Vulnerabilities > CVE-2017-12613 - Out-of-bounds Read vulnerability in multiple products

047910
CVSS 7.1 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
HIGH
local
low complexity
apache
debian
redhat
CWE-125
nessus

Summary

When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.

Vulnerable Configurations

Part Description Count
Application
Apache
71
Application
Redhat
4
OS
Debian
2
OS
Redhat
26

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Nessus

  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2017-3270.NASL
    descriptionAn update for apr is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. Security Fix(es) : * An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. (CVE-2017-12613) Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id105048
    published2017-12-07
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105048
    titleVirtuozzo 7 : apr / apr-devel (VZLSA-2017-3270)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(105048);
      script_version("3.6");
      script_cvs_date("Date: 2018/07/17 12:00:07");
    
      script_cve_id(
        "CVE-2017-12613"
      );
    
      script_name(english:"Virtuozzo 7 : apr / apr-devel (VZLSA-2017-3270)");
      script_summary(english:"Checks the rpm output for the updated package.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Virtuozzo host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "An update for apr is now available for Red Hat Enterprise Linux 6 and
    Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The Apache Portable Runtime (APR) is a portability library used by the
    Apache HTTP Server and other projects. It provides a free library of C
    data structures and routines.
    
    Security Fix(es) :
    
    * An out-of-bounds array dereference was found in apr_time_exp_get().
    An attacker could abuse an unvalidated usage of this function to cause
    a denial of service or potentially lead to data leak. (CVE-2017-12613)
    
    Note that Tenable Network Security has attempted to extract the
    preceding description block directly from the corresponding Red Hat
    security advisory. Virtuozzo provides no description for VZLSA
    advisories. Tenable has attempted to automatically clean and format
    it as much as possible without introducing additional issues.");
      # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-3270.json
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8733b4c9");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2017:3270");
      script_set_attribute(attribute:"solution", value:
    "Update the affected apr / apr-devel package.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/11/28");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:apr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:apr-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:virtuozzo:virtuozzo:7");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/07");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Virtuozzo Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Virtuozzo/release", "Host/Virtuozzo/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/Virtuozzo/release");
    if (isnull(release) || "Virtuozzo" >!< release) audit(AUDIT_OS_NOT, "Virtuozzo");
    os_ver = pregmatch(pattern: "Virtuozzo Linux release ([0-9]+\.[0-9])(\D|$)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Virtuozzo");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Virtuozzo 7.x", "Virtuozzo " + os_ver);
    
    if (!get_kb_item("Host/Virtuozzo/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Virtuozzo", cpu);
    
    flag = 0;
    
    pkgs = ["apr-1.4.8-3.vl7.1",
            "apr-devel-1.4.8-3.vl7.1"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"Virtuozzo-7", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_NOTE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apr / apr-devel");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2017-928.NASL
    descriptionAn out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak.(CVE-2017-12613)
    last seen2020-06-01
    modified2020-06-02
    plugin id105052
    published2017-12-07
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/105052
    titleAmazon Linux AMI : apr (ALAS-2017-928)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2017-928.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(105052);
      script_version("3.3");
      script_cvs_date("Date: 2018/04/18 15:09:36");
    
      script_cve_id("CVE-2017-12613");
      script_xref(name:"ALAS", value:"2017-928");
    
      script_name(english:"Amazon Linux AMI : apr (ALAS-2017-928)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An out-of-bounds array dereference was found in apr_time_exp_get(). An
    attacker could abuse an unvalidated usage of this function to cause a
    denial of service or potentially lead to data leak.(CVE-2017-12613)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2017-928.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update apr' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:apr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:apr-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:apr-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/12/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/07");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"apr-1.5.2-5.13.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"apr-debuginfo-1.5.2-5.13.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"apr-devel-1.5.2-5.13.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apr / apr-debuginfo / apr-devel");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-1_0-0093_APR.NASL
    descriptionAn update of the apr package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121778
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121778
    titlePhoton OS 1.0: Apr PHSA-2017-1.0-0093
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2017-1.0-0093. The text
    # itself is copyright (C) VMware, Inc.
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(121778);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2019/02/07");
    
      script_cve_id("CVE-2017-12613");
    
      script_name(english:"Photon OS 1.0: Apr PHSA-2017-1.0-0093");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the apr package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-93.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-15088");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/12/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/12/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/07");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:apr");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-1.0", reference:"apr-1.5.2-7.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"apr-debuginfo-1.5.2-7.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"apr-devel-1.5.2-7.ph1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apr");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1374.NASL
    descriptionAccording to the version of the apr package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak.(CVE-2017-12613) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124877
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124877
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : apr (EulerOS-SA-2019-1374)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124877);
      script_version("1.4");
      script_cvs_date("Date: 2020/01/17");
    
      script_cve_id(
        "CVE-2017-12613"
      );
    
      script_name(english:"EulerOS Virtualization for ARM 64 3.0.1.0 : apr (EulerOS-SA-2019-1374)");
      script_summary(english:"Checks the rpm output for the updated package.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization for ARM 64 host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "According to the version of the apr package installed, the EulerOS
    Virtualization for ARM 64 installation on the remote host is affected
    by the following vulnerability :
    
      - An out-of-bounds array dereference was found in
        apr_time_exp_get(). An attacker could abuse an
        unvalidated usage of this function to cause a denial of
        service or potentially lead to data
        leak.(CVE-2017-12613)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1374
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0274992a");
      script_set_attribute(attribute:"solution", value:
    "Update the affected apr package.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:apr");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["apr-1.4.8-3.1"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_NOTE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apr");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1303.NASL
    descriptionAccording to the version of the apr packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak.(CVE-2017-12613) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-12-01
    plugin id104921
    published2017-12-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104921
    titleEulerOS 2.0 SP1 : apr (EulerOS-SA-2017-1303)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(104921);
      script_version("3.11");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");
    
      script_cve_id(
        "CVE-2017-12613"
      );
    
      script_name(english:"EulerOS 2.0 SP1 : apr (EulerOS-SA-2017-1303)");
      script_summary(english:"Checks the rpm output for the updated package.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "According to the version of the apr packages installed, the EulerOS
    installation on the remote host is affected by the following
    vulnerability :
    
      - An out-of-bounds array dereference was found in
        apr_time_exp_get(). An attacker could abuse an
        unvalidated usage of this function to cause a denial of
        service or potentially lead to data
        leak.(CVE-2017-12613)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1303
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c501f1f6");
      script_set_attribute(attribute:"solution", value:
    "Update the affected apr package.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/11/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/01");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:apr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:apr-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(1)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["apr-1.4.8-3.h1",
            "apr-devel-1.4.8-3.h1"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"1", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_NOTE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apr");
    }
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD_10_13_6_2018-002.NASL
    descriptionThe remote host is running macOS 10.13.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components : - fpserver - AppleGraphicsControl - APR - ATS - CFNetwork - CoreAnimation - CoreCrypto - CoreFoundation - CUPS - Dictionary - dyld - EFI - Foundation - Grand Central Dispatch - Heimdal - Hypervisor - ICU - Intel Graphics Driver - IOGraphics - IOHIDFamily - IOKit - IOUserEthernet - IPSec - Kernel - Login Window - mDNSOffloadUserClient - MediaRemote - Microcode - NetworkExtension - Security - Spotlight - Symptom Framework - WiFi
    last seen2020-03-18
    modified2018-10-31
    plugin id118575
    published2018-10-31
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118575
    titlemacOS 10.13.6 Multiple Vulnerabilities (Security Update 2018-002)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(118575);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/13");
    
      script_cve_id(
        "CVE-2017-12613",
        "CVE-2017-12618",
        "CVE-2018-3639",
        "CVE-2018-3640",
        "CVE-2018-3646",
        "CVE-2018-4126",
        "CVE-2018-4153",
        "CVE-2018-4203",
        "CVE-2018-4295",
        "CVE-2018-4304",
        "CVE-2018-4308",
        "CVE-2018-4310",
        "CVE-2018-4326",
        "CVE-2018-4331",
        "CVE-2018-4340",
        "CVE-2018-4341",
        "CVE-2018-4342",
        "CVE-2018-4346",
        "CVE-2018-4348",
        "CVE-2018-4350",
        "CVE-2018-4354",
        "CVE-2018-4368",
        "CVE-2018-4369",
        "CVE-2018-4371",
        "CVE-2018-4393",
        "CVE-2018-4394",
        "CVE-2018-4395",
        "CVE-2018-4396",
        "CVE-2018-4398",
        "CVE-2018-4399",
        "CVE-2018-4400",
        "CVE-2018-4401",
        "CVE-2018-4402",
        "CVE-2018-4406",
        "CVE-2018-4407",
        "CVE-2018-4408",
        "CVE-2018-4410",
        "CVE-2018-4411",
        "CVE-2018-4412",
        "CVE-2018-4413",
        "CVE-2018-4415",
        "CVE-2018-4417",
        "CVE-2018-4418",
        "CVE-2018-4419",
        "CVE-2018-4420",
        "CVE-2018-4422",
        "CVE-2018-4423",
        "CVE-2018-4425",
        "CVE-2018-4426"
      );
      script_xref(name:"APPLE-SA", value:"APPLE-SA-2018-10-30-2");
    
      script_name(english:"macOS 10.13.6 Multiple Vulnerabilities (Security Update 2018-002)");
      script_summary(english:"Checks for the presence of Security Update 2018-002 (APPLE-SA-2018-10-30-2).");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a macOS security update that fixes
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote host is running macOS 10.13.6 and is missing a security
    update. It is therefore, affected by multiple vulnerabilities
    affecting the following components :
    
      - fpserver
      - AppleGraphicsControl
      - APR
      - ATS
      - CFNetwork
      - CoreAnimation
      - CoreCrypto
      - CoreFoundation
      - CUPS
      - Dictionary
      - dyld
      - EFI
      - Foundation
      - Grand Central Dispatch
      - Heimdal
      - Hypervisor
      - ICU
      - Intel Graphics Driver
      - IOGraphics
      - IOHIDFamily
      - IOKit
      - IOUserEthernet
      - IPSec
      - Kernel
      - Login Window
      - mDNSOffloadUserClient
      - MediaRemote
      - Microcode
      - NetworkExtension
      - Security
      - Spotlight
      - Symptom Framework
      - WiFi");
      script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT209193");
      # https://lists.apple.com/archives/security-announce/2018/Oct/msg00003.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f0681c90");
      script_set_attribute(attribute:"solution", value:
    "Install Security Update 2018-002 or later for 10.13.6.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-4331");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/10/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/31");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:macos");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "Host/MacOSX/packages/boms");
    
      exit(0);
    }
    include('lists.inc');
    include('vcf.inc');
    include('vcf_extras_apple.inc');
    
    app_info = vcf::apple::macos::get_app_info();
    
    constraints = [
      { 'min_version' : '10.13', 'max_version' : '10.13.6', 'fixed_build': '17G3025', 'fixed_display' : '10.13.6 Security Update 2018-002' }
    ];
    
    vcf::apple::macos::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_10_14.NASL
    descriptionThe remote host is running a version of Mac OS X that is prior to 10.13.6 or is not macOS 10.14. It is, therefore, affected by multiple vulnerabilities in the following components : - afpserver - AppleGraphicsControl - Application Firewall - App Store - APR - ATS - Auto Unlock - Bluetooth - CFNetwork - CoreFoundation - CoreText - Crash Reporter - CUPS - Dictionary - Grand Central Dispatch - Heimdal - Hypervisor - iBooks - Intel Graphics Driver - IOHIDFamily - IOKit - IOUserEthernet - Kernel - LibreSSL - Login Window - mDNSOffloadUserClient - MediaRemote - Microcode - Security - Spotlight - Symptom Framework - Text - Wi-Fi Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id118178
    published2018-10-18
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118178
    titlemacOS < 10.14 Multiple Vulnerabilities
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0115_APR.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has apr packages installed that are affected by a vulnerability: - An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. (CVE-2017-12613) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127354
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127354
    titleNewStart CGSL MAIN 4.05 : apr Vulnerability (NS-SA-2019-0115)
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL52319810.NASL
    descriptionWhen apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input. (CVE-2017-12613) Impact This vulnerability may allow unauthorized information disclosure or denial of service.
    last seen2020-06-01
    modified2020-06-02
    plugin id118678
    published2018-11-02
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118678
    titleF5 Networks BIG-IP : Apache Portable Runtime vulnerability (K52319810)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1253.NASL
    descriptionAn update for apr is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.6 Advanced Update Support, Red Hat Enterprise Linux 6.6 Telco Extended Update Support, Red Hat Enterprise Linux 6.7 Extended Update Support, Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions, and Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. Security Fix(es) : * apr: Out-of-bounds array deref in apr_time_exp*() functions (CVE-2017-12613) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id109391
    published2018-04-27
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109391
    titleRHEL 6 / 7 : apr (RHSA-2018:1253)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1196-1.NASL
    descriptionThis update fixes the following issues : - CVE-2017-12613: DoS or information disclosure in pr_exp_time*() or apr_os_exp_time*() functions (bsc#1064982). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id109679
    published2018-05-10
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109679
    titleSUSE SLES12 Security Update : libapr1 (SUSE-SU-2018:1196-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-48368DE8C9.NASL
    descriptionSecurity fix + version update Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-01-15
    plugin id105866
    published2018-01-15
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105866
    titleFedora 27 : apr (2017-48368de8c9)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-3270.NASL
    descriptionAn update for apr is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. Security Fix(es) : * An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. (CVE-2017-12613)
    last seen2020-06-01
    modified2020-06-02
    plugin id104842
    published2017-11-29
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104842
    titleRHEL 6 / 7 : apr (RHSA-2017:3270)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0001_APR.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 5.04, has apr packages installed that are affected by a vulnerability: - An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. (CVE-2017-12613) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127140
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127140
    titleNewStart CGSL MAIN 5.04 : apr Vulnerability (NS-SA-2019-0001)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1452.NASL
    descriptionAccording to the version of the apr package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak.(CVE-2017-12613) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124955
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124955
    titleEulerOS Virtualization 3.0.1.0 : apr (EulerOS-SA-2019-1452)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-8D2CFC3752.NASL
    descriptionSecurity fix + version update Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-11-16
    plugin id104603
    published2017-11-16
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104603
    titleFedora 26 : apr (2017-8d2cfc3752)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-3270.NASL
    descriptionFrom Red Hat Security Advisory 2017:3270 : An update for apr is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. Security Fix(es) : * An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. (CVE-2017-12613)
    last seen2020-06-01
    modified2020-06-02
    plugin id104838
    published2017-11-29
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104838
    titleOracle Linux 6 / 7 : apr (ELSA-2017-3270)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1304.NASL
    descriptionAccording to the version of the apr packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak.(CVE-2017-12613) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-12-01
    plugin id104922
    published2017-12-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104922
    titleEulerOS 2.0 SP2 : apr (EulerOS-SA-2017-1304)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20171129_APR_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. (CVE-2017-12613)
    last seen2020-03-18
    modified2017-11-30
    plugin id104866
    published2017-11-30
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104866
    titleScientific Linux Security Update : apr on SL6.x, SL7.x i386/x86_64 (20171129)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-450.NASL
    descriptionThis update fixes the following issues : - CVE-2017-12613: DoS or information disclosure in pr_exp_time*() or apr_os_exp_time*() functions (bsc#1064982). This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2018-05-11
    plugin id109719
    published2018-05-11
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109719
    titleopenSUSE Security Update : libapr1 (openSUSE-2018-450)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-3476.NASL
    descriptionAn update is now available for JBoss Core Services on RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. (CVE-2017-12613) * It was discovered that the use of httpd
    last seen2020-06-01
    modified2020-06-02
    plugin id105368
    published2017-12-19
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105368
    titleRHEL 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.23 (RHSA-2017:3476) (Optionsbleed)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0053_APR.NASL
    descriptionAn update of the apr package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121776
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121776
    titlePhoton OS 2.0: Apr PHSA-2017-0053
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-0466.NASL
    descriptionAn update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6 and Red Hat JBoss Web Server 3.1 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 2 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * apr: Out-of-bounds array deref in apr_time_exp*() functions (CVE-2017-12613) * tomcat: Remote Code Execution via JSP Upload (CVE-2017-12615) * tomcat: Information Disclosure when using VirtualDirContext (CVE-2017-12616) * tomcat: Remote Code Execution bypass for CVE-2017-12615 (CVE-2017-12617) * tomcat-native: Mishandling of client certificates can allow for OCSP check bypass (CVE-2017-15698) * tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304) * tomcat: Late application of security constraints can lead to resource exposure for unauthorised users (CVE-2018-1305) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id107208
    published2018-03-08
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107208
    titleRHEL 6 / 7 : Red Hat JBoss Web Server 3.1.0 Service Pack 2 (RHSA-2018:0466)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-3270.NASL
    descriptionAn update for apr is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. Security Fix(es) : * An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. (CVE-2017-12613)
    last seen2020-06-01
    modified2020-06-02
    plugin id104818
    published2017-11-29
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104818
    titleCentOS 6 / 7 : apr (CESA-2017:3270)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-3477.NASL
    descriptionAn update is now available for JBoss Core Services on RHEL 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. (CVE-2017-12613) * It was discovered that the use of httpd
    last seen2020-06-01
    modified2020-06-02
    plugin id105369
    published2017-12-19
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105369
    titleRHEL 6 : Red Hat JBoss Core Services Apache HTTP Server 2.4.23 (RHSA-2017:3477) (Optionsbleed)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1162.NASL
    descriptionIt was discovered that there was an out-of-bounds memory vulnerability in apr, a support/portability library for various applications. When the apr_exp_time*() or apr_os_exp_time*() functions were invoked with an invalid month field value, out of bounds memory may have been be accessed when converting this value to an apr_time_exp_t value. This could have potentially revealed the contents of a different static heap value or resulted in program termination. For Debian 7
    last seen2020-03-17
    modified2017-11-07
    plugin id104412
    published2017-11-07
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104412
    titleDebian DLA-1162-1 : apr security update
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0053.NASL
    descriptionAn update of [apr,ncurses] packages for PhotonOS has been released.
    last seen2019-02-08
    modified2019-02-07
    plugin id111902
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111902
    titlePhoton OS 2.0: Apr / Ncurses PHSA-2017-0053 (deprecated)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-1_0-0093.NASL
    descriptionAn update of 'linux', 'krb5', 'subversion', 'apr', 'ncurses' packages of Photon OS has been released.
    last seen2019-02-21
    modified2019-02-07
    plugin id111903
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111903
    titlePhoton OS 1.0: Apr / Krb5 / Linux / Ncurses / Subversion PHSA-2017-1.0-0093 (deprecated)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2018-005.NASL
    descriptionThe remote host is running Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components : - afpserver - AppleGraphicsControl - APR - ATS - CFNetwork - CoreAnimation - CoreCrypto - CoreFoundation - CUPS - Dictionary - dyld - Foundation - Heimdal - Hypervisor - ICU - Intel Graphics Driver - IOGraphics - IOHIDFamily - IOKit - IOUserEthernet - IPSec - Kernel - Login Window - mDNSOffloadUserClient - MediaRemote - Microcode - Perl - Ruby - Security - Spotlight - Symptom Framework - WiFi
    last seen2020-06-01
    modified2020-06-02
    plugin id118573
    published2018-10-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118573
    titlemacOS and Mac OS X Multiple Vulnerabilities (Security Update 2018-005)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1322-1.NASL
    descriptionThis update fixes the following issues : - CVE-2017-12613: DoS or information disclosure in pr_exp_time*() or apr_os_exp_time*() functions (bsc#1064982). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id109889
    published2018-05-17
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109889
    titleSUSE SLES11 Security Update : libapr1 (SUSE-SU-2018:1322-1)

Redhat

advisories
  • bugzilla
    id1506523
    titleCVE-2017-12613 apr: Out-of-bounds array deref in apr_time_exp*() functions
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentapr is earlier than 0:1.3.9-5.el6_9.1
            ovaloval:com.redhat.rhsa:tst:20173270001
          • commentapr is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110507009
        • AND
          • commentapr-devel is earlier than 0:1.3.9-5.el6_9.1
            ovaloval:com.redhat.rhsa:tst:20173270003
          • commentapr-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110507007
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentapr-devel is earlier than 0:1.4.8-3.el7_4.1
            ovaloval:com.redhat.rhsa:tst:20173270006
          • commentapr-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110507007
        • AND
          • commentapr is earlier than 0:1.4.8-3.el7_4.1
            ovaloval:com.redhat.rhsa:tst:20173270007
          • commentapr is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110507009
    rhsa
    idRHSA-2017:3270
    released2017-11-28
    severityImportant
    titleRHSA-2017:3270: apr security update (Important)
  • rhsa
    idRHSA-2017:3475
  • rhsa
    idRHSA-2017:3476
  • rhsa
    idRHSA-2017:3477
  • rhsa
    idRHSA-2018:0316
  • rhsa
    idRHSA-2018:0465
  • rhsa
    idRHSA-2018:0466
  • rhsa
    idRHSA-2018:1253
rpms
  • apr-0:1.3.9-5.el6_9.1
  • apr-0:1.4.8-3.el7_4.1
  • apr-debuginfo-0:1.3.9-5.el6_9.1
  • apr-debuginfo-0:1.4.8-3.el7_4.1
  • apr-devel-0:1.3.9-5.el6_9.1
  • apr-devel-0:1.4.8-3.el7_4.1
  • jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7
  • jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el7
  • jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el7
  • jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el7
  • jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el7
  • jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el7
  • jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el7
  • jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7
  • jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el7
  • jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7
  • jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el7
  • jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el7
  • jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el7
  • jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el7
  • jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el7
  • jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6
  • jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6
  • jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6
  • jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6
  • jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el6
  • jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6
  • jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6
  • jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6
  • jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6
  • jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6
  • jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6
  • jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6
  • jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6
  • jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6
  • jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6
  • httpd24-apr-0:1.5.1-1.el6.1
  • httpd24-apr-debuginfo-0:1.5.1-1.el6.1
  • httpd24-apr-devel-0:1.5.1-1.el6.1
  • mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6
  • mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7
  • mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el6
  • mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el7
  • mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el6
  • mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el7
  • tomcat-native-0:1.2.8-11.redhat_11.ep7.el6
  • tomcat-native-0:1.2.8-11.redhat_11.ep7.el7
  • tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6
  • tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el7
  • tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6
  • tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7
  • tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el6
  • tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el7
  • tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el6
  • tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el7
  • tomcat7-0:7.0.70-25.ep7.el6
  • tomcat7-0:7.0.70-25.ep7.el7
  • tomcat7-admin-webapps-0:7.0.70-25.ep7.el6
  • tomcat7-admin-webapps-0:7.0.70-25.ep7.el7
  • tomcat7-docs-webapp-0:7.0.70-25.ep7.el6
  • tomcat7-docs-webapp-0:7.0.70-25.ep7.el7
  • tomcat7-el-2.2-api-0:7.0.70-25.ep7.el6
  • tomcat7-el-2.2-api-0:7.0.70-25.ep7.el7
  • tomcat7-javadoc-0:7.0.70-25.ep7.el6
  • tomcat7-javadoc-0:7.0.70-25.ep7.el7
  • tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el6
  • tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el7
  • tomcat7-jsvc-0:7.0.70-25.ep7.el6
  • tomcat7-jsvc-0:7.0.70-25.ep7.el7
  • tomcat7-lib-0:7.0.70-25.ep7.el6
  • tomcat7-lib-0:7.0.70-25.ep7.el7
  • tomcat7-log4j-0:7.0.70-25.ep7.el6
  • tomcat7-log4j-0:7.0.70-25.ep7.el7
  • tomcat7-selinux-0:7.0.70-25.ep7.el6
  • tomcat7-selinux-0:7.0.70-25.ep7.el7
  • tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el6
  • tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el7
  • tomcat7-webapps-0:7.0.70-25.ep7.el6
  • tomcat7-webapps-0:7.0.70-25.ep7.el7
  • tomcat8-0:8.0.36-29.ep7.el6
  • tomcat8-0:8.0.36-29.ep7.el7
  • tomcat8-admin-webapps-0:8.0.36-29.ep7.el6
  • tomcat8-admin-webapps-0:8.0.36-29.ep7.el7
  • tomcat8-docs-webapp-0:8.0.36-29.ep7.el6
  • tomcat8-docs-webapp-0:8.0.36-29.ep7.el7
  • tomcat8-el-2.2-api-0:8.0.36-29.ep7.el6
  • tomcat8-el-2.2-api-0:8.0.36-29.ep7.el7
  • tomcat8-javadoc-0:8.0.36-29.ep7.el6
  • tomcat8-javadoc-0:8.0.36-29.ep7.el7
  • tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el6
  • tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el7
  • tomcat8-jsvc-0:8.0.36-29.ep7.el6
  • tomcat8-jsvc-0:8.0.36-29.ep7.el7
  • tomcat8-lib-0:8.0.36-29.ep7.el6
  • tomcat8-lib-0:8.0.36-29.ep7.el7
  • tomcat8-log4j-0:8.0.36-29.ep7.el6
  • tomcat8-log4j-0:8.0.36-29.ep7.el7
  • tomcat8-selinux-0:8.0.36-29.ep7.el6
  • tomcat8-selinux-0:8.0.36-29.ep7.el7
  • tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el6
  • tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el7
  • tomcat8-webapps-0:8.0.36-29.ep7.el6
  • tomcat8-webapps-0:8.0.36-29.ep7.el7
  • apr-0:1.3.9-5.el6_4.1
  • apr-0:1.3.9-5.el6_5.1
  • apr-0:1.3.9-5.el6_6.1
  • apr-0:1.3.9-5.el6_7.1
  • apr-0:1.4.8-3.el7_2.1
  • apr-0:1.4.8-3.el7_3.1
  • apr-debuginfo-0:1.3.9-5.el6_4.1
  • apr-debuginfo-0:1.3.9-5.el6_5.1
  • apr-debuginfo-0:1.3.9-5.el6_6.1
  • apr-debuginfo-0:1.3.9-5.el6_7.1
  • apr-debuginfo-0:1.4.8-3.el7_2.1
  • apr-debuginfo-0:1.4.8-3.el7_3.1
  • apr-devel-0:1.3.9-5.el6_4.1
  • apr-devel-0:1.3.9-5.el6_5.1
  • apr-devel-0:1.3.9-5.el6_6.1
  • apr-devel-0:1.3.9-5.el6_7.1
  • apr-devel-0:1.4.8-3.el7_2.1
  • apr-devel-0:1.4.8-3.el7_3.1

References