Vulnerabilities > CVE-2013-6438

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_10.NASL
    descriptionThe remote host is running a version of Mac OS X is prior to version 10.10. This update contains several security-related fixes for the following components : - 802.1X - AFP File Server - apache - App Sandbox - Bash - Bluetooth - Certificate Trust Policy - CFPreferences - CoreStorage - CUPS - Dock - fdesetup - iCloud Find My Mac - IOAcceleratorFamily - IOHIDFamily - IOKit - Kernel - LaunchServices - LoginWindow - Mail - MCX Desktop Config Profiles - NetFS Client Framework - QuickTime - Safari - Secure Transport - Security - Security - Code Signing Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id78550
    published2014-10-17
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78550
    titleMac OS X < 10.10 Multiple Vulnerabilities (POODLE) (Shellshock)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-0370.NASL
    descriptionUpdated httpd packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module (for example when using the mod_dav_svn module), a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id73320
    published2014-04-04
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73320
    titleCentOS 6 : httpd (CESA-2014:0370)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_APACHE_20140915.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request. (CVE-2013-6438) - The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation. (CVE-2014-0098)
    last seen2020-06-01
    modified2020-06-02
    plugin id80588
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80588
    titleOracle Solaris Third-Party Patch Update : apache (multiple_input_validation_vulnerabilities_in1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-503.NASL
    descriptionThis apache2 update fixes the following security issues : - fix for crash in mod_proxy processing specially crafted requests with reverse proxy configurations that results in a crash and a DoS condition for the server. CVE-2014-0117 - new config option CGIDScriptTimeout set to 60s in new file conf.d/cgid-timeout.conf, preventing worker processes hanging forever if a cgi launched from them has stopped reading input from the server (DoS). CVE-2014-0231 - Fix for a NULL pointer dereference in mod_cache that causes a crash in caching forwarding configurations, resulting in a DoS condition. CVE-2013-4352 - fix for crash in parsing cookie content, resulting in a DoS against the server CVE-2014-0098 - fix for mod_status race condition in scoreboard handling and consecutive heap overflow and information disclosure if access to mod_status is granted to a potential attacker. CVE-2014-0226 - fix for improper handling of whitespace characters from CDATA sections to mod_dav, leading to a crash and a DoS condition of the apache server process CVE-2013-6438
    last seen2020-06-05
    modified2014-08-21
    plugin id77292
    published2014-08-21
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77292
    titleopenSUSE Security Update : apache2 (openSUSE-SU-2014:1044-1)
  • NASL familyMisc.
    NASL idJUNIPER_NSM_JSA10685_CRED.NASL
    descriptionThe remote host is running a version of NSM (Network and Security Manager) Server that is prior to 2012.2R9. It is, therefore, affected by multiple vulnerabilities in the bundled version of Apache HTTP Server : - A flaw exists due to improper escaping of filenames in 406 and 300 HTTP responses. A remote attacker can exploit this, by uploading a file with a specially crafted name, to inject arbitrary HTTP headers or conduct cross-site scripting attacks. (CVE-2008-0456) - Multiple cross-site scripting vulnerabilities exist in the mod_negotiation module due to improper sanitization of input passed via filenames. An attacker can exploit this to execute arbitrary script code in a user
    last seen2020-06-01
    modified2020-06-02
    plugin id84878
    published2015-07-20
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84878
    titleJuniper NSM < 2012.2R9 Apache HTTP Server Multiple Vulnerabilities (JSA10685) (credentialed check)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_APACHE2-140721.NASL
    descriptionThis update for the Apache Web Server provides the following fixes : - Fixed a heap-based buffer overflow on apache module mod_status. (bnc#887765, CVE-2014-0226) - Properly remove whitespace characters from CDATA sections to avoid remote denial of service by crashing the Apache Server process. (bnc#869105, CVE-2013-6438) - Correction to parsing of cookie content; this can lead to a crash with a specially designed cookie sent to the server. (bnc#869106, CVE-2014-0098) - ECC support should not be missing. (bnc#859916) This update also introduces a new configuration parameter CGIDScriptTimeout, which defaults to the value of parameter Timeout. CGIDScriptTimeout is set to 60s if mod_cgid is loaded/active, via /etc/apache2/conf.d/cgid-timeout.conf. The new directive and its effect prevent request workers to be eaten until starvation if cgi programs do not send output back to the server within the timeout set by CGIDScriptTimeout. (bnc#887768, CVE-2014-0231)
    last seen2020-06-05
    modified2014-08-07
    plugin id77048
    published2014-08-07
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77048
    titleSuSE 11.3 Security Update : Apache Web Server (SAT Patch Number 9542)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0783.NASL
    descriptionUpdated httpd packages that fix two security issues and one bug are now available for Red Hat JBoss Web Server 2.0.1 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module (for example when using the mod_dav_svn module), a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id76242
    published2014-06-26
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76242
    titleRHEL 5 / 6 : JBoss Web Server (RHSA-2014:0783)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-5004.NASL
    descriptionThis update contains the latest release of the Apache HTTP Server, version 2.4.9. Numerous bug fixes and minor enhancements are included; for more information see : http://www.apache.org/dist/httpd/CHANGES_2.4.9 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-04-23
    plugin id73660
    published2014-04-23
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73660
    titleFedora 19 : httpd-2.4.9-1.fc19 (2014-5004)
  • NASL familyMisc.
    NASL idJUNIPER_NSM_JSA10685.NASL
    descriptionThe remote host is running a version of NSM (Network and Security Manager) Server that is prior to 2012.2R9. It is, therefore, affected by multiple vulnerabilities in the bundled version of Apache HTTP Server : - A flaw exists due to improper escaping of filenames in 406 and 300 HTTP responses. A remote attacker can exploit this, by uploading a file with a specially crafted name, to inject arbitrary HTTP headers or conduct cross-site scripting attacks. (CVE-2008-0456) - Multiple cross-site scripting vulnerabilities exist in the mod_negotiation module due to improper sanitization of input passed via filenames. An attacker can exploit this to execute arbitrary script code in a user
    last seen2020-06-01
    modified2020-06-02
    plugin id84877
    published2015-07-20
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84877
    titleJuniper NSM < 2012.2R9 Apache HTTP Server Multiple Vulnerabilities (JSA10685)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20140403_HTTPD_ON_SL6_X.NASL
    descriptionIt was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module (for example when using the mod_dav_svn module), a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-03-18
    modified2014-04-07
    plugin id73369
    published2014-04-07
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73369
    titleScientific Linux Security Update : httpd on SL6.x i386/x86_64 (20140403)
  • NASL familyWeb Servers
    NASL idAPACHE_2_2_27.NASL
    descriptionAccording to its banner, the version of Apache 2.2.x running on the remote host is a version prior to 2.2.27. It is, therefore, potentially affected by the following vulnerabilities : - A flaw exists with the
    last seen2020-06-01
    modified2020-06-02
    plugin id73405
    published2014-04-08
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/73405
    titleApache 2.2.x < 2.2.27 Multiple Vulnerabilities
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-093.NASL
    descriptionUpdated apache packages fix security vulnerabilities : Apache HTTPD before 2.4.9 was vulnerable to a denial of service in mod_dav when handling DAV_WRITE requests (CVE-2013-6438). Apache HTTPD before 2.4.9 was vulnerable to a denial of service when logging cookies (CVE-2014-0098). A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the apache user (CVE-2014-0226). A denial of service flaw was found in the mod_proxy httpd module. A remote attacker could send a specially crafted request to a server configured as a reverse proxy using a threaded Multi-Processing Modules (MPM) that would cause the httpd child process to crash (CVE-2014-0117). A denial of service flaw was found in the way httpd
    last seen2020-06-01
    modified2020-06-02
    plugin id82346
    published2015-03-30
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82346
    titleMandriva Linux Security Advisory : apache (MDVSA-2015:093)
  • NASL familyWeb Servers
    NASL idORACLE_HTTP_SERVER_CPU_JAN_2015.NASL
    descriptionThe version of Oracle HTTP Server installed on the remote host is affected by multiple vulnerabilities in the Web Listener subcomponent : - An integer overflow condition exists in libxml2 within file xpath.c, related to XPath expressions when adding a new namespace note. An unauthenticated, remote attacker can exploit this, via a crafted XML file, to cause a denial of service condition or the execution of arbitary code. (CVE-2011-1944) - An integer overflow condition exists in the HTTP server, specifically in the ap_pregsub() function within file server/util.c, when the mod_setenvif module is enabled. A local attacker can exploit this to gain elevated privileges by using an .htaccess file with a crafted combination of SetEnvIf directives and HTTP request headers. (CVE-2011-3607) - A flaw exists in libxml2, known as the
    last seen2020-03-18
    modified2015-01-27
    plugin id81002
    published2015-01-27
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81002
    titleOracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (January 2015 CPU)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201408-12.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201408-12 (Apache HTTP Server: Multiple vulnerabilities) Multiple vulnerabilities have been found in Apache HTTP Server. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could send a specially crafted request to possibly execute arbitrary code, cause Denial of Service, or obtain sensitive information. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id77456
    published2014-08-30
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77456
    titleGLSA-201408-12 : Apache HTTP Server: Multiple vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-66.NASL
    descriptionCVE-2014-0231: prevent denial of service in mod_cgid. CVE-2014-0226: prevent denial of service via race in mod_status. CVE-2014-0118: fix resource consumption via mod_deflate body decompression. CVE-2013-6438: prevent denial of service via mod_dav incorrect end of string NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2015-03-26
    plugin id82211
    published2015-03-26
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82211
    titleDebian DLA-66-1 : apache2 security update
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0370.NASL
    descriptionUpdated httpd packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module (for example when using the mod_dav_svn module), a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id73326
    published2014-04-04
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73326
    titleRHEL 6 : httpd (RHSA-2014:0370)
  • NASL familyWeb Servers
    NASL idWEBSPHERE_8_0_0_9.NASL
    descriptionIBM WebSphere Application Server 8.0 prior to Fix Pack 9 is running on the remote host. It is, therefore, affected by the following vulnerabilities : - A cross-site scripting flaw exists within the Administration Console, where user input is improperly validated. This could allow a remote attacker, with a specially crafted request, to execute arbitrary script code within the browser / server trust relationship. (CVE-2013-6323, PI04777 and PI04880) - A denial of service flaw exists within the Global Security Kit when handling SSLv2 resumption during the SSL/TLS handshake. This could allow a remote attacker to crash the program. (CVE-2013-6329, PI05309) - A buffer overflow flaw exists in the HTTP server with the mod_dav module when using add-ons. This could allow a remote attacker to cause a buffer overflow and a denial of service. (CVE-2013-6438, PI09345) - A cross-site scripting flaw exists within OAuth where user input is not properly validated. This could allow a remote attacker, with a specially crafted request, to execute arbitrary script code within the browser / server trust relationship. (CVE-2013-6738, PI05661) - A denial of service flaw exists within the Global Security Kit when handling X.509 certificate chain during the initiation of a SSL/TLS connection. A remote attacker, using a malformed certificate chain, could cause the client or server to crash by hanging the Global Security Kit. (CVE-2013-6747, PI09443) - A denial of service flaw exists within the Apache Commons FileUpload when parsing a content-type header for a multipart request. A remote attacker, using a specially crafted request, could crash the program. (CVE-2014-0050, PI12648, PI12926 and PI13162) - A flaw exists in the Elliptic Curve Digital Signature Algorithm implementation which could allow a malicious process to recover ECDSA nonces. (CVE-2014-0076, PI19700) - A denial of service flaw exists in the
    last seen2020-06-01
    modified2020-06-02
    plugin id76995
    published2014-08-04
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76995
    titleIBM WebSphere Application Server 8.0 < Fix Pack 9 Multiple Vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0369.NASL
    descriptionUpdated httpd packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module (for example when using the mod_dav_svn module), a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id73325
    published2014-04-04
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73325
    titleRHEL 5 : httpd (RHSA-2014:0369)
  • NASL familyJunos Local Security Checks
    NASL idJUNIPER_SPACE_JSA10698.NASL
    descriptionAccording to its self-reported version number, the version of Junos Space running on the remote device is prior to 15.1R1. It is, therefore, affected by multiple vulnerabilities : - An error exists within the Apache
    last seen2020-06-01
    modified2020-06-02
    plugin id91778
    published2016-06-23
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/91778
    titleJuniper Junos Space < 15.1R1 Multiple Vulnerabilities (JSA10698)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2015-004.NASL
    descriptionThe remote host is running a version of Mac OS X 10.8.5 or 10.9.5 that is missing Security Update 2015-004. It is, therefore, affected multiple vulnerabilities in the following components : - Apache - ATS - Certificate Trust Policy - CoreAnimation - FontParser - Graphics Driver - ImageIO - IOHIDFamily - Kernel - LaunchServices - Open Directory Client - OpenLDAP - OpenSSL - PHP - QuickLook - SceneKit - Security - Code SIgning - UniformTypeIdentifiers Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id82700
    published2015-04-10
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82700
    titleMac OS X Multiple Vulnerabilities (Security Update 2015-004) (FREAK)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-0369.NASL
    descriptionFrom Red Hat Security Advisory 2014:0369 : Updated httpd packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module (for example when using the mod_dav_svn module), a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id73323
    published2014-04-04
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73323
    titleOracle Linux 5 : httpd (ELSA-2014-0369)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20140403_HTTPD_ON_SL5_X.NASL
    descriptionIt was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module (for example when using the mod_dav_svn module), a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-03-18
    modified2014-04-07
    plugin id73368
    published2014-04-07
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73368
    titleScientific Linux Security Update : httpd on SL5.x i386/x86_64 (20140403)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-770.NASL
    descriptionThis apache version update fixes various security and non security issues. - Updated to the 2.2.29 - Changes between 2.2.22 and 2.2.29: http://www.apache.org/dist/httpd/CHANGES_2.2 - The following patches are no longer needed and were removed : - httpd-2.2.x-bnc798733-SNI_ignorecase.diff - httpd-2.2.x-bnc806458-mod_imagemap-xss.diff - httpd-2.2.x-bnc806458-mod_info_ap_get_server_name-xss.diff - httpd-2.2.x-bnc806458-mod_proxy_ftp-xss.diff - httpd-2.2.x-bnc806458-util_ldap_cache_mgr-xss.diff - httpd-2.2.x-bnc807152-mod_balancer_handler_xss.diff - httpd-mod_deflate_head.patch - httpd-new_pcre.patch - httpd-2.2.22-SSLCompression_CRIME_mitigation.patch - httpd-2.2.19-linux3.patch - httpd-2.2.x-bnc829056-CVE-2013-1896-pr1482522-mod_dav.diff - httpd-2.2.x-bnc829057-CVE-2013-1862-mod_rewrite_terminal_escape_sequences.diff - httpd-2.2.x-bnc869105-CVE-2013-6438-mod_dav-dos.diff - httpd-2.2.x-bnc869106-CVE-2014-0098-log_cookie_c.diff - httpd-2.2.x-bnc887765-CVE-2014-0226-mod_status_race.diff - httpd-2.2.x-bnc887768-CVE-2014-0231_mod_cgid_DoS_via_no_stdin_read.diff - httpd-2.2.x-bnc777260-CVE-2012-2687-mod_negotiation_filename_xss.diff - httpd-2.2.x-CVE-2011-3368-server_protocl_c.diff - The following patches were updated for the current Apache version : - apache2-mod_ssl_npn.patch - httpd-2.0.54-envvars.dif - httpd-2.2.x-bnc690734.patch - ssl-mode-release-buffers.patch - bnc#871310 fixed in Apache httpd 2.2.29
    last seen2020-06-05
    modified2014-12-16
    plugin id80043
    published2014-12-16
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80043
    titleopenSUSE Security Update : apache2 (openSUSE-SU-2014:1647-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-0369.NASL
    descriptionUpdated httpd packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module (for example when using the mod_dav_svn module), a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id73319
    published2014-04-04
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73319
    titleCentOS 5 : httpd (CESA-2014:0369)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0826.NASL
    descriptionUpdated httpd packages that fix two security issues are now available for Red Hat JBoss Enterprise Application Platform 6.2 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module (for example when using the mod_dav_svn module), a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id76398
    published2014-07-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76398
    titleRHEL 5 / 6 : JBoss EAP (RHSA-2014:0826)
  • NASL familyWeb Servers
    NASL idWEBSPHERE_8_5_5_2.NASL
    descriptionIBM WebSphere Application Server 8.5 prior to Fix Pack 8.5.5.2 appears to be running on the remote host and is, therefore, potentially affected by the following vulnerabilities : - Numerous errors exist related to the included IBM SDK for Java (based on the Oracle JDK) that could allow denial of service attacks and information disclosure. (CVE-2013-5372, CVE-2013-5780, CVE-2013-5803) - User input validation errors exist related to the Administrative console and the Oauth component that could allow cross-site scripting attacks. (CVE-2013-6725 / PM98132, CVE-2013-6323 / PI04777, CVE-2013-6738 / PI05661) - An error exists due to a failure to properly handle by web services endpoint requests that could allow denial of service attacks. (CVE-2013-6325 / PM99450, PI08267) - An error exists in the included IBM Global Security Kit related to SSL handling that could allow denial of service attacks. (CVE-2013-6329 / PI05309) - A flaw exists with the
    last seen2020-06-01
    modified2020-06-02
    plugin id74235
    published2014-05-29
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74235
    titleIBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.2 Multiple Vulnerabilities
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2014-331.NASL
    descriptionIt was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module (for example when using the mod_dav_svn module), a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id78274
    published2014-10-12
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78274
    titleAmazon Linux AMI : httpd (ALAS-2014-331)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2014-065.NASL
    descriptionMultiple vulnerabilities has been found and corrected in apache (ASF HTTPD) : XML parsing code in mod_dav incorrectly calculates the end of the string when removing leading spaces and places a NUL character outside the buffer, causing random crashes. This XML parsing code is only used with DAV provider modules that support DeltaV, of which the only publicly released provider is mod_dav_svn (CVE-2013-6438). A flaw was found in mod_log_config. A remote attacker could send a specific truncated cookie causing a crash. This crash would only be a denial of service if using a threaded MPM (CVE-2014-0098). The updated packages have been upgraded to the latest 2.2.27 version which is not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id73128
    published2014-03-21
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73128
    titleMandriva Linux Security Advisory : apache (MDVSA-2014:065)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2152-1.NASL
    descriptionNing Zhang & Amin Tora discovered that the mod_dav module incorrectly handled whitespace characters in CDATA sections. A remote attacker could use this issue to cause the server to stop responding, resulting in a denial of service. (CVE-2013-6438) Rainer M Canavan discovered that the mod_log_config module incorrectly handled certain cookies. A remote attacker could use this issue to cause the server to stop responding, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10. (CVE-2014-0098). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2014-03-25
    plugin id73179
    published2014-03-25
    reporterUbuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73179
    titleUbuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : apache2 vulnerabilities (USN-2152-1)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_91ECB546B1E611E3980F20CF30E32F6D.NASL
    descriptionApache HTTP SERVER PROJECT reports : Clean up cookie logging with fewer redundant string parsing passes. Log only cookies with a value assignment. Prevents segfaults when logging truncated cookies. mod_dav: Keep track of length of cdata properly when removing leading spaces. Eliminates a potential denial of service from specifically crafted DAV WRITE requests.
    last seen2020-06-01
    modified2020-06-02
    plugin id73151
    published2014-03-24
    reporterThis script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73151
    titleFreeBSD : apache -- several vulnerabilities (91ecb546-b1e6-11e3-980f-20cf30e32f6d)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-0370.NASL
    descriptionFrom Red Hat Security Advisory 2014:0370 : Updated httpd packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module (for example when using the mod_dav_svn module), a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id73324
    published2014-04-04
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73324
    titleOracle Linux 6 : httpd (ELSA-2014-0370)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1419.NASL
    descriptionAccording to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.(CVE-2014-0098) - A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id124922
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124922
    titleEulerOS Virtualization 3.0.1.0 : httpd (EulerOS-SA-2019-1419)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_10_3.NASL
    descriptionThe remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.3. It is, therefore, affected multiple vulnerabilities in the following components : - Admin Framework - Apache - ATS - Certificate Trust Policy - CFNetwork HTTPProtocol - CFNetwork Session - CFURL - CoreAnimation - FontParser - Graphics Driver - Hypervisor - ImageIO - IOHIDFamily - Kernel - LaunchServices - libnetcore - ntp - Open Directory Client - OpenLDAP - OpenSSL - PHP - QuickLook - SceneKit - ScreenSharing - Security - Code SIgning - UniformTypeIdentifiers - WebKit Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id82699
    published2015-04-10
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82699
    titleMac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities (FREAK)
  • NASL familyWeb Servers
    NASL idWEBSPHERE_7_0_0_33.NASL
    descriptionIBM WebSphere Application Server 7.0 prior to Fix Pack 33 is running on the remote host. It is, therefore, affected by the following vulnerabilities : - A cross-site scripting flaw exists within the Administration Console, where user input is improperly validated. This could allow a remote attacker, with a specially crafted request, to execute arbitrary script code within the browser / server trust relationship. (CVE-2013-6323, PI04777 and PI04880) - A denial of service flaw exists within the Global Security Kit when handling SSLv2 resumption during the SSL/TLS handshake. This could allow a remote attacker to crash the program. (CVE-2013-6329, PI05309) - A buffer overflow flaw exists in the HTTP server with the mod_dav module when using add-ons. This could allow a remote attacker to cause a buffer overflow and a denial of service. (CVE-2013-6438, PI09345) - A cross-site scripting flaw exists within OAuth where user input is not properly validated. This could allow a remote attacker, with a specially crafted request, to execute arbitrary script code within the browser / server trust relationship. (CVE-2013-6738, PI05661) - A denial of service flaw exists within the Global Security Kit when handling X.509 certificate chain during the initiation of an SSL/TLS connection. A remote attacker, using a malformed certificate chain, could cause the client or server to crash by hanging the Global Security Kit. (CVE-2013-6747, PI09443) - A denial of service flaw exists within the Apache Commons FileUpload when parsing a content-type header for a multipart request. A remote attacker, using a specially crafted request, could crash the program. (CVE-2014-0050, PI12648, PI12926 and PI13162) - A denial of service flaw exists in the
    last seen2020-06-01
    modified2020-06-02
    plugin id76967
    published2014-08-01
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76967
    titleIBM WebSphere Application Server 7.0 < Fix Pack 33 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2014-1082-1.NASL
    descriptionThis apache2 update fixes the following security issues : - log_cookie mod_log_config.c remote denial of service (CVE-2014-0098, bnc#869106) - mod_dav denial of service (CVE-2013-6438, bnc#869105) - mod_cgid denial of service (CVE-2014-0231, bnc#887768) - mod_status heap-based buffer overflow (CVE-2014-0226, bnc#887765) - mod_rewrite: escape logdata to avoid terminal escapes (CVE-2013-1862, bnc#829057) - mod_dav: segfault in merge request (CVE-2013-1896, bnc#829056) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-05-20
    plugin id83632
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83632
    titleSUSE SLES10 Security Update : apache2 (SUSE-SU-2014:1082-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-502.NASL
    descriptionThis apache2 update fixes the following security issues : - CRIME types of attack, based on size and timing analysis of compressed content, are now mitigated by the new SSLCompression directive, set to
    last seen2020-06-05
    modified2014-08-21
    plugin id77291
    published2014-08-21
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77291
    titleopenSUSE Security Update : apache2 (openSUSE-SU-2014:1045-1)
  • NASL familyWeb Servers
    NASL idAPACHE_2_4_8.NASL
    descriptionAccording to its banner, the version of Apache 2.4.x running on the remote host is a version prior to 2.4.8. It is, therefore, affected by the following vulnerabilities : - A flaw exists with the
    last seen2020-06-01
    modified2020-06-02
    plugin id73081
    published2014-03-18
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73081
    titleApache 2.4.x < 2.4.8 Multiple Vulnerabilities
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2014-086-02.NASL
    descriptionNew httpd packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id73248
    published2014-03-31
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73248
    titleSlackware 14.0 / 14.1 / current : httpd (SSA:2014-086-02)

Redhat

rpms
  • httpd-0:2.2.3-85.el5_10
  • httpd-debuginfo-0:2.2.3-85.el5_10
  • httpd-devel-0:2.2.3-85.el5_10
  • httpd-manual-0:2.2.3-85.el5_10
  • mod_ssl-1:2.2.3-85.el5_10
  • httpd-0:2.2.15-30.el6_5
  • httpd-debuginfo-0:2.2.15-30.el6_5
  • httpd-devel-0:2.2.15-30.el6_5
  • httpd-manual-0:2.2.15-30.el6_5
  • httpd-tools-0:2.2.15-30.el6_5
  • mod_ssl-1:2.2.15-30.el6_5
  • httpd-0:2.2.22-27.ep6.el5
  • httpd-0:2.2.22-27.ep6.el6
  • httpd-debuginfo-0:2.2.22-27.ep6.el5
  • httpd-debuginfo-0:2.2.22-27.ep6.el6
  • httpd-devel-0:2.2.22-27.ep6.el5
  • httpd-devel-0:2.2.22-27.ep6.el6
  • httpd-manual-0:2.2.22-27.ep6.el5
  • httpd-manual-0:2.2.22-27.ep6.el6
  • httpd-tools-0:2.2.22-27.ep6.el5
  • httpd-tools-0:2.2.22-27.ep6.el6
  • mod_ssl-1:2.2.22-27.ep6.el5
  • mod_ssl-1:2.2.22-27.ep6.el6
  • httpd-0:2.2.22-27.ep6.el5
  • httpd-0:2.2.22-27.ep6.el6
  • httpd-debuginfo-0:2.2.22-27.ep6.el5
  • httpd-debuginfo-0:2.2.22-27.ep6.el6
  • httpd-devel-0:2.2.22-27.ep6.el5
  • httpd-devel-0:2.2.22-27.ep6.el6
  • httpd-tools-0:2.2.22-27.ep6.el5
  • httpd-tools-0:2.2.22-27.ep6.el6
  • mod_ssl-1:2.2.22-27.ep6.el5
  • mod_ssl-1:2.2.22-27.ep6.el6

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 66303 CVE ID: CVE-2013-6438,CVE-2014-0098 Apache HTTP Server是开源HTTP服务器。 Apache HTTP Server 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1在实现上存在安全漏洞,可被恶意利用造成拒绝服务。 1、记录截断cookie时,mod_log_config模块存在错误,可被利用造成工作线程崩溃。要成功利用此漏洞需要使用线程化MPM。 2、删除前导空格时,mod_dav模块存在边界错误,可被利用通过特制的DAV WRITE请求破坏内存。 0 Apache Group Apache HTTP Server &lt; 2.4.9 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://httpd.apache.org/
idSSV:61874
last seen2017-11-19
modified2014-03-20
published2014-03-20
reporterRoot
titleApache HTTP Server多个拒绝服务漏洞

References