unspecified information disclosure vulnerability may allow an authorized user to gain access to sensitive information, which in turn could be leveraged to obtain root access on Linux installs of SMH. (CVE-2010-3009) - There is an as-yet unspecified HTTP response splitting issue. (CVE-2010-3011) - There is an as-yet unspecified cross-site scripting issue. (CVE-2010-3012) - An as-yet unspecified vulnerability could lead to remote disclosure of sensitive information. (CVE-2010-3284)" ); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/513684/30/0/threaded"); script_set_attribute( attribute:"see_also", value:"https://www.securityfocus.com/archive/1/513771/30/0/threaded" ); script_set_attribute( attribute:"see_also", value:"https://www.securityfocus.com/archive/1/513840/30/0/threaded" ); script_set_attribute( attribute:"see_also", value:"https://www.securityfocus.com/archive/1/513917/30/0/threaded" ); script_set_attribute( attribute:"see_also", value:"https://www.securityfocus.com/archive/1/513918/30/0/threaded" ); script_set_attribute( attribute:"see_also", value:"https://www.securityfocus.com/archive/1/513920/30/0/threaded" ); script_set_attribute(attribute:"solution", value:"Upgrade to HP System Management Homepage 6.2.0 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(264, 310); script_set_attribute(attribute:"vuln_publication_date", value:"2009/07/23"); script_set_attribute(attribute:"patch_publication_date", value:"2010/08/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/17"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:hp:system_management_homepage"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc."); script_dependencies("compaq_wbem_detect.nasl"); script_require_keys("www/hp_smh"); script_require_ports("Services/www", 2301, 2381); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("webapp_func.inc"); port = get_http_port(default:2381, embedded:TRUE); install = get_install_from_kb(appname:'hp_smh', port:port, exit_on_fail:TRUE); dir = install['dir']; version = install['ver']; prod = get_kb_item_or_exit("www/"+port+"/hp_smh/variant"); if (version == UNKNOWN_VER) exit(1, 'The version of '+prod+' installed at '+build_url(port:port, qs:dir+"/")+' is unknown.'); # nb: 'version' can have non-numeric characters in it so we'll create # an alternate form and make sure that's safe for use in 'ver_compare()'. version_alt = ereg_replace(pattern:"[_-]", replace:".", string:version); if (!ereg(pattern:"^[0-9][0-9.]+$", string:version_alt)) exit(1, 'The version of '+prod+' installed at '+build_url(port:port, qs:dir+"/")+' does not look valid ('+version+').'); # NB: while 6.2.0.12 is the fix for Linux and 6.2.0.13 is the fix for # Windows, there is no way to infer OS from the banner. Since # there is no 6.2.0.12 publicly released for Windows, this check # should be "Good Enough". fixed_version = '6.2.0.12'; if (ver_compare(ver:version_alt, fix:fixed_version, strict:FALSE) == -1) { if (report_verbosity > 0) { source_line = get_kb_item("www/"+port+"/hp_smh/source"); report = '\n Product : ' + prod; if (!isnull(source_line)) report += '\n Version source : ' + source_line; report += '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else exit(0, prod+" "+version+" is listening on port "+port+" and is not affected.");
NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL23332326.NASL description mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions. (CVE-2010-2791) last seen 2020-06-01 modified 2020-06-02 plugin id 87660 published 2015-12-30 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87660 title F5 Networks BIG-IP : Apache HTTPD vulnerability (K23332326) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from F5 Networks BIG-IP Solution K23332326. # # The text description of this plugin is (C) F5 Networks. # include("compat.inc"); if (description) { script_id(87660); script_version("2.9"); script_cvs_date("Date: 2019/01/04 10:03:40"); script_cve_id("CVE-2010-2068", "CVE-2010-2791"); script_bugtraq_id(40827, 42102); script_name(english:"F5 Networks BIG-IP : Apache HTTPD vulnerability (K23332326)"); script_summary(english:"Checks the BIG-IP version."); script_set_attribute( attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch." ); script_set_attribute( attribute:"description", value: "mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions. (CVE-2010-2791)" ); script_set_attribute( attribute:"see_also", value:"https://support.f5.com/csp/article/K23332326" ); script_set_attribute( attribute:"solution", value: "Upgrade to one of the non-vulnerable versions listed in the F5 Solution K23332326." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_wan_optimization_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator"); script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip"); script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip_protocol_security_manager"); script_set_attribute(attribute:"patch_publication_date", value:"2015/12/29"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"F5 Networks Local Security Checks"); script_dependencies("f5_bigip_detect.nbin"); script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version", "Settings/ParanoidReport"); exit(0); } include("f5_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); version = get_kb_item("Host/BIG-IP/version"); if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP"); if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix"); if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules"); sol = "K23332326"; vmatrix = make_array(); if (report_paranoia < 2) audit(AUDIT_PARANOID); # APM vmatrix["APM"] = make_array(); vmatrix["APM"]["affected" ] = make_list("10.1.0-10.2.4"); vmatrix["APM"]["unaffected"] = make_list("12.0.0","11.0.0-11.6.0"); # ASM vmatrix["ASM"] = make_array(); vmatrix["ASM"]["affected" ] = make_list("10.1.0-10.2.4"); vmatrix["ASM"]["unaffected"] = make_list("12.0.0","11.0.0-11.6.0"); # GTM vmatrix["GTM"] = make_array(); vmatrix["GTM"]["affected" ] = make_list("10.1.0-10.2.4"); vmatrix["GTM"]["unaffected"] = make_list("11.0.0-11.6.0"); # LC vmatrix["LC"] = make_array(); vmatrix["LC"]["affected" ] = make_list("10.1.0-10.2.4"); vmatrix["LC"]["unaffected"] = make_list("12.0.0","11.0.0-11.6.0"); # LTM vmatrix["LTM"] = make_array(); vmatrix["LTM"]["affected" ] = make_list("10.1.0-10.2.4"); vmatrix["LTM"]["unaffected"] = make_list("12.0.0","11.0.0-11.6.0"); # PSM vmatrix["PSM"] = make_array(); vmatrix["PSM"]["affected" ] = make_list("10.1.0-10.2.4"); vmatrix["PSM"]["unaffected"] = make_list("11.0.0-11.4.1"); # WAM vmatrix["WAM"] = make_array(); vmatrix["WAM"]["affected" ] = make_list("10.1.0-10.2.4"); vmatrix["WAM"]["unaffected"] = make_list("11.0.0-11.3.0"); # WOM vmatrix["WOM"] = make_array(); vmatrix["WOM"]["affected" ] = make_list("10.1.0-10.2.4"); vmatrix["WOM"]["unaffected"] = make_list("11.0.0-11.3.0"); if (bigip_is_affected(vmatrix:vmatrix, sol:sol)) { if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get()); else security_warning(0); exit(0); } else { tested = bigip_get_tested_modules(); audit_extra = "For BIG-IP module(s) " + tested + ","; if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version); else audit(AUDIT_HOST_NOT, "running any of the affected modules"); }
NASL family MacOS X Local Security Checks NASL id MACOSX_10_6_7.NASL description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.7. Mac OS X 10.6.7 contains security fixes for the following products : - AirPort - Apache - AppleScript - ATS - bzip2 - CarbonCore - ClamAV - CoreText - File Quarantine - HFS - ImageIO - Image RAW - Installer - Kerberos - Kernel - Libinfo - libxml - Mailman - PHP - QuickLook - QuickTime - Ruby - Samba - Subversion - Terminal - X11 last seen 2020-06-01 modified 2020-06-02 plugin id 52754 published 2011-03-22 reporter This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/52754 title Mac OS X 10.6.x < 10.6.7 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if (NASL_LEVEL < 3000) exit(0); # Avoid problems with large number of xrefs. include("compat.inc"); if (description) { script_id(52754); script_version("1.33"); script_cvs_date("Date: 2018/08/22 16:49:14"); script_cve_id( "CVE-2006-7243", "CVE-2010-0405", "CVE-2010-1323", "CVE-2010-1324", "CVE-2010-1452", "CVE-2010-2068", "CVE-2010-2950", "CVE-2010-3069", "CVE-2010-3089", "CVE-2010-3315", "CVE-2010-3434", "CVE-2010-3709", "CVE-2010-3710", "CVE-2010-3801", "CVE-2010-3802", "CVE-2010-3814", "CVE-2010-3855", "CVE-2010-3870", "CVE-2010-4008", "CVE-2010-4009", "CVE-2010-4020", "CVE-2010-4021", "CVE-2010-4150", "CVE-2010-4260", "CVE-2010-4261", "CVE-2010-4409", "CVE-2010-4479", "CVE-2010-4494", "CVE-2011-0170", "CVE-2011-0172", "CVE-2011-0173", "CVE-2011-0174", "CVE-2011-0175", "CVE-2011-0176", "CVE-2011-0177", "CVE-2011-0178", "CVE-2011-0179", "CVE-2011-0180", "CVE-2011-0181", "CVE-2011-0182", "CVE-2011-0183", "CVE-2011-0184", "CVE-2011-0186", "CVE-2011-0187", "CVE-2011-0188", "CVE-2011-0189", "CVE-2011-0190", "CVE-2011-0191", "CVE-2011-0192", "CVE-2011-0193", "CVE-2011-0194", "CVE-2011-1417" ); script_bugtraq_id( 40827, 43212, 43555, 43926, 44214, 44605, 44643, 44718, 44779, 44980, 45116, 45117, 45118, 45119, 45122, 45152, 46832, 46965, 46966, 46971, 46972, 46973, 46982, 46984, 46987, 46988, 46989, 46990, 46991, 46992, 46993, 46994, 46995, 46996, 46997, 47023 ); script_xref(name:"EDB-ID", value:"17901"); script_xref(name:"IAVB", value:"2010-B-0083"); script_name(english:"Mac OS X 10.6.x < 10.6.7 Multiple Vulnerabilities"); script_summary(english:"Check the version of Mac OS X"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes several security issues." ); script_set_attribute( attribute:"description", value: "The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.7. Mac OS X 10.6.7 contains security fixes for the following products : - AirPort - Apache - AppleScript - ATS - bzip2 - CarbonCore - ClamAV - CoreText - File Quarantine - HFS - ImageIO - Image RAW - Installer - Kerberos - Kernel - Libinfo - libxml - Mailman - PHP - QuickLook - QuickTime - Ruby - Samba - Subversion - Terminal - X11" ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/HT4581" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" ); script_set_attribute( attribute:"solution", value:"Upgrade to Mac OS X 10.6.7 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"vuln_publication_date", value:"2006/12/18"); script_set_attribute(attribute:"patch_publication_date", value:"2011/03/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/03/22"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_set_attribute(attribute:"stig_severity", value:"II"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl"); exit(0); } os = get_kb_item("Host/MacOSX/Version"); if (!os) { os = get_kb_item("Host/OS"); if (isnull(os)) exit(0, "The 'Host/OS' KB item is missing."); if ("Mac OS X" >!< os) exit(0, "The host does not appear to be running Mac OS X."); c = get_kb_item("Host/OS/Confidence"); if (c <= 70) exit(1, "Can't determine the host's OS with sufficient confidence."); } if (!os) exit(0, "The host does not appear to be running Mac OS X."); if (ereg(pattern:"Mac OS X 10\.6($|\.[0-6]([^0-9]|$))", string:os)) security_hole(0); else exit(0, "The host is not affected as it is running "+os+".");
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-153.NASL description Multiple vulnerabilities has been found and corrected in apache : The mod_cache and mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path (CVE-2010-1452). mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions (CVE-2010-2791). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 48347 published 2010-08-17 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/48347 title Mandriva Linux Security Advisory : apache (MDVSA-2010:153) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2010:153. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(48347); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:53"); script_cve_id("CVE-2010-1452", "CVE-2010-2791"); script_xref(name:"MDVSA", value:"2010:153"); script_name(english:"Mandriva Linux Security Advisory : apache (MDVSA-2010:153)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities has been found and corrected in apache : The mod_cache and mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path (CVE-2010-1452). mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions (CVE-2010-2791). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 The updated packages have been patched to correct these issues." ); script_set_attribute( attribute:"see_also", value:"http://httpd.apache.org/security/vulnerabilities_22.html" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-htcacheclean"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_authn_dbd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_cache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_dav"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_dbd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_deflate"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_disk_cache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_file_cache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_mem_cache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_proxy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_proxy_ajp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_ssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_userdir"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-modules"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mpm-event"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mpm-itk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mpm-peruser"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mpm-prefork"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mpm-worker"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-source"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0"); script_set_attribute(attribute:"patch_publication_date", value:"2010/08/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/08/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2009.0", reference:"apache-base-2.2.9-12.10mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"apache-devel-2.2.9-12.10mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"apache-htcacheclean-2.2.9-12.10mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"apache-mod_authn_dbd-2.2.9-12.10mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"apache-mod_cache-2.2.9-12.10mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"apache-mod_dav-2.2.9-12.10mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"apache-mod_dbd-2.2.9-12.10mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"apache-mod_deflate-2.2.9-12.10mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"apache-mod_disk_cache-2.2.9-12.10mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"apache-mod_file_cache-2.2.9-12.10mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"apache-mod_ldap-2.2.9-12.10mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"apache-mod_mem_cache-2.2.9-12.10mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"apache-mod_proxy-2.2.9-12.10mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"apache-mod_proxy_ajp-2.2.9-12.10mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"apache-mod_ssl-2.2.9-12.10mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"apache-mod_userdir-2.2.9-12.10mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"apache-modules-2.2.9-12.10mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"apache-mpm-event-2.2.9-12.10mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"apache-mpm-itk-2.2.9-12.10mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"apache-mpm-peruser-2.2.9-12.10mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"apache-mpm-prefork-2.2.9-12.10mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"apache-mpm-worker-2.2.9-12.10mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"apache-source-2.2.9-12.10mdv2009.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Web Servers NASL id ORACLE_HTTP_SERVER_CPU_JUL_2013.NASL description According to its banner, the version of Oracle HTTP Server installed on the remote host is potentially affected by multiple vulnerabilities. Note that Nessus did not verify if patches or workarounds have been applied. last seen 2020-06-01 modified 2020-06-02 plugin id 69301 published 2013-08-11 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69301 title Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(69301); script_version("1.11"); script_cvs_date("Date: 2018/11/15 20:50:25"); script_cve_id( "CVE-2005-3352", "CVE-2006-5752", "CVE-2007-3847", "CVE-2007-5000", "CVE-2007-6388", "CVE-2008-2364", "CVE-2010-0425", "CVE-2010-0434", "CVE-2010-2068", "CVE-2011-0419", "CVE-2011-3348", "CVE-2012-2687" ); script_bugtraq_id( 15834, 24645, 25489, 26838, 27237, 29653, 38494, 40827, 47820, 49616, 55131 ); script_xref(name:"CERT", value:"280613"); script_name(english:"Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities"); script_summary(english:"Checks version of Oracle HTTP Server"); script_set_attribute( attribute:"synopsis", value:"The remote web server may be affected by multiple vulnerabilities." ); script_set_attribute( attribute:"description", value: "According to its banner, the version of Oracle HTTP Server installed on the remote host is potentially affected by multiple vulnerabilities. Note that Nessus did not verify if patches or workarounds have been applied." ); # https://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e1cbd417"); # https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=45348489407964&id=1548709.1 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2e9008fd"); # https://support.oracle.com/epmos/faces/ui/patch/PatchDetail.jspx?patchId=16802903 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2ab0c223"); script_set_attribute(attribute:"solution", value:"Apply the July 2013 CPU."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(79, 200, 399); script_set_attribute(attribute:"vuln_publication_date", value:"2013/07/16"); script_set_attribute(attribute:"patch_publication_date", value:"2013/07/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/11"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:http_server"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_dependencies("oracle_http_server_version.nasl"); script_require_keys("www/oracle", "Settings/PCI_DSS"); script_require_ports("Services/www", 80); exit(0); } include("audit.inc"); include("global_settings.inc"); include("http.inc"); include("misc_func.inc"); # Only PCI considers this an issue. if (!get_kb_item("Settings/PCI_DSS")) audit(AUDIT_PCI); port = get_http_port(default:80); # Make sure this is Oracle. get_kb_item_or_exit("www/"+port+"/oracle"); # Get version information from the KB. version = get_kb_item_or_exit("www/oracle/"+port+"/version", exit_code:1); source = get_kb_item_or_exit("www/oracle/"+port+"/source", exit_code:1); # Check if the remote server is affected. There is a patch in the CPU # for this version. No other versions can be patched by this CPU. if (version != "10.1.3.5.0") audit(AUDIT_LISTEN_NOT_VULN, "Oracle Application Server", port, version); set_kb_item(name:'www/'+port+'/XSS', value:TRUE); if (report_verbosity > 0) { report = '\n Version source : ' + source + '\n Installed version : ' + version + '\n'; security_hole(port:port, extra:report); } else security_hole(port);
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0659.NASL description Updated httpd packages that fix two security issues and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Apache HTTP Server is a popular web server. A flaw was discovered in the way the mod_proxy module of the Apache HTTP Server handled the timeouts of requests forwarded by a reverse proxy to the back-end server. If the proxy was configured to reuse existing back-end connections, it could return a response intended for another user under certain timeout conditions, possibly leading to information disclosure. (CVE-2010-2791) A flaw was found in the way the mod_dav module of the Apache HTTP Server handled certain requests. If a remote attacker were to send a carefully crafted request to the server, it could cause the httpd child process to crash. (CVE-2010-1452) This update also fixes the following bugs : * numerous issues in the INFLATE filter provided by mod_deflate. last seen 2020-06-01 modified 2020-06-02 plugin id 48934 published 2010-08-31 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/48934 title RHEL 5 : httpd (RHSA-2010:0659) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2010:0659. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(48934); script_version ("1.27"); script_cvs_date("Date: 2019/10/25 13:36:15"); script_cve_id("CVE-2010-1452", "CVE-2010-2068", "CVE-2010-2791"); script_bugtraq_id(41963, 42102); script_xref(name:"RHSA", value:"2010:0659"); script_name(english:"RHEL 5 : httpd (RHSA-2010:0659)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated httpd packages that fix two security issues and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Apache HTTP Server is a popular web server. A flaw was discovered in the way the mod_proxy module of the Apache HTTP Server handled the timeouts of requests forwarded by a reverse proxy to the back-end server. If the proxy was configured to reuse existing back-end connections, it could return a response intended for another user under certain timeout conditions, possibly leading to information disclosure. (CVE-2010-2791) A flaw was found in the way the mod_dav module of the Apache HTTP Server handled certain requests. If a remote attacker were to send a carefully crafted request to the server, it could cause the httpd child process to crash. (CVE-2010-1452) This update also fixes the following bugs : * numerous issues in the INFLATE filter provided by mod_deflate. 'Inflate error -5 on flush' errors may have been logged. This update upgrades mod_deflate to the newer upstream version from Apache HTTP Server 2.2.15. (BZ#625435) * the response would be corrupted if mod_filter applied the DEFLATE filter to a resource requiring a subrequest with an internal redirect. (BZ#625451) * the OID() function used in the mod_ssl 'SSLRequire' directive did not correctly evaluate extensions of an unknown type. (BZ#625452) All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-1452" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-2791" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2010:0659" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-manual"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_ssl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/06/18"); script_set_attribute(attribute:"patch_publication_date", value:"2010/08/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/08/31"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2010:0659"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"httpd-2.2.3-43.el5_5.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"httpd-2.2.3-43.el5_5.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"httpd-2.2.3-43.el5_5.3")) flag++; if (rpm_check(release:"RHEL5", reference:"httpd-devel-2.2.3-43.el5_5.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"httpd-manual-2.2.3-43.el5_5.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"httpd-manual-2.2.3-43.el5_5.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"httpd-manual-2.2.3-43.el5_5.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"mod_ssl-2.2.3-43.el5_5.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"mod_ssl-2.2.3-43.el5_5.3")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"mod_ssl-2.2.3-43.el5_5.3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd / httpd-devel / httpd-manual / mod_ssl"); } }
NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2011-001.NASL description The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2011-001 applied. This security update contains fixes for the following products : - Apache - bzip2 - ClamAV - ImageIO - Kerberos - Libinfo - libxml - Mailman - PHP - QuickLook - Ruby - X11 last seen 2020-06-01 modified 2020-06-02 plugin id 52753 published 2011-03-22 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/52753 title Mac OS X Multiple Vulnerabilities (Security Update 2011-001) code # # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if (NASL_LEVEL < 3000) exit(0); # Avoid problems with large number of xrefs. include("compat.inc"); if (description) { script_id(52753); script_version("1.23"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id( "CVE-2010-0405", "CVE-2010-1323", "CVE-2010-1452", "CVE-2010-2068", "CVE-2010-3089", "CVE-2010-3434", "CVE-2010-3436", "CVE-2010-3709", "CVE-2010-3814", "CVE-2010-3855", "CVE-2010-4008", "CVE-2010-4150", "CVE-2010-4260", "CVE-2010-4261", "CVE-2010-4479", "CVE-2011-0170", "CVE-2011-0181", "CVE-2011-0183", "CVE-2011-0188", "CVE-2011-0191", "CVE-2011-0192", "CVE-2011-1417" ); script_bugtraq_id( 40827, 43555, 44214, 44643, 44718, 44723, 44779, 44980, 45118, 45152, 46832, 46966, 46990, 46996 ); script_xref(name:"IAVB", value:"2010-B-0083"); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2011-001)"); script_summary(english:"Check for the presence of Security Update 2011-001"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes several security issues." ); script_set_attribute( attribute:"description", value: "The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2011-001 applied. This security update contains fixes for the following products : - Apache - bzip2 - ClamAV - ImageIO - Kerberos - Libinfo - libxml - Mailman - PHP - QuickLook - Ruby - X11" ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/HT4581" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" ); script_set_attribute( attribute:"solution", value:"Install Security Update 2011-001 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/06/11"); script_set_attribute(attribute:"patch_publication_date", value:"2011/03/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/03/22"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_set_attribute(attribute:"stig_severity", value:"II"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages", "Host/uname"); exit(0); } uname = get_kb_item("Host/uname"); if (!uname) exit(0, "The 'Host/uname' KB item is missing."); pat = "^.+Darwin.* ([0-9]+\.[0-9.]+).*$"; if (!ereg(pattern:pat, string:uname)) exit(0, "Can't identify the Darwin kernel version from the uname output ("+uname+")."); darwin = ereg_replace(pattern:pat, replace:"\1", string:uname); if (ereg(pattern:"^9\.[0-8]\.", string:darwin)) { packages = get_kb_item("Host/MacOSX/packages/boms"); if (!packages) exit(1, "The 'Host/MacOSX/packages/boms' KB item is missing."); if (egrep(pattern:"^com\.apple\.pkg\.update\.security\.(2011\.00[1-9]|201[2-9]\.[0-9]+)(\.leopard)?\.bom", string:packages)) exit(0, "The host has Security Update 2011-001 or later installed and therefore is not affected."); else security_hole(0); } else exit(0, "The host is running Darwin kernel version "+darwin+" and therefore is not affected.");
Oval
accepted 2011-08-22T04:00:05.798-04:00 class vulnerability contributors name J. Daniel Brown organization DTCC name Shane Shaffer organization G2, Inc. name Maria Kedovskaya organization ALTX-SOFT name Maria Mikhno organization ALTX-SOFT
definition_extensions comment Apache HTTP Server 2.2.x is installed on the system oval oval:org.mitre.oval:def:8550 description mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. family windows id oval:org.mitre.oval:def:11491 status deprecated submitted 2010-07-27T17:30:00.000-05:00 title DEPRECATED: Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability version 11 accepted 2014-07-14T04:01:26.478-04:00 class vulnerability contributors name J. Daniel Brown organization DTCC name Shane Shaffer organization G2, Inc. name Maria Mikhno organization ALTX-SOFT
definition_extensions comment Apache HTTP Server 2.2.x is installed on the system oval oval:org.mitre.oval:def:8550 description mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. family windows id oval:org.mitre.oval:def:6931 status accepted submitted 2010-06-14T12:30:00.000-05:00 title Apache 'mod_proxy_http' Timeout Detection Vulnerability version 11
Redhat
advisories |
|
Seebug
bulletinFamily exploit description BUGTRAQ ID: 40827 CVE ID: CVE-2010-2068 Apache HTTP Server是一款流行的Web服务器。 Apache HTTP Server的mod_proxy_http模块中的mod_proxy_http.c文件没有正确地检测超时,在某些超时情况下服务器可能返回属于其他用户的响应,导致泄漏敏感信息。仅有可触发使用代理worker池的配置才受影响。 Apache 2.2.x 厂商补丁: Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://httpd.apache.org/security/vulnerabilities_22.html id SSV:19828 last seen 2017-11-19 modified 2010-06-21 published 2010-06-21 reporter Root title Apache mod_proxy_http模块超时处理信息泄露漏洞 bulletinFamily exploit description BUGTRAQ ID: 42102 CVE(CAN) ID: CVE-2010-2791 Apache HTTP Server是一款流行的Web服务器。 Apache HTTP Server的mod_proxy_http模块中的mod_proxy_http.c文件没有正确地检测超时,在某些超时情况下服务器可能返回属于其他用户的响应,导致泄漏敏感信息。仅有可触发使用代理worker池的配置才受影响。 该漏洞与CVE-2010-2068中所述漏洞相同,但影响的是Unix系统上的httpd。 Apache 2.2.9 厂商补丁: Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://svn.apache.org/viewvc?view=revision&revision=699841 id SSV:20012 last seen 2017-11-19 modified 2010-08-03 published 2010-08-03 reporter Root title Unix平台Apache mod_proxy_http模块超时处理信息泄露漏洞
References
- http://www.vupen.com/english/advisories/2010/1436
- http://www.apache.org/dist/httpd/patches/apply_to_2.3.5/CVE-2010-2068-r953418.patch
- http://securitytracker.com/id?1024096
- http://www.securityfocus.com/bid/40827
- http://httpd.apache.org/security/vulnerabilities_22.html
- http://www.apache.org/dist/httpd/patches/apply_to_2.2.15/CVE-2010-2068-r953616.patch
- http://secunia.com/advisories/40206
- http://marc.info/?l=apache-announce&m=128009718610929&w=2
- http://secunia.com/advisories/41490
- http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
- http://secunia.com/advisories/41480
- http://www.ibm.com/support/docview.wss?uid=swg1PM16366
- http://secunia.com/advisories/41722
- http://support.apple.com/kb/HT4581
- http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
- http://www.redhat.com/support/errata/RHSA-2011-0896.html
- http://secunia.com/advisories/40824
- http://www-01.ibm.com/support/docview.wss?uid=nas352ca0ac9460f9b8886257777005dd0e4
- http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
- http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
- https://exchange.xforce.ibmcloud.com/vulnerabilities/59413
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6931
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11491
- http://www.securityfocus.com/archive/1/511809/100/0/threaded
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E
- http://mail-archives.apache.org/mod_mbox/httpd-announce/201006.mbox/%3C4C12933D.4060400%40apache.org%3E
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E