Vulnerabilities > CVE-2012-0883
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
Vulnerable Configurations
Nessus
NASL family Web Servers NASL id APACHE_2_2_23.NASL description According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.23. It is, therefore, potentially affected by the following vulnerabilities : - The utility last seen 2020-06-01 modified 2020-06-02 plugin id 62101 published 2012-09-14 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62101 title Apache 2.2.x < 2.2.23 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(62101); script_version("1.15"); script_cvs_date("Date: 2018/06/29 12:01:03"); script_cve_id("CVE-2012-0883", "CVE-2012-2687"); script_bugtraq_id(53046, 55131); script_name(english:"Apache 2.2.x < 2.2.23 Multiple Vulnerabilities"); script_summary(english:"Checks version in Server response header"); script_set_attribute(attribute:"synopsis", value: "The remote web server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.23. It is, therefore, potentially affected by the following vulnerabilities : - The utility 'apachectl' can receive a zero-length directory name in the LD_LIBRARY_PATH via the 'envvars' file. A local attacker with access to that utility could exploit this to load a malicious Dynamic Shared Object (DSO), leading to arbitrary code execution. (CVE-2012-0883) - An input validation error exists related to 'mod_negotiation', 'Multiviews' and untrusted uploads that can allow cross-site scripting attacks. (CVE-2012-2687) Note that Nessus has not tested for these flaws but has instead relied on the version in the server's banner."); script_set_attribute(attribute:"see_also", value:"https://archive.apache.org/dist/httpd/CHANGES_2.2.23"); script_set_attribute(attribute:"see_also", value:"http://httpd.apache.org/security/vulnerabilities_22.html"); script_set_attribute(attribute:"solution", value:"Upgrade to Apache version 2.2.23 or later."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2012/03/02"); script_set_attribute(attribute:"patch_publication_date", value:"2012/09/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/14"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:http_server"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_dependencies("apache_http_version.nasl"); script_require_keys("installed_sw/Apache"); script_require_ports("Services/www", 80); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("install_func.inc"); get_install_count(app_name:"Apache", exit_if_zero:TRUE); port = get_http_port(default:80); install = get_single_install(app_name:"Apache", port:port, exit_if_unknown_ver:TRUE); # Check if we could get a version first, then check if it was # backported version = get_kb_item_or_exit('www/apache/'+port+'/version', exit_code:1); backported = get_kb_item_or_exit('www/apache/'+port+'/backported', exit_code:1); if (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, "Apache"); source = get_kb_item_or_exit('www/apache/'+port+'/source', exit_code:1); # Check if the version looks like either ServerTokens Major/Minor # was used if (version =~ '^2(\\.2)?$') exit(1, "The banner from the Apache server listening on port "+port+" - "+source+" - is not granular enough to make a determination."); fixed_ver = '2.2.23'; if (version =~ '^2\\.2' && ver_compare(ver:version, fix:fixed_ver) == -1) { set_kb_item(name:'www/'+port+'/XSS', value:TRUE); if (report_verbosity > 0) { report = '\n Version source : ' + source + '\n Installed version : ' + version + '\n Fixed version : ' + fixed_ver + '\n'; security_warning(port:port, extra:report); } else security_warning(port); exit(0); } else audit(AUDIT_LISTEN_NOT_VULN, "Apache", port, version);NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-80.NASL description - ignore case when checking against SNI server names. [bnc#798733] httpd-2.2.x-bnc798733-SNI_ignorecase.diff - better cleanup of busy count after recovering from failure [bnc#789828] httpd-2.2.x-bnc789828-mod_balancer.diff - httpd-2.2.x-bnc788121-CVE-2012-4557-mod_proxy_ajp_timeout.diff: backend timeouts should not affect the entire worker. [bnc#788121] - httpd-2.2.x-envvars.diff obsoletes httpd-2.0.54-envvars.dif: Fix for low profile bug CVE-2012-0883 about improper LD_LIBRARY_PATH handling. [bnc#757710] - httpd-2.2.x-bnc777260-CVE-2012-2687-mod_negotiation_filename_xss.diff Escape filename for the case that uploads are allowed with untrusted user last seen 2020-06-05 modified 2014-06-13 plugin id 75181 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75181 title openSUSE Security Update : apache2 (openSUSE-SU-2013:0243-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2013-80. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75181); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2011-3368", "CVE-2011-4317", "CVE-2012-0883", "CVE-2012-2687", "CVE-2012-4557"); script_name(english:"openSUSE Security Update : apache2 (openSUSE-SU-2013:0243-1)"); script_summary(english:"Check for the openSUSE-2013-80 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: " - ignore case when checking against SNI server names. [bnc#798733] httpd-2.2.x-bnc798733-SNI_ignorecase.diff - better cleanup of busy count after recovering from failure [bnc#789828] httpd-2.2.x-bnc789828-mod_balancer.diff - httpd-2.2.x-bnc788121-CVE-2012-4557-mod_proxy_ajp_timeout.diff: backend timeouts should not affect the entire worker. [bnc#788121] - httpd-2.2.x-envvars.diff obsoletes httpd-2.0.54-envvars.dif: Fix for low profile bug CVE-2012-0883 about improper LD_LIBRARY_PATH handling. [bnc#757710] - httpd-2.2.x-bnc777260-CVE-2012-2687-mod_negotiation_filename_xss.diff Escape filename for the case that uploads are allowed with untrusted user's control over filenames and mod_negotiation enabled on the same directory. CVE-2012-2687 [bnc#777260] - httpd-2.2.x-CVE-2011-3368_CVE-2011-4317-bnc722545.diff reworked to reflect the upstream changes. This will prevent the 'Invalid URI in request OPTIONS *' messages in the error log. [bnc#722545]" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=722545" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=757710" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=777260" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=788121" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=789828" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=798733" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html" ); script_set_attribute( attribute:"solution", value:"Update the affected apache2 packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-event"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-event-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-example-pages"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-itk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-itk-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-prefork"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-prefork-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-utils-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-worker"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-worker-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1"); script_set_attribute(attribute:"patch_publication_date", value:"2013/01/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.1", reference:"apache2-2.2.21-3.9.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"apache2-debuginfo-2.2.21-3.9.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"apache2-debugsource-2.2.21-3.9.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"apache2-devel-2.2.21-3.9.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"apache2-event-2.2.21-3.9.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"apache2-event-debuginfo-2.2.21-3.9.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"apache2-example-pages-2.2.21-3.9.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"apache2-itk-2.2.21-3.9.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"apache2-itk-debuginfo-2.2.21-3.9.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"apache2-prefork-2.2.21-3.9.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"apache2-prefork-debuginfo-2.2.21-3.9.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"apache2-utils-2.2.21-3.9.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"apache2-utils-debuginfo-2.2.21-3.9.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"apache2-worker-2.2.21-3.9.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"apache2-worker-debuginfo-2.2.21-3.9.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2 / apache2-debuginfo / apache2-debugsource / apache2-devel / etc"); }NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2013-004.NASL description The remote host is running a version of Mac OS X 10.6 or 10.7 that does not have Security Update 2013-004 applied. This update contains several security-related fixes for the following component : - Apache - Bind - Certificate Trust Policy - ClamAV - Installer - IPSec - Mobile Device Management - OpenSSL - PHP - PostgreSQL - QuickTime - sudo Note that successful exploitation of the most serious issues could result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 69878 published 2013-09-13 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69878 title Mac OS X Multiple Vulnerabilities (Security Update 2013-004) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(69878); script_version("1.18"); script_cvs_date("Date: 2018/07/14 1:59:36"); script_cve_id( "CVE-2012-0883", "CVE-2012-2686", "CVE-2012-2687", "CVE-2012-3499", "CVE-2012-3817", "CVE-2012-4244", "CVE-2012-4558", "CVE-2012-5166", "CVE-2012-5688", "CVE-2013-0166", "CVE-2013-0169", "CVE-2013-1027", "CVE-2013-1028", "CVE-2013-1030", "CVE-2013-1032", "CVE-2013-1635", "CVE-2013-1643", "CVE-2013-1775", "CVE-2013-1824", "CVE-2013-1899", "CVE-2013-1900", "CVE-2013-1901", "CVE-2013-1902", "CVE-2013-1903", "CVE-2013-2020", "CVE-2013-2021", "CVE-2013-2110", "CVE-2013-2266" ); script_bugtraq_id( 53046, 54658, 55131, 55522, 55852, 56817, 57755, 57778, 58165, 58203, 58224, 58736, 58766, 58876, 58877, 58878, 58879, 58882, 59434, 60118, 60268, 60411, 62370, 62371, 62373, 62375, 62377 ); script_xref(name:"APPLE-SA", value:"APPLE-SA-2013-09-12-1"); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2013-004)"); script_summary(english:"Check for the presence of Security Update 2013-004"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes several security issues." ); script_set_attribute( attribute:"description", value: "The remote host is running a version of Mac OS X 10.6 or 10.7 that does not have Security Update 2013-004 applied. This update contains several security-related fixes for the following component : - Apache - Bind - Certificate Trust Policy - ClamAV - Installer - IPSec - Mobile Device Management - OpenSSL - PHP - PostgreSQL - QuickTime - sudo Note that successful exploitation of the most serious issues could result in arbitrary code execution." ); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT5880"); script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"); script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/archive/1/528594/30/0/threaded"); script_set_attribute(attribute:"solution", value:"Install Security Update 2013-004 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Mac OS X Sudo Password Bypass'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2012/04/16"); script_set_attribute(attribute:"patch_publication_date", value:"2013/09/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/13"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "Host/MacOSX/packages/boms"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); os = get_kb_item("Host/MacOSX/Version"); if (!os) audit(AUDIT_OS_NOT, "Mac OS X"); if (!ereg(pattern:"Mac OS X 10\.[67]([^0-9]|$)", string:os)) audit(AUDIT_OS_NOT, "Mac OS X 10.6 / 10.7"); else if ("Mac OS X 10.6" >< os && !ereg(pattern:"Mac OS X 10\.6($|\.[0-8]([^0-9]|$))", string:os)) exit(0, "The remote host uses a version of Mac OS X Snow Leopard later than 10.6.8."); else if ("Mac OS X 10.7" >< os && !ereg(pattern:"Mac OS X 10\.7($|\.[0-5]([^0-9]|$))", string:os)) exit(0, "The remote host uses a version of Mac OS X Lion later than 10.7.5."); packages = get_kb_item_or_exit("Host/MacOSX/packages/boms", exit_code:1); if ( egrep(pattern:"^com\.apple\.pkg\.update\.security(\.10\.[6-8]\..+)?\.(2013\.00[4-9]|201[4-9]\.[0-9]+)(\.(snowleopard[0-9.]*|lion))?\.bom", string:packages) ) exit(0, "The host has Security Update 2013-004 or later installed and is therefore not affected."); else { set_kb_item(name:"www/0/XSS", value:TRUE); if (report_verbosity > 0) { security_boms = egrep(pattern:"^com\.apple\.pkg\.update\.security", string:packages); report = '\n Installed security BOMs : '; if (security_boms) report += str_replace(find:'\n', replace:'\n ', string:security_boms); else report += 'n/a'; report += '\n'; security_hole(port:0, extra:report); } else security_hole(0); }NASL family Fedora Local Security Checks NASL id FEDORA_2013-1661.NASL description This update contains the 2.2.23 release of the Apache HTTP Server. http://www.eu.apache.org/dist/httpd/CHANGES_2.2.23 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-02-13 plugin id 64595 published 2013-02-13 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64595 title Fedora 17 : httpd-2.2.23-1.fc17 (2013-1661) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-1661. # include("compat.inc"); if (description) { script_id(64595); script_version("1.13"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2008-0455", "CVE-2012-0883", "CVE-2012-2687"); script_bugtraq_id(27409, 55131); script_xref(name:"FEDORA", value:"2013-1661"); script_name(english:"Fedora 17 : httpd-2.2.23-1.fc17 (2013-1661)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update contains the 2.2.23 release of the Apache HTTP Server. http://www.eu.apache.org/dist/httpd/CHANGES_2.2.23 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"http://www.eu.apache.org/dist/httpd/CHANGES_2.2.23" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=813559" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=850794" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/098616.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f84d1172" ); script_set_attribute(attribute:"solution", value:"Update the affected httpd package."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(79); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:httpd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:17"); script_set_attribute(attribute:"patch_publication_date", value:"2013/02/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^17([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 17.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC17", reference:"httpd-2.2.23-1.fc17")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201206-25.NASL description The remote host is affected by the vulnerability described in GLSA-201206-25 (Apache HTTP Server: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Apache HTTP Server. Please review the CVE identifiers referenced below for details. Impact : A remote attacker might obtain sensitive information, gain privileges, send requests to unintended servers behind proxies, bypass certain security restrictions, obtain the values of HTTPOnly cookies, or cause a Denial of Service in various ways. A local attacker could gain escalated privileges. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 59678 published 2012-06-25 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59678 title GLSA-201206-25 : Apache HTTP Server: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201206-25. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(59678); script_version("1.22"); script_cvs_date("Date: 2018/07/11 17:09:26"); script_cve_id("CVE-2010-0408", "CVE-2010-0434", "CVE-2010-1452", "CVE-2010-2791", "CVE-2011-3192", "CVE-2011-3348", "CVE-2011-3368", "CVE-2011-3607", "CVE-2011-4317", "CVE-2012-0021", "CVE-2012-0031", "CVE-2012-0053", "CVE-2012-0883"); script_bugtraq_id(38491, 38494, 38580, 41963, 42102, 49303, 49616, 49957, 50494, 50802, 51407, 51705, 51706, 53046); script_xref(name:"GLSA", value:"201206-25"); script_name(english:"GLSA-201206-25 : Apache HTTP Server: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201206-25 (Apache HTTP Server: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Apache HTTP Server. Please review the CVE identifiers referenced below for details. Impact : A remote attacker might obtain sensitive information, gain privileges, send requests to unintended servers behind proxies, bypass certain security restrictions, obtain the values of HTTPOnly cookies, or cause a Denial of Service in various ways. A local attacker could gain escalated privileges. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201206-25" ); script_set_attribute( attribute:"solution", value: "All Apache HTTP Server users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-servers/apache-2.2.22-r1'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(200); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:apache"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2012/06/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-servers/apache", unaffected:make_list("ge 2.2.22-r1"), vulnerable:make_list("lt 2.2.22-r1"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Apache HTTP Server"); }NASL family MacOS X Local Security Checks NASL id MACOSX_10_8_5.NASL description The remote host is running a version of Mac OS X 10.8.x that is prior to 10.8.5. The newer version contains multiple security-related fixes for the following components : - Apache - Bind - Certificate Trust Policy - CoreGraphics - ImageIO - Installer - IPSec - Kernel - Mobile Device Management - OpenSSL - PHP - PostgreSQL - Power Management - QuickTime - Screen Lock - sudo This update also addresses an issue in which certain Unicode strings could cause applications to unexpectedly quit. Note that successful exploitation of the most serious issues could result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 69877 published 2013-09-13 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69877 title Mac OS X 10.8.x < 10.8.5 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(69877); script_version("1.18"); script_cvs_date("Date: 2018/07/14 1:59:36"); script_cve_id( "CVE-2012-0883", "CVE-2012-2686", "CVE-2012-2687", "CVE-2012-3499", "CVE-2012-3817", "CVE-2012-4244", "CVE-2012-4558", "CVE-2012-5166", "CVE-2012-5688", "CVE-2013-0166", "CVE-2013-0169", "CVE-2013-1025", "CVE-2013-1026", "CVE-2013-1027", "CVE-2013-1028", "CVE-2013-1029", "CVE-2013-1030", "CVE-2013-1031", "CVE-2013-1032", "CVE-2013-1033", "CVE-2013-1635", "CVE-2013-1643", "CVE-2013-1775", "CVE-2013-1824", "CVE-2013-1899", "CVE-2013-1900", "CVE-2013-1901", "CVE-2013-1902", "CVE-2013-1903", "CVE-2013-2110", "CVE-2013-2266" ); script_bugtraq_id( 53046, 54658, 55131, 55522, 55852, 56817, 57755, 57778, 58165, 58203, 58224, 58736, 58766, 58876, 58877, 58878, 58879, 58882, 60268, 60411, 62368, 62369, 62370, 62371, 62373, 62374, 62375, 62377, 62378, 62381, 62382 ); script_xref(name:"APPLE-SA", value:"APPLE-SA-2013-09-12-1"); script_name(english:"Mac OS X 10.8.x < 10.8.5 Multiple Vulnerabilities"); script_summary(english:"Check the version of Mac OS X"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes several security issues." ); script_set_attribute( attribute:"description", value: "The remote host is running a version of Mac OS X 10.8.x that is prior to 10.8.5. The newer version contains multiple security-related fixes for the following components : - Apache - Bind - Certificate Trust Policy - CoreGraphics - ImageIO - Installer - IPSec - Kernel - Mobile Device Management - OpenSSL - PHP - PostgreSQL - Power Management - QuickTime - Screen Lock - sudo This update also addresses an issue in which certain Unicode strings could cause applications to unexpectedly quit. Note that successful exploitation of the most serious issues could result in arbitrary code execution." ); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT5880"); script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"); script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/archive/1/528594/30/0/threaded"); script_set_attribute(attribute:"solution", value:"Upgrade to Mac OS X 10.8.5 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Mac OS X Sudo Password Bypass'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2012/04/16"); script_set_attribute(attribute:"patch_publication_date", value:"2013/09/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/13"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); os = get_kb_item("Host/MacOSX/Version"); if (!os) { os = get_kb_item_or_exit("Host/OS"); if ("Mac OS X" >!< os) audit(AUDIT_OS_NOT, "Mac OS X"); c = get_kb_item("Host/OS/Confidence"); if (c <= 70) exit(1, "Can't determine the host's OS with sufficient confidence."); } if (!os) audit(AUDIT_OS_NOT, "Mac OS X"); if (ereg(pattern:"Mac OS X 10\.8($|\.[0-4]([^0-9]|$))", string:os)) { set_kb_item(name:"www/0/XSS", value:TRUE); security_hole(0); } else exit(0, "The host is not affected as it is running "+os+".");NASL family Web Servers NASL id APACHE_2_4_2.NASL description According to its banner, the version of Apache 2.4.x running on the remote host is prior to 2.4.2. It is, therefore, potentially affected by an insecure library loading issue. The utility last seen 2020-06-01 modified 2020-06-02 plugin id 58795 published 2012-04-19 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58795 title Apache 2.4.x < 2.4.2 'LD_LIBRARY_PATH' Insecure Library Loading code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(58795); script_version("1.9"); script_cvs_date("Date: 2018/06/29 12:01:03"); script_cve_id("CVE-2012-0883"); script_bugtraq_id(53046); script_name(english:"Apache 2.4.x < 2.4.2 'LD_LIBRARY_PATH' Insecure Library Loading"); script_summary(english:"Checks version in Server response header."); script_set_attribute(attribute:"synopsis", value: "The remote web server is affected by an insecure library loading issue."); script_set_attribute(attribute:"description", value: "According to its banner, the version of Apache 2.4.x running on the remote host is prior to 2.4.2. It is, therefore, potentially affected by an insecure library loading issue. The utility 'apachectl' can receive a zero-length directory name in the LD_LIBRARY_PATH via the 'envvars' file. A local attacker with access to that utility could exploit this to load a malicious Dynamic Shared Object (DSO), leading to arbitrary code execution. Note that Nessus did not actually test for this flaw, but instead has relied on the version in the server's banner."); script_set_attribute(attribute:"see_also", value:"https://archive.apache.org/dist/httpd/CHANGES_2.4.2"); script_set_attribute(attribute:"see_also", value:"http://httpd.apache.org/security/vulnerabilities_24.html"); script_set_attribute(attribute:"see_also", value:"http://svn.apache.org/viewvc?view=revision&revision=1296428"); script_set_attribute(attribute:"solution", value:"Upgrade to Apache version 2.4.2 or later."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/03/02"); script_set_attribute(attribute:"patch_publication_date", value:"2012/04/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/19"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:http_server"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_dependencies("apache_http_version.nasl"); script_require_keys("installed_sw/Apache"); script_require_ports("Services/www", 80); exit(0); } include("global_settings.inc"); include("audit.inc"); include("misc_func.inc"); include("http.inc"); include("install_func.inc"); get_install_count(app_name:"Apache", exit_if_zero:TRUE); port = get_http_port(default:80); install = get_single_install(app_name:"Apache", port:port, exit_if_unknown_ver:TRUE); # Check if we could get a version first, then check if it was # backported version = get_kb_item_or_exit('www/apache/'+port+'/version', exit_code:1); backported = get_kb_item_or_exit('www/apache/'+port+'/backported', exit_code:1); if (report_paranoia < 2 && backported) exit(1, "Security patches may have been backported on the web server listening on port "+port+"."); source = get_kb_item_or_exit('www/apache/'+port+'/source', exit_code:1); # Check if the version looks like either ServerTokens Major/Minor # was used if (version =~ '^2(\\.[34])?$') exit(1, "The banner from the Apache server listening on port "+port+" - "+source+" - is not granular enough to make a determination."); fixed_ver = '2.4.2'; if (version =~ '^2\\.[34]' && ver_compare(ver:version, fix:fixed_ver) == -1) { if (report_verbosity > 0) { report = '\n Version source : ' + source + '\n Installed version : ' + version + '\n Fixed version : ' + fixed_ver + '\n'; security_warning(port:port, extra:report); } else security_warning(port); exit(0); } else audit(AUDIT_LISTEN_NOT_VULN, "Apache", port, version);NASL family Solaris Local Security Checks NASL id SOLARIS11_APACHE_20130129.NASL description The remote Solaris system is missing necessary patches to address security updates : - envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl. (CVE-2012-0883) - Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list. (CVE-2012-2687) last seen 2020-06-01 modified 2020-06-02 plugin id 80583 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80583 title Oracle Solaris Third-Party Patch Update : apache (multiple_vulnerabilities_in_apache_http2) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Oracle Third Party software advisories. # include("compat.inc"); if (description) { script_id(80583); script_version("1.3"); script_cvs_date("Date: 2018/11/15 20:50:24"); script_cve_id("CVE-2012-0883", "CVE-2012-2687"); script_name(english:"Oracle Solaris Third-Party Patch Update : apache (multiple_vulnerabilities_in_apache_http2)"); script_summary(english:"Check for the 'entire' version."); script_set_attribute( attribute:"synopsis", value: "The remote Solaris system is missing a security patch for third-party software." ); script_set_attribute( attribute:"description", value: "The remote Solaris system is missing necessary patches to address security updates : - envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl. (CVE-2012-0883) - Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list. (CVE-2012-2687)" ); # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4a913f44" ); # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-apache-http-server script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?158e3c7f" ); script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11.1.3.4."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:apache"); script_set_attribute(attribute:"patch_publication_date", value:"2013/01/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Solaris11/release"); if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11"); pkg_list = solaris_pkg_list_leaves(); if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages"); if (empty_or_null(egrep(string:pkg_list, pattern:"^apache-"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache"); flag = 0; if (solaris_check_release(release:"0.5.11-0.175.1.3.0.4.0", sru:"SRU 11.1.3.4.0") > 0) flag++; if (flag) { set_kb_item(name:'www/0/XSS', value:TRUE); error_extra = 'Affected package : apache\n' + solaris_get_report2(); error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra); if (report_verbosity > 0) security_warning(port:0, extra:error_extra); else security_warning(0); exit(0); } else audit(AUDIT_PACKAGE_NOT_AFFECTED, "apache");NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_DE2BC01FDC4411E19F4D002354ED89BC.NASL description Apache reports : Insecure handling of LD_LIBRARY_PATH was found that could lead to the current working directory to be searched for DSOs. This could allow a local user to execute code as root if an administrator runs apachectl from an untrusted directory. last seen 2020-06-01 modified 2020-06-02 plugin id 61388 published 2012-08-02 reporter This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61388 title FreeBSD : Apache -- Insecure LD_LIBRARY_PATH handling (de2bc01f-dc44-11e1-9f4d-002354ed89bc) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(61388); script_version("1.4"); script_cvs_date("Date: 2018/11/10 11:49:43"); script_cve_id("CVE-2012-0883"); script_name(english:"FreeBSD : Apache -- Insecure LD_LIBRARY_PATH handling (de2bc01f-dc44-11e1-9f4d-002354ed89bc)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "Apache reports : Insecure handling of LD_LIBRARY_PATH was found that could lead to the current working directory to be searched for DSOs. This could allow a local user to execute code as root if an administrator runs apachectl from an untrusted directory." ); script_set_attribute( attribute:"see_also", value:"http://httpd.apache.org/security/vulnerabilities_24.html" ); # http://www.apache.org/dist/httpd/CHANGES_2.4.2 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4d383d53" ); # https://vuxml.freebsd.org/freebsd/de2bc01f-dc44-11e1-9f4d-002354ed89bc.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?34579632" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:apache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:apache-event"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:apache-itk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:apache-peruser"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:apache-worker"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/03/02"); script_set_attribute(attribute:"patch_publication_date", value:"2012/08/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"apache<=2.2.22_5")) flag++; if (pkg_test(save_report:TRUE, pkg:"apache-event<=2.2.22_5")) flag++; if (pkg_test(save_report:TRUE, pkg:"apache-itk<=2.2.22_5")) flag++; if (pkg_test(save_report:TRUE, pkg:"apache-peruser<=2.2.22_5")) flag++; if (pkg_test(save_report:TRUE, pkg:"apache-worker<=2.2.22_5")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_11_APACHE2-130225.NASL description This update fixes the following issues : - Denial of Service via special requests in mod_proxy_ajp. (CVE-2012-4557) - improper LD_LIBRARY_PATH handling. (CVE-2012-0883) - filename escaping problem Additionally, some non-security bugs have been fixed:. (CVE-2012-2687) - ignore case when checking against SNI server names. [bnc#798733] - httpd-2.2.x-CVE-2011-3368_CVE-2011-4317-bnc722545.diff reworked to reflect the upstream changes. This will prevent the last seen 2020-06-05 modified 2013-03-05 plugin id 65023 published 2013-03-05 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65023 title SuSE 11.2 Security Update : Apache (SAT Patch Number 7409) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(65023); script_version("1.8"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2011-3368", "CVE-2011-4317", "CVE-2012-0021", "CVE-2012-0883", "CVE-2012-2687", "CVE-2012-4557"); script_name(english:"SuSE 11.2 Security Update : Apache (SAT Patch Number 7409)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update fixes the following issues : - Denial of Service via special requests in mod_proxy_ajp. (CVE-2012-4557) - improper LD_LIBRARY_PATH handling. (CVE-2012-0883) - filename escaping problem Additionally, some non-security bugs have been fixed:. (CVE-2012-2687) - ignore case when checking against SNI server names. [bnc#798733] - httpd-2.2.x-CVE-2011-3368_CVE-2011-4317-bnc722545.diff reworked to reflect the upstream changes. This will prevent the 'Invalid URI in request OPTIONS *' messages in the error log. [bnc#722545] - new sysconfig variable APACHE_DISABLE_SSL_COMPRESSION; if set to on, OPENSSL_NO_DEFAULT_ZLIB will be inherited to the apache process; openssl will then transparently disable compression. This change affects start script and sysconfig fillup template. Default is on, SSL compression disabled. Please see mod_deflate for compressed transfer at http layer. [bnc#782956]" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=722545" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=757710" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=774045" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=777260" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=782956" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=788121" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=793004" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=798733" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-3368.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-4317.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-0021.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-0883.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-2687.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-4557.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 7409."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:apache2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:apache2-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:apache2-example-pages"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:apache2-prefork"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:apache2-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:apache2-worker"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2013/02/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, "SuSE 11.2"); flag = 0; if (rpm_check(release:"SLES11", sp:2, reference:"apache2-2.2.12-1.36.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"apache2-doc-2.2.12-1.36.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"apache2-example-pages-2.2.12-1.36.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"apache2-prefork-2.2.12-1.36.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"apache2-utils-2.2.12-1.36.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"apache2-worker-2.2.12-1.36.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_SU-2013-0387-1.NASL description This update fixes the following security issues with apache2 httpd : - Improper LD_LIBRARY_PATH handling (CVE-2012-0883 ) - Filename escaping problem (CVE-2012-2687 ) Additionally, some non-security bugs have been fixed as enumerated in the changelog of the RPM. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-05-20 plugin id 83577 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83577 title SUSE SLES10 Security Update : apache2 (SUSE-SU-2013:0387-1) NASL family Web Servers NASL id HPSMH_7_2_1_0.NASL description According to the web server last seen 2020-06-01 modified 2020-06-02 plugin id 69020 published 2013-07-23 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69020 title HP System Management Homepage < 7.2.1.0 Multiple Vulnerabilities (BEAST) NASL family SuSE Local Security Checks NASL id SUSE_APACHE2-8443.NASL description This update fixes the following security issues with apache2 httpd : - Improper LD_LIBRARY_PATH handling. (CVE-2012-0883) - Filename escaping problem (CVE-2012-2687) Additionally, some non-security bugs have been fixed as enumerated in the changelog of the RPM. last seen 2020-06-05 modified 2013-03-05 plugin id 65025 published 2013-03-05 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65025 title SuSE 10 Security Update : apache2 (ZYPP Patch Number 8443) NASL family SuSE Local Security Checks NASL id SUSE_SU-2013-0469-1.NASL description This Apache2 LTSS roll-up update for SUSE Linux Enterprise 10 SP3 LTSS fixes the following security issues and bugs : - CVE-2012-4557: Denial of Service via special requests in mod_proxy_ajp - CVE-2012-0883: improper LD_LIBRARY_PATH handling - CVE-2012-2687: filename escaping problem - CVE-2012-0031: Fixed a scoreboard corruption (shared mem segment) by child causes crash of privileged parent (invalid free()) during shutdown. - CVE-2012-0053: Fixed an issue in error responses that could expose last seen 2020-06-05 modified 2015-05-20 plugin id 83578 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83578 title SUSE SLES10 Security Update : apache2 (SUSE-SU-2013:0469-1) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2012-154.NASL description Multiple vulnerabilities has been found and corrected in apache (ASF HTTPD) : Insecure handling of LD_LIBRARY_PATH was found that could lead to the current working directory to be searched for DSOs. This could allow a local user to execute code as root if an administrator runs apachectl from an untrusted directory (CVE-2012-0883). Possible XSS for sites which use mod_negotiation and allow untrusted uploads to locations which have MultiViews enabled (CVE-2012-2687). The updated packages have been upgraded to the latest 2.2.23 version which is not vulnerable to these issues. Update : Packages for Mandriva Linux 2011 is also being provided. last seen 2020-06-01 modified 2020-06-02 plugin id 62386 published 2012-10-02 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62386 title Mandriva Linux Security Advisory : apache (MDVSA-2012:154-1) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_65539C54251711E2B9D620CF30E32F6D.NASL description Apache HTTP SERVER PROJECT reports:low: XSS in mod_negotiation when untrusted uploads are supported CVE-2012-2687 Possible XSS for sites which use mod_negotiation and allow untrusted uploads to locations which have MultiViews enabled. low: insecure LD_LIBRARY_PATH handling CVE-2012-0883 This issue was already fixed in port version 2.2.22_5 last seen 2020-06-01 modified 2020-06-02 plugin id 62806 published 2012-11-05 reporter This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62806 title FreeBSD : apache22 -- several vulnerabilities (65539c54-2517-11e2-b9d6-20cf30e32f6d)
Seebug
bulletinFamily exploit description Bugtraq ID: 53046 CVE ID:CVE-2012-0883 Apache HTTP Server是一款流行的HTTP服务程序 由于不安全处理LD_LIBRARY_PATH,可导致在当前工作目录中搜索DSO,攻击者可以利用此漏洞以HTTPD服务上下文执行任意代码 0 Apache 2.0.x Apache 2.1.x Apache 2.2.x Apache 2.3.x 厂商解决方案 Apache ----- Apache Software Foundation Apache 2.4.2已经修复此漏洞,建议用户下载使用: http://www.apache.org/ id SSV:60069 last seen 2017-11-19 modified 2012-04-20 published 2012-04-20 reporter Root title Apache HTTP Server 'LD_LIBRARY_PATH'不安全库装载任意代码执行漏洞 bulletinFamily exploit description CVE ID: CVE-2012-0883 Apache HTTP Server是Apache软件基金会的一个开放源码的网页服务器,可以在大多数计算机操作系统中运行,由于其多平台和安全性被广泛使用,是最流行的Web服务器端软件之一。 Apache HTTP Server 2.4.2之前版本的envvars (即envvars-std)在LD_LIBRARY_PATH中放置了零长度的目录名称,可允许本地用户在执行apachectl过程中通过当前工作目录中的木马DSO获取权限。 0 Apache Group HTTP Server < 2.4.2 厂商补丁: Apache Group ------------ Apache Group已经为此发布了一个安全公告(Announcement2.2)以及相应补丁: Announcement2.2:Apache HTTP Server 2.2.23 Released 链接:http://www.apache.org/dist/httpd/Announcement2.2.html id SSV:60386 last seen 2017-11-19 modified 2012-09-18 published 2012-09-18 reporter Root title Apache HTTP Server envvars本地权限提升漏洞 bulletinFamily exploit description BUGTRAQ ID: 53046 CVE(CAN) ID: CVE-2012-0883 Apache HTTP Server是Apache软件基金会的一个开放源码的网页服务器,可以在大多数计算机操作系统中运行,由于其多平台和安全性被广泛使用,是最流行的Web服务器端软件之一。 Apache HTTP Server 2.4.2之前版本内的envvars (即envvars-std)在LD_LIBRARY_PATH内放置了零长度的目录名称,通过在执行apachectl时在前工作目录内木马DSO,可允许本地用户获取权限。 0 Apache 2.2.x 厂商补丁: Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.apache.org id SSV:60427 last seen 2017-11-19 modified 2012-10-11 published 2012-10-11 reporter Root title Apache HTTP Server 'LD_LIBRARY_PATH'不安全库加载任意代码执行漏洞
References
- http://www.apache.org/dist/httpd/Announcement2.4.html
- http://svn.apache.org/viewvc?view=revision&revision=1296428
- http://article.gmane.org/gmane.comp.apache.devel/48158
- http://www.securitytracker.com/id?1026932
- http://marc.info/?l=bugtraq&m=134012830914727&w=2
- http://secunia.com/advisories/48849
- http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html
- http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html
- http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
- http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
- http://support.apple.com/kb/HT5880
- https://httpd.apache.org/security/vulnerabilities_24.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74901
- http://www.securityfocus.com/bid/53046
- http://www.apachelounge.com/Changelog-2.4.html
- https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E