Vulnerabilities > CVE-2014-0226 - Race Condition vulnerability in multiple products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
apache
debian
redhat
oracle
CWE-362
nessus
exploit available

Summary

Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.

Vulnerable Configurations

Part Description Count
Application
Apache
39
Application
Redhat
2
Application
Oracle
10
OS
Debian
2
OS
Redhat
2

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Leveraging Race Conditions
    This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
  • Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
    This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.

Exploit-Db

descriptionApache 2.4.7 mod_status Scoreboard Handling Race Condition. CVE-2014-0226. Dos exploit for linux platform
fileexploits/linux/dos/34133.txt
idEDB-ID:34133
last seen2016-02-03
modified2014-07-21
platformlinux
port
published2014-07-21
reporterMarek Kroemeke
sourcehttps://www.exploit-db.com/download/34133/
titleApache 2.4.7 mod_status Scoreboard Handling Race Condition
typedos

Nessus

  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2014-388.NASL
    descriptionA race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id78331
    published2014-10-12
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78331
    titleAmazon Linux AMI : httpd (ALAS-2014-388)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2014-388.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78331);
      script_version("1.6");
      script_cvs_date("Date: 2018/04/18 15:09:35");
    
      script_cve_id("CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231");
      script_xref(name:"ALAS", value:"2014-388");
      script_xref(name:"RHSA", value:"2014:0920");
    
      script_name(english:"Amazon Linux AMI : httpd (ALAS-2014-388)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A race condition flaw, leading to heap-based buffer overflows, was
    found in the mod_status httpd module. A remote attacker able to access
    a status page served by mod_status on a server using a threaded
    Multi-Processing Module (MPM) could send a specially crafted request
    that would cause the httpd child process to crash or, possibly, allow
    the attacker to execute arbitrary code with the privileges of the
    'apache' user. (CVE-2014-0226)
    
    A denial of service flaw was found in the way httpd's mod_deflate
    module handled request body decompression (configured via the
    'DEFLATE' input filter). A remote attacker able to send a request
    whose body would be decompressed could use this flaw to consume an
    excessive amount of system memory and CPU on the target system.
    (CVE-2014-0118)
    
    A denial of service flaw was found in the way httpd's mod_cgid module
    executed CGI scripts that did not read data from the standard input. A
    remote attacker could submit a specially crafted request that would
    cause the httpd child process to hang indefinitely. (CVE-2014-0231)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2014-388.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update httpd' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd-manual");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mod_ssl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/07/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"httpd-2.2.27-1.3.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"httpd-debuginfo-2.2.27-1.3.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"httpd-devel-2.2.27-1.3.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"httpd-manual-2.2.27-1.3.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"httpd-tools-2.2.27-1.3.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"mod_ssl-2.2.27-1.3.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-1087.NASL
    descriptionRed Hat JBoss Web Server 2.1.0, which fixes multiple security issues and several bugs, is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.1, and includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.1.0 Release Notes, linked to in the References section, for information on the most significant of these changes. The following security issues are also fixed with this release : A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id77356
    published2014-08-23
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77356
    titleRHEL 6 : JBoss Web Server (RHSA-2014:1087)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2014:1087. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(77356);
      script_version("1.22");
      script_cvs_date("Date: 2019/10/24 15:35:38");
    
      script_cve_id("CVE-2013-4590", "CVE-2014-0118", "CVE-2014-0119", "CVE-2014-0226", "CVE-2014-0227", "CVE-2014-0231");
      script_xref(name:"RHSA", value:"2014:1087");
    
      script_name(english:"RHEL 6 : JBoss Web Server (RHSA-2014:1087)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Red Hat JBoss Web Server 2.1.0, which fixes multiple security issues
    and several bugs, is now available for Red Hat Enterprise Linux 6.
    
    Red Hat Product Security has rated this update as having Important
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    Red Hat JBoss Web Server is a fully integrated and certified set of
    components for hosting Java web applications. It is comprised of the
    Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat
    Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and
    the Tomcat Native library.
    
    This release serves as a replacement for Red Hat JBoss Web Server
    2.0.1, and includes several bug fixes. Refer to the Red Hat JBoss Web
    Server 2.1.0 Release Notes, linked to in the References section, for
    information on the most significant of these changes.
    
    The following security issues are also fixed with this release :
    
    A race condition flaw, leading to heap-based buffer overflows, was
    found in the mod_status httpd module. A remote attacker able to access
    a status page served by mod_status on a server using a threaded
    Multi-Processing Module (MPM) could send a specially crafted request
    that would cause the httpd child process to crash or, possibly, allow
    the attacker to execute arbitrary code with the privileges of the
    'apache' user. (CVE-2014-0226)
    
    A denial of service flaw was found in the way httpd's mod_deflate
    module handled request body decompression (configured via the
    'DEFLATE' input filter). A remote attacker able to send a request
    whose body would be decompressed could use this flaw to consume an
    excessive amount of system memory and CPU on the target system.
    (CVE-2014-0118)
    
    A denial of service flaw was found in the way httpd's mod_cgid module
    executed CGI scripts that did not read data from the standard input. A
    remote attacker could submit a specially crafted request that would
    cause the httpd child process to hang indefinitely. (CVE-2014-0231)
    
    It was found that several application-provided XML files, such as
    web.xml, content.xml, *.tld, *.tagx, and *.jspx, resolved external
    entities, permitting XML External Entity (XXE) attacks. An attacker
    able to deploy malicious applications to Tomcat could use this flaw to
    circumvent security restrictions set by the JSM, and gain access to
    sensitive information on the system. Note that this flaw only affected
    deployments in which Tomcat is running applications from untrusted
    sources, such as in a shared hosting environment. (CVE-2013-4590)
    
    It was found that, in certain circumstances, it was possible for a
    malicious web application to replace the XML parsers used by Tomcat to
    process XSLTs for the default servlet, JSP documents, tag library
    descriptors (TLDs), and tag plug-in configuration files. The injected
    XML parser(s) could then bypass the limits imposed on XML external
    entities and/or gain access to the XML files processed for other web
    applications deployed on the same Tomcat instance. (CVE-2014-0119)
    
    All users of Red Hat JBoss Web Server 2.0.1 on Red Hat Enterprise
    Linux 6 are advised to upgrade to Red Hat JBoss Web Server 2.1.0. The
    JBoss server process must be restarted for this update to take effect."
      );
      # https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Web_Server/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?765407e2"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2014:1087"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-4590"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-0118"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-0119"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-0226"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-0227"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-0231"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:antlr-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-collections-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-collections-tomcat-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-daemon-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-daemon-jsvc-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-daemon-jsvc-eap6-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-logging-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-logging-tomcat-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-pool-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-pool-tomcat-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:dom4j-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate4-c3p0-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate4-core-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate4-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate4-entitymanager-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate4-envers-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate4-infinispan-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-manual");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:javassist-eap6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-logging");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-transaction-api_1.1_spec");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_cluster");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_cluster-native");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_cluster-native-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_jk-ap22");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_jk-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_jk-manual");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_rt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_rt-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_snmp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_ssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:storeconfig-tc6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:storeconfig-tc7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat-native");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat-native-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-lib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-log4j");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-el-2.2-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-lib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/02/26");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/08/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/23");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2014:1087";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
    
      if (! (rpm_exists(release:"RHEL6", rpm:"jws-2"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "JBoss Web Server");
    
      if (rpm_check(release:"RHEL6", reference:"antlr-eap6-2.7.7-17.redhat_4.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"apache-commons-collections-eap6-3.2.1-15.redhat_3.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"apache-commons-collections-tomcat-eap6-3.2.1-15.redhat_3.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"apache-commons-daemon-eap6-1.0.15-5.redhat_1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"apache-commons-daemon-jsvc-eap6-1.0.15-6.redhat_2.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"apache-commons-daemon-jsvc-eap6-1.0.15-6.redhat_2.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"apache-commons-daemon-jsvc-eap6-debuginfo-1.0.15-6.redhat_2.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"apache-commons-daemon-jsvc-eap6-debuginfo-1.0.15-6.redhat_2.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"apache-commons-logging-eap6-1.1.1-7.9_redhat_1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"apache-commons-logging-tomcat-eap6-1.1.1-7.9_redhat_1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"apache-commons-pool-eap6-1.6-7.redhat_6.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"apache-commons-pool-tomcat-eap6-1.6-7.redhat_6.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"dom4j-eap6-1.6.1-20.redhat_6.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"hibernate4-c3p0-eap6-4.2.14-3.SP1_redhat_1.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"hibernate4-core-eap6-4.2.14-3.SP1_redhat_1.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"hibernate4-eap6-4.2.14-3.SP1_redhat_1.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"hibernate4-entitymanager-eap6-4.2.14-3.SP1_redhat_1.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"hibernate4-envers-eap6-4.2.14-3.SP1_redhat_1.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"hibernate4-infinispan-eap6-4.2.14-3.SP1_redhat_1.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"httpd-2.2.26-35.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"httpd-2.2.26-35.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"httpd-debuginfo-2.2.26-35.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"httpd-debuginfo-2.2.26-35.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"httpd-devel-2.2.26-35.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"httpd-devel-2.2.26-35.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"httpd-manual-2.2.26-35.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"httpd-manual-2.2.26-35.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"httpd-tools-2.2.26-35.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"httpd-tools-2.2.26-35.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"javassist-eap6-3.18.1-1.GA_redhat_1.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"jboss-logging-3.1.4-1.GA_redhat_1.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"jboss-transaction-api_1.1_spec-1.0.1-12.Final_redhat_2.2.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"mod_cluster-1.2.9-1.Final_redhat_1.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"mod_cluster-native-1.2.9-3.Final_redhat_2.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mod_cluster-native-1.2.9-3.Final_redhat_2.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"mod_cluster-native-debuginfo-1.2.9-3.Final_redhat_2.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mod_cluster-native-debuginfo-1.2.9-3.Final_redhat_2.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"mod_cluster-tomcat6-1.2.9-1.Final_redhat_1.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"mod_cluster-tomcat7-1.2.9-1.Final_redhat_1.1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"mod_jk-ap22-1.2.40-2.redhat_1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mod_jk-ap22-1.2.40-2.redhat_1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"mod_jk-debuginfo-1.2.40-2.redhat_1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mod_jk-debuginfo-1.2.40-2.redhat_1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"mod_jk-manual-1.2.40-2.redhat_1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mod_jk-manual-1.2.40-2.redhat_1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"mod_rt-2.4.1-6.GA.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mod_rt-2.4.1-6.GA.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"mod_rt-debuginfo-2.4.1-6.GA.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mod_rt-debuginfo-2.4.1-6.GA.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"mod_snmp-2.4.1-13.GA.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mod_snmp-2.4.1-13.GA.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"mod_snmp-debuginfo-2.4.1-13.GA.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mod_snmp-debuginfo-2.4.1-13.GA.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"mod_ssl-2.2.26-35.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mod_ssl-2.2.26-35.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"storeconfig-tc6-0.0.1-7.Alpha3_redhat_12.3.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"storeconfig-tc7-0.0.1-7.Alpha3_redhat_12.5.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"tomcat-native-1.1.30-2.redhat_1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"tomcat-native-1.1.30-2.redhat_1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i386", reference:"tomcat-native-debuginfo-1.1.30-2.redhat_1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"tomcat-native-debuginfo-1.1.30-2.redhat_1.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat6-6.0.41-5_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat6-admin-webapps-6.0.41-5_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat6-docs-webapp-6.0.41-5_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat6-el-2.1-api-6.0.41-5_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat6-javadoc-6.0.41-5_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat6-jsp-2.1-api-6.0.41-5_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat6-lib-6.0.41-5_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat6-log4j-6.0.41-5_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat6-servlet-2.5-api-6.0.41-5_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat6-webapps-6.0.41-5_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat7-7.0.54-6_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat7-admin-webapps-7.0.54-6_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat7-docs-webapp-7.0.54-6_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat7-el-2.2-api-7.0.54-6_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat7-javadoc-7.0.54-6_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat7-jsp-2.2-api-7.0.54-6_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat7-lib-7.0.54-6_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat7-log4j-7.0.54-6_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat7-servlet-3.0-api-7.0.54-6_patch_02.ep6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"tomcat7-webapps-7.0.54-6_patch_02.ep6.el6")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "antlr-eap6 / apache-commons-collections-eap6 / etc");
      }
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-503.NASL
    descriptionThis apache2 update fixes the following security issues : - fix for crash in mod_proxy processing specially crafted requests with reverse proxy configurations that results in a crash and a DoS condition for the server. CVE-2014-0117 - new config option CGIDScriptTimeout set to 60s in new file conf.d/cgid-timeout.conf, preventing worker processes hanging forever if a cgi launched from them has stopped reading input from the server (DoS). CVE-2014-0231 - Fix for a NULL pointer dereference in mod_cache that causes a crash in caching forwarding configurations, resulting in a DoS condition. CVE-2013-4352 - fix for crash in parsing cookie content, resulting in a DoS against the server CVE-2014-0098 - fix for mod_status race condition in scoreboard handling and consecutive heap overflow and information disclosure if access to mod_status is granted to a potential attacker. CVE-2014-0226 - fix for improper handling of whitespace characters from CDATA sections to mod_dav, leading to a crash and a DoS condition of the apache server process CVE-2013-6438
    last seen2020-06-05
    modified2014-08-21
    plugin id77292
    published2014-08-21
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77292
    titleopenSUSE Security Update : apache2 (openSUSE-SU-2014:1044-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2014-503.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(77292);
      script_version("1.8");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-4352", "CVE-2013-6438", "CVE-2014-0098", "CVE-2014-0117", "CVE-2014-0226", "CVE-2014-0231");
    
      script_name(english:"openSUSE Security Update : apache2 (openSUSE-SU-2014:1044-1)");
      script_summary(english:"Check for the openSUSE-2014-503 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This apache2 update fixes the following security issues :
    
      - fix for crash in mod_proxy processing specially crafted
        requests with reverse proxy configurations that results
        in a crash and a DoS condition for the server.
        CVE-2014-0117
    
      - new config option CGIDScriptTimeout set to 60s in new
        file conf.d/cgid-timeout.conf, preventing worker
        processes hanging forever if a cgi launched from them
        has stopped reading input from the server (DoS).
        CVE-2014-0231
    
      - Fix for a NULL pointer dereference in mod_cache that
        causes a crash in caching forwarding configurations,
        resulting in a DoS condition. CVE-2013-4352
    
      - fix for crash in parsing cookie content, resulting in a
        DoS against the server CVE-2014-0098
    
      - fix for mod_status race condition in scoreboard handling
        and consecutive heap overflow and information disclosure
        if access to mod_status is granted to a potential
        attacker. CVE-2014-0226
    
      - fix for improper handling of whitespace characters from
        CDATA sections to mod_dav, leading to a crash and a DoS
        condition of the apache server process CVE-2013-6438"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=869105"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=869106"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=887765"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=887767"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=887768"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=887771"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2014-08/msg00031.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected apache2 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-event");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-event-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-example-pages");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-prefork");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-prefork-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-utils-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-worker");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-worker-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/08/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/21");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE13.1", reference:"apache2-2.4.6-6.27.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"apache2-debuginfo-2.4.6-6.27.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"apache2-debugsource-2.4.6-6.27.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"apache2-devel-2.4.6-6.27.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"apache2-event-2.4.6-6.27.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"apache2-event-debuginfo-2.4.6-6.27.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"apache2-example-pages-2.4.6-6.27.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"apache2-prefork-2.4.6-6.27.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"apache2-prefork-debuginfo-2.4.6-6.27.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"apache2-utils-2.4.6-6.27.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"apache2-utils-debuginfo-2.4.6-6.27.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"apache2-worker-2.4.6-6.27.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"apache2-worker-debuginfo-2.4.6-6.27.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2 / apache2-debuginfo / apache2-debugsource / apache2-devel / etc");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201504-03.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201504-03 (Apache: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Apache HTTP Server. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to execute arbitrary code or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id82733
    published2015-04-13
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82733
    titleGLSA-201504-03 : Apache: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201504-03.
    #
    # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(82733);
      script_version("1.8");
      script_cvs_date("Date: 2018/12/05 20:31:22");
    
      script_cve_id("CVE-2013-5704", "CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231");
      script_bugtraq_id(68678, 68742, 68745, 73135);
      script_xref(name:"GLSA", value:"201504-03");
    
      script_name(english:"GLSA-201504-03 : Apache: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201504-03
    (Apache: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in Apache HTTP Server.
          Please review the CVE identifiers referenced below for details.
      
    Impact :
    
        A remote attacker may be able to execute arbitrary code or cause a
          Denial of Service condition.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201504-03"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Apache users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=www-servers/apache-2.2.29'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:apache");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/04/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"www-servers/apache", unaffected:make_list("ge 2.2.29"), vulnerable:make_list("lt 2.2.29"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Apache");
    }
    
  • NASL familyMisc.
    NASL idJUNIPER_NSM_JSA10685_CRED.NASL
    descriptionThe remote host is running a version of NSM (Network and Security Manager) Server that is prior to 2012.2R9. It is, therefore, affected by multiple vulnerabilities in the bundled version of Apache HTTP Server : - A flaw exists due to improper escaping of filenames in 406 and 300 HTTP responses. A remote attacker can exploit this, by uploading a file with a specially crafted name, to inject arbitrary HTTP headers or conduct cross-site scripting attacks. (CVE-2008-0456) - Multiple cross-site scripting vulnerabilities exist in the mod_negotiation module due to improper sanitization of input passed via filenames. An attacker can exploit this to execute arbitrary script code in a user
    last seen2020-06-01
    modified2020-06-02
    plugin id84878
    published2015-07-20
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84878
    titleJuniper NSM < 2012.2R9 Apache HTTP Server Multiple Vulnerabilities (JSA10685) (credentialed check)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_APACHE2-140721.NASL
    descriptionThis update for the Apache Web Server provides the following fixes : - Fixed a heap-based buffer overflow on apache module mod_status. (bnc#887765, CVE-2014-0226) - Properly remove whitespace characters from CDATA sections to avoid remote denial of service by crashing the Apache Server process. (bnc#869105, CVE-2013-6438) - Correction to parsing of cookie content; this can lead to a crash with a specially designed cookie sent to the server. (bnc#869106, CVE-2014-0098) - ECC support should not be missing. (bnc#859916) This update also introduces a new configuration parameter CGIDScriptTimeout, which defaults to the value of parameter Timeout. CGIDScriptTimeout is set to 60s if mod_cgid is loaded/active, via /etc/apache2/conf.d/cgid-timeout.conf. The new directive and its effect prevent request workers to be eaten until starvation if cgi programs do not send output back to the server within the timeout set by CGIDScriptTimeout. (bnc#887768, CVE-2014-0231)
    last seen2020-06-05
    modified2014-08-07
    plugin id77048
    published2014-08-07
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77048
    titleSuSE 11.3 Security Update : Apache Web Server (SAT Patch Number 9542)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2989.NASL
    descriptionSeveral security issues were found in the Apache HTTP server. - CVE-2014-0118 The DEFLATE input filter (inflates request bodies) in mod_deflate allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size. - CVE-2014-0226 A race condition was found in mod_status. An attacker able to access a public server status page on a server could send carefully crafted requests which could lead to a heap buffer overflow, causing denial of service, disclosure of sensitive information, or potentially the execution of arbitrary code. - CVE-2014-0231 A flaw was found in mod_cgid. If a server using mod_cgid hosted CGI scripts which did not consume standard input, a remote attacker could cause child processes to hang indefinitely, leading to denial of service.
    last seen2020-03-17
    modified2014-07-26
    plugin id76844
    published2014-07-26
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76844
    titleDebian DSA-2989-1 : apache2 - security update
  • NASL familyMisc.
    NASL idJUNIPER_NSM_JSA10685.NASL
    descriptionThe remote host is running a version of NSM (Network and Security Manager) Server that is prior to 2012.2R9. It is, therefore, affected by multiple vulnerabilities in the bundled version of Apache HTTP Server : - A flaw exists due to improper escaping of filenames in 406 and 300 HTTP responses. A remote attacker can exploit this, by uploading a file with a specially crafted name, to inject arbitrary HTTP headers or conduct cross-site scripting attacks. (CVE-2008-0456) - Multiple cross-site scripting vulnerabilities exist in the mod_negotiation module due to improper sanitization of input passed via filenames. An attacker can exploit this to execute arbitrary script code in a user
    last seen2020-06-01
    modified2020-06-02
    plugin id84877
    published2015-07-20
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84877
    titleJuniper NSM < 2012.2R9 Apache HTTP Server Multiple Vulnerabilities (JSA10685)
  • NASL familyWeb Servers
    NASL idWEBSPHERE_8_5_5_4.NASL
    descriptionThe IBM WebSphere Application Server running on the remote host is version 8.5 prior to Fix Pack 8.5.5.4. It is, therefore, affected by the following vulnerabilities : - Multiple errors exist related to the included IBM HTTP server that can allow remote code execution or denial of service. (CVE-2013-5704, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231 / PI22070) - An unspecified error exists related to HTTP headers that can allow information disclosure. (CVE-2014-3021 / PI08268) - An error exists related to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A man-in-the-middle attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. This is also known as the
    last seen2020-06-01
    modified2020-06-02
    plugin id80398
    published2015-01-07
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80398
    titleIBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.4 Multiple Vulnerabilities (POODLE)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-0920.NASL
    descriptionFrom Red Hat Security Advisory 2014:0920 : Updated httpd packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id76744
    published2014-07-24
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76744
    titleOracle Linux 5 / 6 : httpd (ELSA-2014-0920)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-0921.NASL
    descriptionFrom Red Hat Security Advisory 2014:0921 : Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id76745
    published2014-07-24
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76745
    titleOracle Linux 7 : httpd (ELSA-2014-0921)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-093.NASL
    descriptionUpdated apache packages fix security vulnerabilities : Apache HTTPD before 2.4.9 was vulnerable to a denial of service in mod_dav when handling DAV_WRITE requests (CVE-2013-6438). Apache HTTPD before 2.4.9 was vulnerable to a denial of service when logging cookies (CVE-2014-0098). A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the apache user (CVE-2014-0226). A denial of service flaw was found in the mod_proxy httpd module. A remote attacker could send a specially crafted request to a server configured as a reverse proxy using a threaded Multi-Processing Modules (MPM) that would cause the httpd child process to crash (CVE-2014-0117). A denial of service flaw was found in the way httpd
    last seen2020-06-01
    modified2020-06-02
    plugin id82346
    published2015-03-30
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82346
    titleMandriva Linux Security Advisory : apache (MDVSA-2015:093)
  • NASL familyWeb Servers
    NASL idORACLE_HTTP_SERVER_CPU_JAN_2015.NASL
    descriptionThe version of Oracle HTTP Server installed on the remote host is affected by multiple vulnerabilities in the Web Listener subcomponent : - An integer overflow condition exists in libxml2 within file xpath.c, related to XPath expressions when adding a new namespace note. An unauthenticated, remote attacker can exploit this, via a crafted XML file, to cause a denial of service condition or the execution of arbitary code. (CVE-2011-1944) - An integer overflow condition exists in the HTTP server, specifically in the ap_pregsub() function within file server/util.c, when the mod_setenvif module is enabled. A local attacker can exploit this to gain elevated privileges by using an .htaccess file with a crafted combination of SetEnvIf directives and HTTP request headers. (CVE-2011-3607) - A flaw exists in libxml2, known as the
    last seen2020-03-18
    modified2015-01-27
    plugin id81002
    published2015-01-27
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81002
    titleOracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (January 2015 CPU)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201408-12.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201408-12 (Apache HTTP Server: Multiple vulnerabilities) Multiple vulnerabilities have been found in Apache HTTP Server. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could send a specially crafted request to possibly execute arbitrary code, cause Denial of Service, or obtain sensitive information. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id77456
    published2014-08-30
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77456
    titleGLSA-201408-12 : Apache HTTP Server: Multiple vulnerabilities
  • NASL familyWeb Servers
    NASL idHPSMH_7_5.NASL
    descriptionAccording to the web server
    last seen2020-06-01
    modified2020-06-02
    plugin id84923
    published2015-07-22
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84923
    titleHP System Management Homepage 7.3.x / 7.4.x < 7.5.0 Multiple Vulnerabilities (FREAK)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-66.NASL
    descriptionCVE-2014-0231: prevent denial of service in mod_cgid. CVE-2014-0226: prevent denial of service via race in mod_status. CVE-2014-0118: fix resource consumption via mod_deflate body decompression. CVE-2013-6438: prevent denial of service via mod_dav incorrect end of string NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2015-03-26
    plugin id82211
    published2015-03-26
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82211
    titleDebian DLA-66-1 : apache2 security update
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-0921.NASL
    descriptionUpdated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id76716
    published2014-07-24
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76716
    titleCentOS 7 : httpd (CESA-2014:0921)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2015-004.NASL
    descriptionThe remote host is running a version of Mac OS X 10.8.5 or 10.9.5 that is missing Security Update 2015-004. It is, therefore, affected multiple vulnerabilities in the following components : - Apache - ATS - Certificate Trust Policy - CoreAnimation - FontParser - Graphics Driver - ImageIO - IOHIDFamily - Kernel - LaunchServices - Open Directory Client - OpenLDAP - OpenSSL - PHP - QuickLook - SceneKit - Security - Code SIgning - UniformTypeIdentifiers Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id82700
    published2015-04-10
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82700
    titleMac OS X Multiple Vulnerabilities (Security Update 2015-004) (FREAK)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-1020.NASL
    descriptionUpdated Red Hat JBoss Enterprise Application Platform 6.3.0 packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id77079
    published2014-08-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77079
    titleRHEL 6 : JBoss EAP (RHSA-2014:1020)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0920.NASL
    descriptionUpdated httpd packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id76749
    published2014-07-24
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76749
    titleRHEL 5 / 6 : httpd (RHSA-2014:0920)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2014-389.NASL
    descriptionA race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id78332
    published2014-10-12
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78332
    titleAmazon Linux AMI : httpd24 (ALAS-2014-389)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_APACHE_20141014.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger a missing hostname value. (CVE-2013-4352) - The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header. (CVE-2014-0117) - The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size. (CVE-2014-0118) - Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c. (CVE-2014-0226) - The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor. (CVE-2014-0231)
    last seen2020-06-01
    modified2020-06-02
    plugin id80589
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80589
    titleOracle Solaris Third-Party Patch Update : apache (multiple_denial_of_service_dos5)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-770.NASL
    descriptionThis apache version update fixes various security and non security issues. - Updated to the 2.2.29 - Changes between 2.2.22 and 2.2.29: http://www.apache.org/dist/httpd/CHANGES_2.2 - The following patches are no longer needed and were removed : - httpd-2.2.x-bnc798733-SNI_ignorecase.diff - httpd-2.2.x-bnc806458-mod_imagemap-xss.diff - httpd-2.2.x-bnc806458-mod_info_ap_get_server_name-xss.diff - httpd-2.2.x-bnc806458-mod_proxy_ftp-xss.diff - httpd-2.2.x-bnc806458-util_ldap_cache_mgr-xss.diff - httpd-2.2.x-bnc807152-mod_balancer_handler_xss.diff - httpd-mod_deflate_head.patch - httpd-new_pcre.patch - httpd-2.2.22-SSLCompression_CRIME_mitigation.patch - httpd-2.2.19-linux3.patch - httpd-2.2.x-bnc829056-CVE-2013-1896-pr1482522-mod_dav.diff - httpd-2.2.x-bnc829057-CVE-2013-1862-mod_rewrite_terminal_escape_sequences.diff - httpd-2.2.x-bnc869105-CVE-2013-6438-mod_dav-dos.diff - httpd-2.2.x-bnc869106-CVE-2014-0098-log_cookie_c.diff - httpd-2.2.x-bnc887765-CVE-2014-0226-mod_status_race.diff - httpd-2.2.x-bnc887768-CVE-2014-0231_mod_cgid_DoS_via_no_stdin_read.diff - httpd-2.2.x-bnc777260-CVE-2012-2687-mod_negotiation_filename_xss.diff - httpd-2.2.x-CVE-2011-3368-server_protocl_c.diff - The following patches were updated for the current Apache version : - apache2-mod_ssl_npn.patch - httpd-2.0.54-envvars.dif - httpd-2.2.x-bnc690734.patch - ssl-mode-release-buffers.patch - bnc#871310 fixed in Apache httpd 2.2.29
    last seen2020-06-05
    modified2014-12-16
    plugin id80043
    published2014-12-16
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80043
    titleopenSUSE Security Update : apache2 (openSUSE-SU-2014:1647-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-1019.NASL
    descriptionUpdated Red Hat JBoss Enterprise Application Platform 6.3.0 packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id77078
    published2014-08-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77078
    titleRHEL 5 : JBoss EAP (RHSA-2014:1019)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0921.NASL
    descriptionUpdated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id76905
    published2014-07-30
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76905
    titleRHEL 7 : httpd (RHSA-2014:0921)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_4364E1F10F4411E4B09020CF30E32F6D.NASL
    descriptionApache HTTP SERVER PROJECT reports : mod_proxy: Fix crash in Connection header handling which allowed a denial of service attack against a reverse proxy with a threaded MPM. Fix a race condition in scoreboard handling, which could lead to a heap buffer overflow. mod_deflate: The DEFLATE input filter (inflates request bodies) now limits the length and compression ratio of inflated request bodies to avoid denial of sevice via highly compressed bodies. See directives DeflateInflateLimitRequestBody, DeflateInflateRatioLimit, and DeflateInflateRatioBurst. mod_cgid: Fix a denial of service against CGI scripts that do not consume stdin that could lead to lingering HTTPD child processes filling up the scoreboard and eventually hanging the server. By default, the client I/O timeout (Timeout directive) now applies to communication with scripts. The CGIDScriptTimeout directive can be used to set a different timeout for communication with scripts.
    last seen2020-06-01
    modified2020-06-02
    plugin id76614
    published2014-07-21
    reporterThis script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76614
    titleFreeBSD : apache24 -- several vulnerabilities (4364e1f1-0f44-11e4-b090-20cf30e32f6d)
  • NASL familyMisc.
    NASL idORACLE_SECURE_GLOBAL_DESKTOP_JAN_2015_CPU.NASL
    descriptionThe remote host has a version of Oracle Secure Global Desktop that is version 4.63, 4.71, 5.0 or 5.1. It is, therefore, affected by multiple vulnerabilities in the following components : - Apache HTTP Server - Client - Gateway JARP module - Gateway Reverse Proxy - OpenSSL - Print Servlet (only in 5.0 / 5.1) - SGD SSL Daemon (ttassl) - Web Server
    last seen2020-06-01
    modified2020-06-02
    plugin id80912
    published2015-01-22
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80912
    titleOracle Secure Global Desktop Multiple Vulnerabilities (January 2015 CPU) (POODLE)
  • NASL familyWeb Servers
    NASL idWEBSPHERE_8_0_0_10.NASL
    descriptionThe remote host is running IBM WebSphere Application Server version 8.0 prior to Fix Pack 10. It is, therefore, affected by the following vulnerabilities : - Multiple errors exist related to the included IBM HTTP server that can allow remote code execution or denial of service. (CVE-2013-5704, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231 / PI22070) - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the
    last seen2020-06-01
    modified2020-06-02
    plugin id81401
    published2015-02-18
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81401
    titleIBM WebSphere Application Server 8.0 < Fix Pack 10 Multiple Vulnerabilities (POODLE)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_F927E06C110911E4B09020CF30E32F6D.NASL
    descriptionApache HTTP SERVER PROJECT reports : mod_deflate: The DEFLATE input filter (inflates request bodies) now limits the length and compression ratio of inflated request bodies to avoid denial of service via highly compressed bodies. See directives DeflateInflateLimitRequestBody, DeflateInflateRatioLimit, and DeflateInflateRatioBurst. mod_cgid: Fix a denial of service against CGI scripts that do not consume stdin that could lead to lingering HTTPD child processes filling up the scoreboard and eventually hanging the server. By default, the client I/O timeout (Timeout directive) now applies to communication with scripts. The CGIDScriptTimeout directive can be used to set a different timeout for communication with scripts. Fix a race condition in scoreboard handling, which could lead to a heap buffer overflow. core: HTTP trailers could be used to replace HTTP headers late during request processing, potentially undoing or otherwise confusing modules that examined or modified request headers earlier. Adds
    last seen2020-06-01
    modified2020-06-02
    plugin id76780
    published2014-07-25
    reporterThis script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76780
    titleFreeBSD : apache22 -- several vulnerabilities (f927e06c-1109-11e4-b090-20cf30e32f6d)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2014-142.NASL
    descriptionUpdated apache package fixes security vulnerabilities : A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the apache user (CVE-2014-0226). A denial of service flaw was found in the way httpd
    last seen2020-06-01
    modified2020-06-02
    plugin id76923
    published2014-07-31
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76923
    titleMandriva Linux Security Advisory : apache (MDVSA-2014:142)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2014-204-01.NASL
    descriptionNew httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id76712
    published2014-07-24
    reporterThis script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/76712
    titleSlackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : httpd (SSA:2014-204-01)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-1088.NASL
    descriptionRed Hat JBoss Web Server 2.1.0, which fixes multiple security issues and several bugs, is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.1, and includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.1.0 Release Notes, linked to in the References section, for information on the most significant of these changes. The following security issues are also fixed with this release : A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id77357
    published2014-08-23
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77357
    titleRHEL 5 : JBoss Web Server (RHSA-2014:1088)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-0920.NASL
    descriptionUpdated httpd packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id76715
    published2014-07-24
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76715
    titleCentOS 5 / 6 : httpd (CESA-2014:0920)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1419.NASL
    descriptionAccording to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.(CVE-2014-0098) - A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id124922
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124922
    titleEulerOS Virtualization 3.0.1.0 : httpd (EulerOS-SA-2019-1419)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-8742.NASL
    descriptionThis update includes the latest stable release of the Apache HTTP Server, httpd 2.4.10. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-07-26
    plugin id76852
    published2014-07-26
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76852
    titleFedora 20 : httpd-2.4.10-1.fc20 (2014-8742)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20140723_HTTPD_ON_SL5_X.NASL
    descriptionA race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the
    last seen2020-03-18
    modified2014-07-24
    plugin id76753
    published2014-07-24
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76753
    titleScientific Linux Security Update : httpd on SL5.x, SL6.x i386/x86_64 (20140723)
  • NASL familyWeb Servers
    NASL idWEBSPHERE_7_0_0_35.NASL
    descriptionThe remote host is running a version of IBM WebSphere Application Server 7.0 prior to Fix Pack 35. It is, therefore, affected by the following vulnerabilities : - Multiple errors exist related to the included IBM HTTP server that could allow remote code execution or denial of service. (CVE-2013-5704, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231 / PI22070) - An error exists related to HTTP header handling that could allow the disclosure of sensitive information. (CVE-2014-3021 / PI08268) - An unspecified error exists that could allow the disclosure of sensitive information. (CVE-2014-3083 / PI17768) - An unspecified input-validation errors exist related to the
    last seen2020-06-01
    modified2020-06-02
    plugin id78604
    published2014-10-21
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78604
    titleIBM WebSphere Application Server 7.0 < Fix Pack 35 Multiple Vulnerabilities
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_10_3.NASL
    descriptionThe remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.3. It is, therefore, affected multiple vulnerabilities in the following components : - Admin Framework - Apache - ATS - Certificate Trust Policy - CFNetwork HTTPProtocol - CFNetwork Session - CFURL - CoreAnimation - FontParser - Graphics Driver - Hypervisor - ImageIO - IOHIDFamily - Kernel - LaunchServices - libnetcore - ntp - Open Directory Client - OpenLDAP - OpenSSL - PHP - QuickLook - SceneKit - ScreenSharing - Security - Code SIgning - UniformTypeIdentifiers - WebKit Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id82699
    published2015-04-10
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82699
    titleMac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities (FREAK)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2014-1082-1.NASL
    descriptionThis apache2 update fixes the following security issues : - log_cookie mod_log_config.c remote denial of service (CVE-2014-0098, bnc#869106) - mod_dav denial of service (CVE-2013-6438, bnc#869105) - mod_cgid denial of service (CVE-2014-0231, bnc#887768) - mod_status heap-based buffer overflow (CVE-2014-0226, bnc#887765) - mod_rewrite: escape logdata to avoid terminal escapes (CVE-2013-1862, bnc#829057) - mod_dav: segfault in merge request (CVE-2013-1896, bnc#829056) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-05-20
    plugin id83632
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83632
    titleSUSE SLES10 Security Update : apache2 (SUSE-SU-2014:1082-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-502.NASL
    descriptionThis apache2 update fixes the following security issues : - CRIME types of attack, based on size and timing analysis of compressed content, are now mitigated by the new SSLCompression directive, set to
    last seen2020-06-05
    modified2014-08-21
    plugin id77291
    published2014-08-21
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77291
    titleopenSUSE Security Update : apache2 (openSUSE-SU-2014:1045-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-9057.NASL
    descriptionThis update includes the latest stable release of the Apache HTTP Server, httpd 2.4.10, fixing a number of security issues. http://www.apache.org/dist/httpd/Announcement2.4.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-08-15
    plugin id77207
    published2014-08-15
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77207
    titleFedora 19 : httpd-2.4.10-1.fc19 (2014-9057)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2299-1.NASL
    descriptionMarek Kroemeke discovered that the mod_proxy module incorrectly handled certain requests. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-0117) Giancarlo Pellegrino and Davide Balzarotti discovered that the mod_deflate module incorrectly handled body decompression. A remote attacker could use this issue to cause resource consumption, leading to a denial of service. (CVE-2014-0118) Marek Kroemeke and others discovered that the mod_status module incorrectly handled certain requests. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service, or possibly execute arbitrary code. (CVE-2014-0226) Rainer Jung discovered that the mod_cgid module incorrectly handled certain scripts. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service. (CVE-2014-0231). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id76757
    published2014-07-24
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76757
    titleUbuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : apache2 vulnerabilities (USN-2299-1)
  • NASL familyWeb Servers
    NASL idAPACHE_2_2_29.NASL
    descriptionAccording to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.28. It is, therefore, affected by the following vulnerabilities : - A flaw exists within the
    last seen2020-04-30
    modified2014-09-04
    plugin id77531
    published2014-09-04
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77531
    titleApache 2.2.x < 2.2.28 Multiple Vulnerabilities
  • NASL familyWeb Servers
    NASL idAPACHE_2_4_10.NASL
    descriptionAccording to its banner, the version of Apache 2.4.x running on the remote host is prior to 2.4.10. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the
    last seen2020-04-30
    modified2014-07-21
    plugin id76622
    published2014-07-21
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76622
    titleApache 2.4.x < 2.4.10 Multiple Vulnerabilities

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/127546/cve-2014-0226.txt
idPACKETSTORM:127546
last seen2016-12-05
published2014-07-21
reporterAKAT-1
sourcehttps://packetstormsecurity.com/files/127546/Apache-Scoreboard-Status-Race-Condition.html
titleApache Scoreboard / Status Race Condition

Redhat

advisories
  • rhsa
    idRHSA-2014:1019
  • rhsa
    idRHSA-2014:1020
  • rhsa
    idRHSA-2014:1021
rpms
  • httpd-0:2.2.15-31.el6_5
  • httpd-0:2.2.3-87.el5_10
  • httpd-debuginfo-0:2.2.15-31.el6_5
  • httpd-debuginfo-0:2.2.3-87.el5_10
  • httpd-devel-0:2.2.15-31.el6_5
  • httpd-devel-0:2.2.3-87.el5_10
  • httpd-manual-0:2.2.15-31.el6_5
  • httpd-manual-0:2.2.3-87.el5_10
  • httpd-tools-0:2.2.15-31.el6_5
  • mod_ssl-1:2.2.15-31.el6_5
  • mod_ssl-1:2.2.3-87.el5_10
  • httpd-0:2.4.6-18.el7_0
  • httpd-debuginfo-0:2.4.6-18.el7_0
  • httpd-devel-0:2.4.6-18.el7_0
  • httpd-manual-0:2.4.6-18.el7_0
  • httpd-tools-0:2.4.6-18.el7_0
  • mod_ldap-0:2.4.6-18.el7_0
  • mod_proxy_html-1:2.4.6-18.el7_0
  • mod_session-0:2.4.6-18.el7_0
  • mod_ssl-1:2.4.6-18.el7_0
  • httpd24-httpd-0:2.4.6-18.el6
  • httpd24-httpd-0:2.4.6-21.el7
  • httpd24-httpd-debuginfo-0:2.4.6-18.el6
  • httpd24-httpd-debuginfo-0:2.4.6-21.el7
  • httpd24-httpd-devel-0:2.4.6-18.el6
  • httpd24-httpd-devel-0:2.4.6-21.el7
  • httpd24-httpd-manual-0:2.4.6-18.el6
  • httpd24-httpd-manual-0:2.4.6-21.el7
  • httpd24-httpd-tools-0:2.4.6-18.el6
  • httpd24-httpd-tools-0:2.4.6-21.el7
  • httpd24-mod_ldap-0:2.4.6-18.el6
  • httpd24-mod_ldap-0:2.4.6-21.el7
  • httpd24-mod_proxy_html-1:2.4.6-18.el6
  • httpd24-mod_proxy_html-1:2.4.6-21.el7
  • httpd24-mod_session-0:2.4.6-18.el6
  • httpd24-mod_session-0:2.4.6-21.el7
  • httpd24-mod_ssl-1:2.4.6-18.el6
  • httpd24-mod_ssl-1:2.4.6-21.el7
  • apache-commons-beanutils-eap6-0:1.8.3-7.redhat_6.1.ep6.el5
  • apache-commons-cli-eap6-0:1.2-6.redhat_4.1.ep6.el5
  • apache-commons-codec-eap6-0:1.4-16.redhat_3.1.ep6.el5
  • apache-commons-collections-eap6-0:3.2.1-15.redhat_3.1.ep6.el5
  • apache-commons-configuration-eap6-0:1.6-1.redhat_3.1.ep6.el5
  • apache-commons-daemon-jsvc-eap6-1:1.0.15-6.redhat_2.ep6.el5
  • apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-6.redhat_2.ep6.el5
  • apache-commons-io-eap6-0:2.1-8.redhat_3.1.ep6.el5
  • apache-commons-lang-eap6-0:2.6-8.redhat_3.1.ep6.el5
  • apache-mime4j-0:0.6-10.redhat_3.1.ep6.el5
  • cal10n-eap6-0:0.7.3-2.redhat_4.1.ep6.el5
  • codehaus-jackson-0:1.9.9-7.redhat_3.ep6.el5
  • codehaus-jackson-core-asl-0:1.9.9-7.redhat_3.ep6.el5
  • codehaus-jackson-jaxrs-0:1.9.9-7.redhat_3.ep6.el5
  • codehaus-jackson-mapper-asl-0:1.9.9-7.redhat_3.ep6.el5
  • codehaus-jackson-xc-0:1.9.9-7.redhat_3.ep6.el5
  • ecj-eap6-0:4.3.1-3.redhat_1.1.ep6.el5
  • glassfish-jaxb-eap6-0:2.2.5-20.redhat_8.1.ep6.el5
  • gnu-getopt-eap6-0:1.0.13-1.redhat_4.1.ep6.el5
  • guava-libraries-0:13.0.1-3.redhat_1.1.ep6.el5
  • h2database-0:1.3.168-7.redhat_4.1.ep6.el5
  • hibernate4-core-eap6-0:4.2.14-2.SP1_redhat_1.1.ep6.el5
  • hibernate4-eap6-0:4.2.14-2.SP1_redhat_1.1.ep6.el5
  • hibernate4-entitymanager-eap6-0:4.2.14-2.SP1_redhat_1.1.ep6.el5
  • hibernate4-envers-eap6-0:4.2.14-2.SP1_redhat_1.1.ep6.el5
  • hibernate4-infinispan-eap6-0:4.2.14-2.SP1_redhat_1.1.ep6.el5
  • hibernate4-validator-0:4.3.1-2.Final_redhat_1.1.ep6.el5
  • hornetq-0:2.3.20-1.Final_redhat_1.1.ep6.el5
  • hornetq-native-0:2.3.20-2.Final_redhat_1.ep6.el5
  • hornetq-native-debuginfo-0:2.3.20-2.Final_redhat_1.ep6.el5
  • httpclient-eap6-0:4.2.1-10.redhat_1.3.ep6.el5
  • httpcomponents-client-eap6-0:4.2.1-10.redhat_1.3.ep6.el5
  • httpcomponents-core-eap6-0:4.2.1-10.redhat_1.3.ep6.el5
  • httpcomponents-project-eap6-0:6-10.redhat_1.3.ep6.el5
  • httpcore-eap6-0:4.2.1-10.redhat_1.3.ep6.el5
  • httpd-0:2.2.26-35.ep6.el5
  • httpd-debuginfo-0:2.2.26-35.ep6.el5
  • httpd-devel-0:2.2.26-35.ep6.el5
  • httpd-manual-0:2.2.26-35.ep6.el5
  • httpd-tools-0:2.2.26-35.ep6.el5
  • httpmime-eap6-0:4.2.1-10.redhat_1.3.ep6.el5
  • infinispan-0:5.2.10-1.Final_redhat_1.1.ep6.el5
  • infinispan-cachestore-jdbc-0:5.2.10-1.Final_redhat_1.1.ep6.el5
  • infinispan-cachestore-remote-0:5.2.10-1.Final_redhat_1.1.ep6.el5
  • infinispan-client-hotrod-0:5.2.10-1.Final_redhat_1.1.ep6.el5
  • infinispan-core-0:5.2.10-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-common-api-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-common-impl-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-common-spi-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-core-api-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-core-impl-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-deployers-common-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-jdbc-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-spec-api-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-validator-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el5
  • jandex-eap6-0:1.0.3-3.Final_redhat_2.2.ep6.el5
  • jansi-eap6-0:1.9-2.redhat_4.3.ep6.el5
  • jaxbintros-0:1.0.2-17.GA_redhat_6.1.ep6.el5
  • jaxen-eap6-0:1.1.3-2.redhat_4.1.ep6.el5
  • jboss-as-appclient-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-cli-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-client-all-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-clustering-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-cmp-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-configadmin-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-connector-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-console-0:2.2.8-1.Final_redhat_1.1.ep6.el5
  • jboss-as-controller-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-controller-client-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-core-security-0:7.4.0-15.Final_redhat_19.1.ep6.el5
  • jboss-as-deployment-repository-0:7.4.0-14.Final_redhat_19.1.ep6.el5
  • jboss-as-deployment-scanner-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-domain-http-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-domain-management-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-ee-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-ee-deployment-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-ejb3-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-embedded-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-host-controller-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-jacorb-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-jaxr-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-jaxrs-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-jdr-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-jmx-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-jpa-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-jsf-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-jsr77-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-logging-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-mail-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-management-client-content-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-messaging-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-modcluster-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-naming-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-network-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-osgi-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-osgi-configadmin-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-osgi-service-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-picketlink-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-platform-mbean-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-pojo-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-process-controller-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-protocol-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-remoting-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-sar-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-security-0:7.4.0-14.Final_redhat_19.1.ep6.el5
  • jboss-as-server-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-system-jmx-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-threads-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-transactions-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-version-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-web-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-webservices-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-weld-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-as-xts-0:7.4.0-13.Final_redhat_19.1.ep6.el5
  • jboss-genericjms-0:1.0.5-1.Final_redhat_1.1.ep6.el5
  • jboss-hal-0:2.2.8-1.Final_redhat_1.1.ep6.el5
  • jboss-jaxws-api_2.2_spec-0:2.0.2-4.Final_redhat_1.1.ep6.el5
  • jboss-jms-api_1.1_spec-0:1.0.1-8.Final_redhat_2.2.ep6.el5
  • jboss-jstl-api_1.2_spec-0:1.0.6-1.Final_redhat_1.1.ep6.el5
  • jboss-logging-0:3.1.4-1.GA_redhat_1.1.ep6.el5
  • jboss-marshalling-0:1.4.6-1.Final_redhat_1.1.ep6.el5
  • jboss-metadata-0:7.1.0-1.Final_redhat_1.1.ep6.el5
  • jboss-metadata-appclient-0:7.1.0-1.Final_redhat_1.1.ep6.el5
  • jboss-metadata-common-0:7.1.0-1.Final_redhat_1.1.ep6.el5
  • jboss-metadata-ear-0:7.1.0-1.Final_redhat_1.1.ep6.el5
  • jboss-metadata-ejb-0:7.1.0-1.Final_redhat_1.1.ep6.el5
  • jboss-metadata-web-0:7.1.0-1.Final_redhat_1.1.ep6.el5
  • jboss-msc-0:1.1.5-1.Final_redhat_1.1.ep6.el5
  • jboss-remoting3-0:3.3.1-1.Final_redhat_1.1.ep6.el5
  • jboss-saaj-api_1.3_spec-0:1.0.3-3.Final_redhat_1.1.ep6.el5
  • jboss-sasl-0:1.0.4-2.Final_redhat_1.1.ep6.el5
  • jboss-security-negotiation-0:2.3.3-1.Final_redhat_1.1.ep6.el5
  • jboss-transaction-api_1.1_spec-0:1.0.1-10.Final_redhat_2.2.ep6.el5
  • jboss-transaction-spi-0:7.1.0-2.Final_redhat_1.1.ep6.el5
  • jboss-vfs2-0:3.2.5-1.Final_redhat_1.1.ep6.el5
  • jbossas-appclient-0:7.4.0-15.Final_redhat_19.1.ep6.el5
  • jbossas-bundles-0:7.4.0-15.Final_redhat_19.1.ep6.el5
  • jbossas-core-0:7.4.0-16.Final_redhat_19.1.ep6.el5
  • jbossas-domain-0:7.4.0-15.Final_redhat_19.1.ep6.el5
  • jbossas-hornetq-native-0:2.3.20-2.Final_redhat_1.ep6.el5
  • jbossas-javadocs-0:7.4.0-20.Final_redhat_19.1.ep6.el5
  • jbossas-jbossweb-native-0:1.1.30-2.redhat_1.ep6.el5
  • jbossas-modules-eap-0:7.4.0-38.Final_redhat_19.1.ep6.el5
  • jbossas-product-eap-0:7.4.0-19.Final_redhat_19.1.ep6.el5
  • jbossas-standalone-0:7.4.0-15.Final_redhat_19.1.ep6.el5
  • jbossas-welcome-content-eap-0:7.4.0-17.Final_redhat_19.1.ep6.el5
  • jbossts-1:4.17.21-2.Final_redhat_2.1.ep6.el5
  • jbossweb-0:7.4.8-4.Final_redhat_4.1.ep6.el5
  • jbossws-common-0:2.3.0-1.Final_redhat_1.1.ep6.el5
  • jbossws-cxf-0:4.3.0-3.Final_redhat_3.1.ep6.el5
  • jbossws-native-0:4.2.0-1.Final_redhat_1.1.ep6.el5
  • jbossws-spi-0:2.3.0-2.Final_redhat_1.1.ep6.el5
  • jdom-eap6-0:1.1.2-6.redhat_4.1.ep6.el5
  • jettison-eap6-0:1.3.1-3.redhat_4.1.ep6.el5
  • jgroups-1:3.2.13-1.Final_redhat_1.1.ep6.el5
  • joda-time-eap6-0:1.6.2-1.redhat_4.1.ep6.el5
  • jython-eap6-0:2.5.2-6.redhat_3.1.ep6.el5
  • mod_cluster-0:1.2.9-1.Final_redhat_1.1.ep6.el5
  • mod_cluster-demo-0:1.2.9-1.Final_redhat_1.1.ep6.el5
  • mod_cluster-native-0:1.2.9-3.Final_redhat_2.ep6.el5
  • mod_cluster-native-debuginfo-0:1.2.9-3.Final_redhat_2.ep6.el5
  • mod_jk-ap22-0:1.2.40-2.redhat_1.ep6.el5
  • mod_jk-debuginfo-0:1.2.40-2.redhat_1.ep6.el5
  • mod_rt-0:2.4.1-3.GA.ep6.el5
  • mod_rt-debuginfo-0:2.4.1-3.GA.ep6.el5
  • mod_snmp-0:2.4.1-7.GA.ep6.el5
  • mod_snmp-debuginfo-0:2.4.1-7.GA.ep6.el5
  • mod_ssl-1:2.2.26-35.ep6.el5
  • netty-0:3.6.9-1.Final_redhat_1.1.ep6.el5
  • opensaml-0:2.5.3-4.redhat_2.1.ep6.el5
  • openws-0:1.4.4-3.redhat_2.1.ep6.el5
  • picketlink-bindings-0:2.5.3-8.SP10_redhat_1.1.ep6.el5
  • picketlink-federation-0:2.5.3-9.SP10_redhat_1.1.ep6.el5
  • resteasy-0:2.3.8-4.Final_redhat_3.1.ep6.el5
  • rngom-eap6-0:201103-2.redhat_3.1.ep6.el5
  • scannotation-0:1.0.3-6.redhat_4.2.ep6.el5
  • slf4j-0:1.7.2-13.redhat_3.1.ep6.el5
  • slf4j-eap6-0:1.7.2-13.redhat_3.1.ep6.el5
  • slf4j-jboss-logmanager-0:1.0.3-1.GA_redhat_1.1.ep6.el5
  • snakeyaml-eap6-0:1.8-1.redhat_2.2.ep6.el5
  • stilts-0:0.1.26-13.redhat_4.2.ep6.el5
  • sun-codemodel-0:2.6-4.redhat_2.2.ep6.el5
  • sun-istack-commons-1:2.6.1-10.redhat_2.2.ep6.el5
  • sun-saaj-1.3-impl-0:1.3.16-9.redhat_3.1.ep6.el5
  • sun-txw2-0:20110809-7.redhat_4.1.ep6.el5
  • sun-xsom-0:20110809-7.redhat_3.1.ep6.el5
  • tomcat-native-0:1.1.30-2.redhat_1.ep6.el5
  • tomcat-native-debuginfo-0:1.1.30-2.redhat_1.ep6.el5
  • weld-core-0:1.1.23-1.Final_redhat_1.1.ep6.el5
  • woodstox-core-eap6-0:4.2.0-12.redhat_4.1.ep6.el5
  • woodstox-stax2-api-eap6-0:3.1.3-3.redhat_1.1.ep6.el5
  • ws-commons-neethi-0:3.0.2-8.redhat_3.1.ep6.el5
  • wsdl4j-eap6-0:1.6.3-1.redhat_1.1.ep6.el5
  • xml-commons-resolver-eap6-0:1.2-17.redhat_9.1.ep6.el5
  • xmltooling-0:1.3.4-6.redhat_3.1.ep6.el5
  • xom-0:1.2.7-3.redhat_4.1.ep6.el5
  • apache-commons-beanutils-eap6-0:1.8.3-7.redhat_6.1.ep6.el6
  • apache-commons-cli-eap6-0:1.2-6.redhat_4.1.ep6.el6
  • apache-commons-codec-eap6-0:1.4-16.redhat_3.1.ep6.el6
  • apache-commons-collections-eap6-0:3.2.1-15.redhat_3.1.ep6.el6
  • apache-commons-configuration-eap6-0:1.6-1.redhat_3.1.ep6.el6
  • apache-commons-daemon-jsvc-eap6-1:1.0.15-6.redhat_2.ep6.el6
  • apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-6.redhat_2.ep6.el6
  • apache-commons-io-eap6-0:2.1-8.redhat_3.1.ep6.el6
  • apache-commons-lang-eap6-0:2.6-8.redhat_3.1.ep6.el6
  • apache-mime4j-0:0.6-10.redhat_3.1.ep6.el6
  • cal10n-eap6-0:0.7.3-2.redhat_4.1.ep6.el6
  • codehaus-jackson-0:1.9.9-7.redhat_3.ep6.el6
  • codehaus-jackson-core-asl-0:1.9.9-7.redhat_3.ep6.el6
  • codehaus-jackson-jaxrs-0:1.9.9-7.redhat_3.ep6.el6
  • codehaus-jackson-mapper-asl-0:1.9.9-7.redhat_3.ep6.el6
  • codehaus-jackson-xc-0:1.9.9-7.redhat_3.ep6.el6
  • ecj-eap6-0:4.3.1-3.redhat_1.1.ep6.el6
  • glassfish-jaf-0:1.1.1-16.redhat_2.ep6.el6
  • glassfish-jaxb-eap6-0:2.2.5-20.redhat_8.1.ep6.el6
  • gnu-getopt-eap6-0:1.0.13-1.redhat_4.1.ep6.el6
  • guava-libraries-0:13.0.1-3.redhat_1.1.ep6.el6
  • h2database-0:1.3.168-7.redhat_4.1.ep6.el6
  • hibernate4-core-eap6-0:4.2.14-2.SP1_redhat_1.1.ep6.el6
  • hibernate4-eap6-0:4.2.14-2.SP1_redhat_1.1.ep6.el6
  • hibernate4-entitymanager-eap6-0:4.2.14-2.SP1_redhat_1.1.ep6.el6
  • hibernate4-envers-eap6-0:4.2.14-2.SP1_redhat_1.1.ep6.el6
  • hibernate4-infinispan-eap6-0:4.2.14-2.SP1_redhat_1.1.ep6.el6
  • hibernate4-validator-0:4.3.1-2.Final_redhat_1.1.ep6.el6
  • hornetq-0:2.3.20-1.Final_redhat_1.1.ep6.el6
  • hornetq-native-0:2.3.20-2.Final_redhat_1.ep6.el6
  • hornetq-native-debuginfo-0:2.3.20-2.Final_redhat_1.ep6.el6
  • httpclient-eap6-0:4.2.1-10.redhat_1.3.ep6.el6
  • httpcomponents-client-eap6-0:4.2.1-10.redhat_1.3.ep6.el6
  • httpcomponents-core-eap6-0:4.2.1-10.redhat_1.3.ep6.el6
  • httpcomponents-project-eap6-0:6-10.redhat_1.3.ep6.el6
  • httpcore-eap6-0:4.2.1-10.redhat_1.3.ep6.el6
  • httpd-0:2.2.26-35.ep6.el6
  • httpd-debuginfo-0:2.2.26-35.ep6.el6
  • httpd-devel-0:2.2.26-35.ep6.el6
  • httpd-manual-0:2.2.26-35.ep6.el6
  • httpd-tools-0:2.2.26-35.ep6.el6
  • httpmime-eap6-0:4.2.1-10.redhat_1.3.ep6.el6
  • infinispan-0:5.2.10-1.Final_redhat_1.1.ep6.el6
  • infinispan-cachestore-jdbc-0:5.2.10-1.Final_redhat_1.1.ep6.el6
  • infinispan-cachestore-remote-0:5.2.10-1.Final_redhat_1.1.ep6.el6
  • infinispan-client-hotrod-0:5.2.10-1.Final_redhat_1.1.ep6.el6
  • infinispan-core-0:5.2.10-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-common-api-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-common-impl-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-common-spi-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-core-api-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-core-impl-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-deployers-common-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-jdbc-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-spec-api-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-validator-eap6-0:1.0.26-1.Final_redhat_1.1.ep6.el6
  • jandex-eap6-0:1.0.3-3.Final_redhat_2.2.ep6.el6
  • jansi-eap6-0:1.9-2.redhat_4.3.ep6.el6
  • jaxbintros-0:1.0.2-17.GA_redhat_6.1.ep6.el6
  • jaxen-eap6-0:1.1.3-2.redhat_4.1.ep6.el6
  • jboss-as-appclient-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-cli-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-client-all-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-clustering-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-cmp-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-configadmin-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-connector-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-console-0:2.2.8-1.Final_redhat_1.1.ep6.el6
  • jboss-as-controller-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-controller-client-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-core-security-0:7.4.0-15.Final_redhat_19.1.ep6.el6
  • jboss-as-deployment-repository-0:7.4.0-14.Final_redhat_19.1.ep6.el6
  • jboss-as-deployment-scanner-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-domain-http-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-domain-management-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-ee-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-ee-deployment-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-ejb3-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-embedded-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-host-controller-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-jacorb-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-jaxr-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-jaxrs-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-jdr-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-jmx-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-jpa-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-jsf-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-jsr77-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-logging-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-mail-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-management-client-content-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-messaging-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-modcluster-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-naming-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-network-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-osgi-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-osgi-configadmin-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-osgi-service-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-picketlink-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-platform-mbean-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-pojo-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-process-controller-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-protocol-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-remoting-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-sar-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-security-0:7.4.0-14.Final_redhat_19.1.ep6.el6
  • jboss-as-server-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-system-jmx-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-threads-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-transactions-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-version-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-web-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-webservices-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-weld-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-as-xts-0:7.4.0-13.Final_redhat_19.1.ep6.el6
  • jboss-genericjms-0:1.0.5-1.Final_redhat_1.1.ep6.el6
  • jboss-hal-0:2.2.8-1.Final_redhat_1.1.ep6.el6
  • jboss-jaxws-api_2.2_spec-0:2.0.2-4.Final_redhat_1.1.ep6.el6
  • jboss-jms-api_1.1_spec-0:1.0.1-8.Final_redhat_2.2.ep6.el6
  • jboss-jstl-api_1.2_spec-0:1.0.6-1.Final_redhat_1.1.ep6.el6
  • jboss-logging-0:3.1.4-1.GA_redhat_1.1.ep6.el6
  • jboss-marshalling-0:1.4.6-1.Final_redhat_1.1.ep6.el6
  • jboss-metadata-0:7.1.0-1.Final_redhat_1.1.ep6.el6
  • jboss-metadata-appclient-0:7.1.0-1.Final_redhat_1.1.ep6.el6
  • jboss-metadata-common-0:7.1.0-1.Final_redhat_1.1.ep6.el6
  • jboss-metadata-ear-0:7.1.0-1.Final_redhat_1.1.ep6.el6
  • jboss-metadata-ejb-0:7.1.0-1.Final_redhat_1.1.ep6.el6
  • jboss-metadata-web-0:7.1.0-1.Final_redhat_1.1.ep6.el6
  • jboss-msc-0:1.1.5-1.Final_redhat_1.1.ep6.el6
  • jboss-remoting3-0:3.3.1-1.Final_redhat_1.1.ep6.el6
  • jboss-saaj-api_1.3_spec-0:1.0.3-3.Final_redhat_1.1.ep6.el6
  • jboss-sasl-0:1.0.4-2.Final_redhat_1.1.ep6.el6
  • jboss-security-negotiation-0:2.3.3-1.Final_redhat_1.1.ep6.el6
  • jboss-transaction-api_1.1_spec-0:1.0.1-10.Final_redhat_2.2.ep6.el6
  • jboss-transaction-spi-0:7.1.0-2.Final_redhat_1.1.ep6.el6
  • jboss-vfs2-0:3.2.5-1.Final_redhat_1.1.ep6.el6
  • jbossas-appclient-0:7.4.0-15.Final_redhat_19.1.ep6.el6
  • jbossas-bundles-0:7.4.0-15.Final_redhat_19.1.ep6.el6
  • jbossas-core-0:7.4.0-16.Final_redhat_19.1.ep6.el6
  • jbossas-domain-0:7.4.0-15.Final_redhat_19.1.ep6.el6
  • jbossas-hornetq-native-0:2.3.20-2.Final_redhat_1.ep6.el6
  • jbossas-javadocs-0:7.4.0-20.Final_redhat_19.1.ep6.el6
  • jbossas-jbossweb-native-0:1.1.30-2.redhat_1.ep6.el6
  • jbossas-modules-eap-0:7.4.0-38.Final_redhat_19.1.ep6.el6
  • jbossas-product-eap-0:7.4.0-19.Final_redhat_19.1.ep6.el6
  • jbossas-standalone-0:7.4.0-15.Final_redhat_19.1.ep6.el6
  • jbossas-welcome-content-eap-0:7.4.0-17.Final_redhat_19.1.ep6.el6
  • jbossts-1:4.17.21-2.Final_redhat_2.1.ep6.el6
  • jbossweb-0:7.4.8-4.Final_redhat_4.1.ep6.el6
  • jbossws-common-0:2.3.0-1.Final_redhat_1.1.ep6.el6
  • jbossws-cxf-0:4.3.0-3.Final_redhat_3.1.ep6.el6
  • jbossws-native-0:4.2.0-1.Final_redhat_1.1.ep6.el6
  • jbossws-spi-0:2.3.0-2.Final_redhat_1.1.ep6.el6
  • jdom-eap6-0:1.1.2-6.redhat_4.1.ep6.el6
  • jettison-eap6-0:1.3.1-3.redhat_4.1.ep6.el6
  • jgroups-1:3.2.13-1.Final_redhat_1.1.ep6.el6
  • joda-time-eap6-0:1.6.2-1.redhat_4.1.ep6.el6
  • jython-eap6-0:2.5.2-6.redhat_3.1.ep6.el6
  • mod_cluster-0:1.2.9-1.Final_redhat_1.1.ep6.el6
  • mod_cluster-demo-0:1.2.9-1.Final_redhat_1.1.ep6.el6
  • mod_cluster-native-0:1.2.9-3.Final_redhat_2.ep6.el6
  • mod_cluster-native-debuginfo-0:1.2.9-3.Final_redhat_2.ep6.el6
  • mod_jk-ap22-0:1.2.40-2.redhat_1.ep6.el6
  • mod_jk-debuginfo-0:1.2.40-2.redhat_1.ep6.el6
  • mod_rt-0:2.4.1-5.GA.ep6.el6
  • mod_rt-debuginfo-0:2.4.1-5.GA.ep6.el6
  • mod_snmp-0:2.4.1-8.GA.ep6.el6
  • mod_snmp-debuginfo-0:2.4.1-8.GA.ep6.el6
  • mod_ssl-1:2.2.26-35.ep6.el6
  • netty-0:3.6.9-1.Final_redhat_1.1.ep6.el6
  • opensaml-0:2.5.3-4.redhat_2.1.ep6.el6
  • openws-0:1.4.4-3.redhat_2.1.ep6.el6
  • picketlink-bindings-0:2.5.3-8.SP10_redhat_1.1.ep6.el6
  • picketlink-federation-0:2.5.3-9.SP10_redhat_1.1.ep6.el6
  • resteasy-0:2.3.8-4.Final_redhat_3.1.ep6.el6
  • rngom-eap6-0:201103-2.redhat_3.1.ep6.el6
  • scannotation-0:1.0.3-6.redhat_4.2.ep6.el6
  • slf4j-eap6-0:1.7.2-13.redhat_3.1.ep6.el6
  • slf4j-jboss-logmanager-0:1.0.3-1.GA_redhat_1.1.ep6.el6
  • snakeyaml-eap6-0:1.8-1.redhat_2.2.ep6.el6
  • stilts-0:0.1.26-13.redhat_4.2.ep6.el6
  • sun-codemodel-0:2.6-4.redhat_2.2.ep6.el6
  • sun-istack-commons-1:2.6.1-10.redhat_2.2.ep6.el6
  • sun-saaj-1.3-impl-0:1.3.16-9.redhat_3.1.ep6.el6
  • sun-txw2-0:20110809-7.redhat_4.1.ep6.el6
  • sun-xsom-0:20110809-7.redhat_3.1.ep6.el6
  • tomcat-native-0:1.1.30-2.redhat_1.ep6.el6
  • tomcat-native-debuginfo-0:1.1.30-2.redhat_1.ep6.el6
  • weld-core-0:1.1.23-1.Final_redhat_1.1.ep6.el6
  • woodstox-core-eap6-0:4.2.0-12.redhat_4.1.ep6.el6
  • woodstox-stax2-api-eap6-0:3.1.3-3.redhat_1.1.ep6.el6
  • ws-commons-neethi-0:3.0.2-8.redhat_3.1.ep6.el6
  • wsdl4j-eap6-0:1.6.3-1.redhat_1.1.ep6.el6
  • xml-commons-resolver-eap6-0:1.2-17.redhat_9.1.ep6.el6
  • xmltooling-0:1.3.4-6.redhat_3.1.ep6.el6
  • xom-0:1.2.7-3.redhat_4.1.ep6.el6
  • antlr-eap6-0:2.7.7-17.redhat_4.1.ep6.el6
  • apache-commons-collections-eap6-0:3.2.1-15.redhat_3.1.ep6.el6
  • apache-commons-collections-tomcat-eap6-0:3.2.1-15.redhat_3.1.ep6.el6
  • apache-commons-daemon-eap6-1:1.0.15-5.redhat_1.ep6.el6
  • apache-commons-daemon-jsvc-eap6-1:1.0.15-6.redhat_2.ep6.el6
  • apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-6.redhat_2.ep6.el6
  • apache-commons-logging-eap6-0:1.1.1-7.9_redhat_1.ep6.el6
  • apache-commons-logging-tomcat-eap6-0:1.1.1-7.9_redhat_1.ep6.el6
  • apache-commons-pool-eap6-0:1.6-7.redhat_6.1.ep6.el6
  • apache-commons-pool-tomcat-eap6-0:1.6-7.redhat_6.1.ep6.el6
  • dom4j-eap6-0:1.6.1-20.redhat_6.1.ep6.el6
  • ecj3-1:3.7.2-9.redhat_3.1.ep6.el6
  • hibernate4-c3p0-eap6-0:4.2.14-3.SP1_redhat_1.1.ep6.el6
  • hibernate4-core-eap6-0:4.2.14-3.SP1_redhat_1.1.ep6.el6
  • hibernate4-eap6-0:4.2.14-3.SP1_redhat_1.1.ep6.el6
  • hibernate4-entitymanager-eap6-0:4.2.14-3.SP1_redhat_1.1.ep6.el6
  • hibernate4-envers-eap6-0:4.2.14-3.SP1_redhat_1.1.ep6.el6
  • hibernate4-infinispan-eap6-0:4.2.14-3.SP1_redhat_1.1.ep6.el6
  • httpd-0:2.2.26-35.ep6.el6
  • httpd-debuginfo-0:2.2.26-35.ep6.el6
  • httpd-devel-0:2.2.26-35.ep6.el6
  • httpd-manual-0:2.2.26-35.ep6.el6
  • httpd-tools-0:2.2.26-35.ep6.el6
  • javassist-eap6-0:3.18.1-1.GA_redhat_1.1.ep6.el6
  • jboss-logging-0:3.1.4-1.GA_redhat_1.1.ep6.el6
  • jboss-transaction-api_1.1_spec-0:1.0.1-12.Final_redhat_2.2.ep6.el6
  • mod_cluster-0:1.2.9-1.Final_redhat_1.1.ep6.el6
  • mod_cluster-native-0:1.2.9-3.Final_redhat_2.ep6.el6
  • mod_cluster-native-debuginfo-0:1.2.9-3.Final_redhat_2.ep6.el6
  • mod_cluster-tomcat6-0:1.2.9-1.Final_redhat_1.1.ep6.el6
  • mod_cluster-tomcat7-0:1.2.9-1.Final_redhat_1.1.ep6.el6
  • mod_jk-ap22-0:1.2.40-2.redhat_1.ep6.el6
  • mod_jk-debuginfo-0:1.2.40-2.redhat_1.ep6.el6
  • mod_jk-manual-0:1.2.40-2.redhat_1.ep6.el6
  • mod_rt-0:2.4.1-6.GA.ep6.el6
  • mod_rt-debuginfo-0:2.4.1-6.GA.ep6.el6
  • mod_snmp-0:2.4.1-13.GA.ep6.el6
  • mod_snmp-debuginfo-0:2.4.1-13.GA.ep6.el6
  • mod_ssl-1:2.2.26-35.ep6.el6
  • storeconfig-tc6-0:0.0.1-7.Alpha3_redhat_12.3.ep6.el6
  • storeconfig-tc7-0:0.0.1-7.Alpha3_redhat_12.5.ep6.el6
  • tomcat-native-0:1.1.30-2.redhat_1.ep6.el6
  • tomcat-native-debuginfo-0:1.1.30-2.redhat_1.ep6.el6
  • tomcat6-0:6.0.41-5_patch_02.ep6.el6
  • tomcat6-admin-webapps-0:6.0.41-5_patch_02.ep6.el6
  • tomcat6-docs-webapp-0:6.0.41-5_patch_02.ep6.el6
  • tomcat6-el-2.1-api-0:6.0.41-5_patch_02.ep6.el6
  • tomcat6-javadoc-0:6.0.41-5_patch_02.ep6.el6
  • tomcat6-jsp-2.1-api-0:6.0.41-5_patch_02.ep6.el6
  • tomcat6-lib-0:6.0.41-5_patch_02.ep6.el6
  • tomcat6-log4j-0:6.0.41-5_patch_02.ep6.el6
  • tomcat6-servlet-2.5-api-0:6.0.41-5_patch_02.ep6.el6
  • tomcat6-webapps-0:6.0.41-5_patch_02.ep6.el6
  • tomcat7-0:7.0.54-6_patch_02.ep6.el6
  • tomcat7-admin-webapps-0:7.0.54-6_patch_02.ep6.el6
  • tomcat7-docs-webapp-0:7.0.54-6_patch_02.ep6.el6
  • tomcat7-el-2.2-api-0:7.0.54-6_patch_02.ep6.el6
  • tomcat7-javadoc-0:7.0.54-6_patch_02.ep6.el6
  • tomcat7-jsp-2.2-api-0:7.0.54-6_patch_02.ep6.el6
  • tomcat7-lib-0:7.0.54-6_patch_02.ep6.el6
  • tomcat7-log4j-0:7.0.54-6_patch_02.ep6.el6
  • tomcat7-servlet-3.0-api-0:7.0.54-6_patch_02.ep6.el6
  • tomcat7-webapps-0:7.0.54-6_patch_02.ep6.el6
  • antlr-eap6-0:2.7.7-17.redhat_4.1.ep6.el5
  • apache-commons-collections-eap6-0:3.2.1-15.redhat_3.1.ep6.el5
  • apache-commons-collections-tomcat-eap6-0:3.2.1-15.redhat_3.1.ep6.el5
  • apache-commons-daemon-eap6-1:1.0.15-5.redhat_1.ep6.el5
  • apache-commons-daemon-jsvc-eap6-1:1.0.15-6.redhat_2.ep6.el5
  • apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-6.redhat_2.ep6.el5
  • apache-commons-pool-eap6-0:1.6-7.redhat_6.1.ep6.el5
  • apache-commons-pool-tomcat-eap6-0:1.6-7.redhat_6.1.ep6.el5
  • dom4j-eap6-0:1.6.1-20.redhat_6.1.ep6.el5
  • ecj3-1:3.7.2-9.redhat_3.1.ep6.el5
  • hibernate4-c3p0-eap6-0:4.2.14-3.SP1_redhat_1.1.ep6.el5
  • hibernate4-core-eap6-0:4.2.14-3.SP1_redhat_1.1.ep6.el5
  • hibernate4-eap6-0:4.2.14-3.SP1_redhat_1.1.ep6.el5
  • hibernate4-entitymanager-eap6-0:4.2.14-3.SP1_redhat_1.1.ep6.el5
  • hibernate4-envers-eap6-0:4.2.14-3.SP1_redhat_1.1.ep6.el5
  • hibernate4-infinispan-eap6-0:4.2.14-3.SP1_redhat_1.1.ep6.el5
  • httpd-0:2.2.26-35.ep6.el5
  • httpd-debuginfo-0:2.2.26-35.ep6.el5
  • httpd-devel-0:2.2.26-35.ep6.el5
  • httpd-manual-0:2.2.26-35.ep6.el5
  • httpd-tools-0:2.2.26-35.ep6.el5
  • javassist-eap6-0:3.18.1-1.GA_redhat_1.1.ep6.el5
  • jboss-logging-0:3.1.4-1.GA_redhat_1.1.ep6.el5
  • jboss-transaction-api_1.1_spec-0:1.0.1-12.Final_redhat_2.2.ep6.el5
  • mod_cluster-0:1.2.9-1.Final_redhat_1.1.ep6.el5
  • mod_cluster-native-0:1.2.9-3.Final_redhat_2.ep6.el5
  • mod_cluster-native-debuginfo-0:1.2.9-3.Final_redhat_2.ep6.el5
  • mod_cluster-tomcat6-0:1.2.9-1.Final_redhat_1.1.ep6.el5
  • mod_cluster-tomcat7-0:1.2.9-1.Final_redhat_1.1.ep6.el5
  • mod_jk-ap22-0:1.2.40-2.redhat_1.ep6.el5
  • mod_jk-debuginfo-0:1.2.40-2.redhat_1.ep6.el5
  • mod_jk-manual-0:1.2.40-2.redhat_1.ep6.el5
  • mod_rt-0:2.4.1-6.GA.ep6.el5
  • mod_rt-debuginfo-0:2.4.1-6.GA.ep6.el5
  • mod_snmp-0:2.4.1-13.GA.ep6.el5
  • mod_snmp-debuginfo-0:2.4.1-13.GA.ep6.el5
  • mod_ssl-1:2.2.26-35.ep6.el5
  • storeconfig-tc6-0:0.0.1-7.Alpha3_redhat_12.3.ep6.el5
  • storeconfig-tc7-0:0.0.1-7.Alpha3_redhat_12.5.ep6.el5
  • tomcat-native-0:1.1.30-2.redhat_1.ep6.el5
  • tomcat-native-debuginfo-0:1.1.30-2.redhat_1.ep6.el5
  • tomcat6-0:6.0.41-6_patch_02.ep6.el5
  • tomcat6-admin-webapps-0:6.0.41-6_patch_02.ep6.el5
  • tomcat6-docs-webapp-0:6.0.41-6_patch_02.ep6.el5
  • tomcat6-el-2.1-api-0:6.0.41-6_patch_02.ep6.el5
  • tomcat6-javadoc-0:6.0.41-6_patch_02.ep6.el5
  • tomcat6-jsp-2.1-api-0:6.0.41-6_patch_02.ep6.el5
  • tomcat6-lib-0:6.0.41-6_patch_02.ep6.el5
  • tomcat6-log4j-0:6.0.41-6_patch_02.ep6.el5
  • tomcat6-servlet-2.5-api-0:6.0.41-6_patch_02.ep6.el5
  • tomcat6-webapps-0:6.0.41-6_patch_02.ep6.el5
  • tomcat7-0:7.0.54-6_patch_02.ep6.el5
  • tomcat7-admin-webapps-0:7.0.54-6_patch_02.ep6.el5
  • tomcat7-docs-webapp-0:7.0.54-6_patch_02.ep6.el5
  • tomcat7-el-2.2-api-0:7.0.54-6_patch_02.ep6.el5
  • tomcat7-javadoc-0:7.0.54-6_patch_02.ep6.el5
  • tomcat7-jsp-2.2-api-0:7.0.54-6_patch_02.ep6.el5
  • tomcat7-lib-0:7.0.54-6_patch_02.ep6.el5
  • tomcat7-log4j-0:7.0.54-6_patch_02.ep6.el5
  • tomcat7-servlet-3.0-api-0:7.0.54-6_patch_02.ep6.el5
  • tomcat7-webapps-0:7.0.54-6_patch_02.ep6.el5

References