Vulnerabilities > CVE-2019-0196 - Use After Free vulnerability in multiple products

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
LOW
network
low complexity
apache
canonical
debian
CWE-416
nessus

Summary

A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4422.NASL
    descriptionSeveral vulnerabilities have been found in the Apache HTTP server. - CVE-2018-17189 Gal Goldshtein of F5 Networks discovered a denial of service vulnerability in mod_http2. By sending malformed requests, the http/2 stream for that request unnecessarily occupied a server thread cleaning up incoming data, resulting in denial of service. - CVE-2018-17199 Diego Angulo from ImExHS discovered that mod_session_cookie does not respect expiry time. - CVE-2019-0196 Craig Young discovered that the http/2 request handling in mod_http2 could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly. - CVE-2019-0211 Charles Fol discovered a privilege escalation from the less-privileged child process to the parent process running as root. - CVE-2019-0217 A race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. The issue was discovered by Simon Kappel. - CVE-2019-0220 Bernhard Lorenz of Alpha Strike Labs GmbH reported that URL normalizations were inconsistently handled. When the path component of a request URL contains multiple consecutive slashes (
    last seen2020-06-01
    modified2020-06-02
    plugin id123691
    published2019-04-04
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123691
    titleDebian DSA-4422-1 : apache2 - security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-4422. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123691);
      script_version("1.4");
      script_cvs_date("Date: 2019/04/12  9:50:26");
    
      script_cve_id("CVE-2018-17189", "CVE-2018-17199", "CVE-2019-0196", "CVE-2019-0211", "CVE-2019-0217", "CVE-2019-0220");
      script_xref(name:"DSA", value:"4422");
    
      script_name(english:"Debian DSA-4422-1 : apache2 - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been found in the Apache HTTP server.
    
      - CVE-2018-17189
        Gal Goldshtein of F5 Networks discovered a denial of
        service vulnerability in mod_http2. By sending malformed
        requests, the http/2 stream for that request
        unnecessarily occupied a server thread cleaning up
        incoming data, resulting in denial of service.
    
      - CVE-2018-17199
        Diego Angulo from ImExHS discovered that
        mod_session_cookie does not respect expiry time.
    
      - CVE-2019-0196
        Craig Young discovered that the http/2 request handling
        in mod_http2 could be made to access freed memory in
        string comparison when determining the method of a
        request and thus process the request incorrectly.
    
      - CVE-2019-0211
        Charles Fol discovered a privilege escalation from the
        less-privileged child process to the parent process
        running as root.
    
      - CVE-2019-0217
        A race condition in mod_auth_digest when running in a
        threaded server could allow a user with valid
        credentials to authenticate using another username,
        bypassing configured access control restrictions. The
        issue was discovered by Simon Kappel.
    
      - CVE-2019-0220
        Bernhard Lorenz of Alpha Strike Labs GmbH reported that
        URL normalizations were inconsistently handled. When the
        path component of a request URL contains multiple
        consecutive slashes ('/'), directives such as
        LocationMatch and RewriteRule must account for
        duplicates in regular expressions while other aspects of
        the servers processing will implicitly collapse them."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920302"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920303"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2018-17189"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2018-17199"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-0196"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-0211"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-0217"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-0220"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/source-package/apache2"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/stretch/apache2"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2019/dsa-4422"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the apache2 packages.
    
    For the stable distribution (stretch), these problems have been fixed
    in version 2.4.25-3+deb9u7.
    
    This update also contains bug fixes that were scheduled for inclusion
    in the next stable point release. This includes a fix for a regression
    caused by a security fix in version 2.4.25-3+deb9u6."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:apache2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"9.0", prefix:"apache2", reference:"2.4.25-3+deb9u7")) flag++;
    if (deb_check(release:"9.0", prefix:"apache2-bin", reference:"2.4.25-3+deb9u7")) flag++;
    if (deb_check(release:"9.0", prefix:"apache2-data", reference:"2.4.25-3+deb9u7")) flag++;
    if (deb_check(release:"9.0", prefix:"apache2-dbg", reference:"2.4.25-3+deb9u7")) flag++;
    if (deb_check(release:"9.0", prefix:"apache2-dev", reference:"2.4.25-3+deb9u7")) flag++;
    if (deb_check(release:"9.0", prefix:"apache2-doc", reference:"2.4.25-3+deb9u7")) flag++;
    if (deb_check(release:"9.0", prefix:"apache2-ssl-dev", reference:"2.4.25-3+deb9u7")) flag++;
    if (deb_check(release:"9.0", prefix:"apache2-suexec-custom", reference:"2.4.25-3+deb9u7")) flag++;
    if (deb_check(release:"9.0", prefix:"apache2-suexec-pristine", reference:"2.4.25-3+deb9u7")) flag++;
    if (deb_check(release:"9.0", prefix:"apache2-utils", reference:"2.4.25-3+deb9u7")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyWeb Servers
    NASL idAPACHE_2_4_39.NASL
    descriptionAccording to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.39. It is, therefore, affected by multiple vulnerabilities: - A privilege escalation vulnerability exists in module scripts due to an ability to execute arbitrary code as the parent process by manipulating the scoreboard. (CVE-2019-0211) - An access control bypass vulnerability exists in mod_auth_digest due to a race condition when running in a threaded server. An attacker with valid credentials could authenticate using another username. (CVE-2019-0217) - An access control bypass vulnerability exists in mod_ssl when using per-location client certificate verification with TLSv1.3. (CVE-2019-0215) In addition, Apache httpd is also affected by several additional vulnerabilities including a denial of service, read-after-free and URL path normalization inconsistencies. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id123642
    published2019-04-02
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123642
    titleApache 2.4.x < 2.4.39 Multiple Vulnerabilities
    code
    
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123642);
      script_version("1.5");
      script_cvs_date("Date: 2019/08/22 16:57:38");
    
      script_cve_id(
        "CVE-2019-0196",
        "CVE-2019-0197",
        "CVE-2019-0211",
        "CVE-2019-0215",
        "CVE-2019-0217",
        "CVE-2019-0220"
      );
    
      script_name(english:"Apache 2.4.x < 2.4.39 Multiple Vulnerabilities");
      script_summary(english:"Checks version in Server response header.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote web server is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its banner, the version of Apache running on the remote
    host is 2.4.x prior to 2.4.39. It is, therefore, affected by multiple
    vulnerabilities:
    
      - A privilege escalation vulnerability exists in
        module scripts due to an ability to execute arbitrary
        code as the parent process by manipulating the
        scoreboard. (CVE-2019-0211)
    
      - An access control bypass vulnerability exists in 
        mod_auth_digest due to a race condition when running
        in a threaded server. An attacker with valid credentials
        could authenticate using another username. (CVE-2019-0217)
    
      - An access control bypass vulnerability exists in 
        mod_ssl when using per-location client certificate
        verification with TLSv1.3. (CVE-2019-0215)
    
    In addition, Apache httpd is also affected by several additional 
    vulnerabilities including a denial of service, read-after-free
    and URL path normalization inconsistencies. 
    
    Note that Nessus has not tested for these issues but has instead
    relied only on the application's self-reported version number.");
      # https://httpd.apache.org/security/vulnerabilities_24.html#2.4.39
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a84bee48");
      # https://httpd.apache.org/security/vulnerabilities-httpd.xml
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?586e6a34");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Apache version 2.4.39 or later.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-0211");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/01");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/02");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:http_server");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:httpd");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Web Servers");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("apache_http_version.nasl");
      script_require_keys("installed_sw/Apache");
      script_require_ports("Services/www", 80);
    
      exit(0);
    }
    
    include("vcf.inc");
    include("http.inc");
    
    port = get_http_port(default:80);
    kb_base = 'www/apache/'+port+'/';
    kb_ver = NULL;
    kb_backport = NULL;
    kb_source = NULL;
    
    if (get_kb_item(kb_base+'version')) kb_ver = kb_base+'version';
    if (get_kb_item(kb_base+'backported')) kb_backport = kb_base+'backported';
    if (get_kb_item(kb_base+'source')) kb_source = kb_base+'source';
    
    app_info = vcf::get_app_info(
      app:'Apache',
      port:port,
      kb_ver:kb_ver,
      kb_backport:kb_backport,
      kb_source:kb_source,
      service:TRUE
    );
    
    vcf::check_granularity(app_info:app_info, sig_segments:3);
    
    # 2.4.39
    constraints = [
      { 'min_version':'2.4', 'fixed_version':'2.4.39' }
    ];
    
    vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-CF7695B470.NASL
    descriptionResolves: #1695046 CVE-2019-0196 CVE-2019-0197 CVE-2019-0215 CVE-2019-0217 CVE-2019-0220 httpd: various flaws Resolves: #1694510 httpd-2.4.39 is available Resolves: #1694986 - CVE-2019-0211 httpd: privilege escalation from modules scripts Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124541
    published2019-05-02
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124541
    titleFedora 30 : httpd (2019-cf7695b470)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2019-cf7695b470.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124541);
      script_version("1.3");
      script_cvs_date("Date: 2019/09/23 11:21:11");
    
      script_cve_id("CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220");
      script_xref(name:"FEDORA", value:"2019-cf7695b470");
    
      script_name(english:"Fedora 30 : httpd (2019-cf7695b470)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Resolves: #1695046 CVE-2019-0196 CVE-2019-0197 CVE-2019-0215
    CVE-2019-0217 CVE-2019-0220 httpd: various flaws Resolves: #1694510
    httpd-2.4.39 is available Resolves: #1694986 - CVE-2019-0211 httpd:
    privilege escalation from modules scripts
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-cf7695b470"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected httpd package.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:httpd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC30", reference:"httpd-2.4.39-2.fc30")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3937-1.NASL
    descriptionCharles Fol discovered that the Apache HTTP Server incorrectly handled the scoreboard shared memory area. A remote attacker able to upload and run scripts could possibly use this issue to execute arbitrary code with root privileges. (CVE-2019-0211) It was discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-17189) It was discovered that the Apache HTTP Server incorrectly handled session expiry times. When used with mod_session_cookie, this may result in the session expiry time to be ignored, contrary to expectations. (CVE-2018-17199) Craig Young discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to process requests incorrectly. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2019-0196) Simon Kappel discovered that the Apache HTTP Server mod_auth_digest module incorrectly handled threads. A remote attacker with valid credentials could possibly use this issue to authenticate using another username, bypassing access control restrictions. (CVE-2019-0217) Bernhard Lorenz discovered that the Apache HTTP Server was inconsistent when processing requests containing multiple consecutive slashes. This could lead to directives such as LocationMatch and RewriteRule to perform contrary to expectations. (CVE-2019-0220). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123787
    published2019-04-05
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123787
    titleUbuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : apache2 vulnerabilities (USN-3937-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3937-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123787);
      script_version("1.5");
      script_cvs_date("Date: 2019/09/18 12:31:49");
    
      script_cve_id("CVE-2018-17189", "CVE-2018-17199", "CVE-2019-0196", "CVE-2019-0211", "CVE-2019-0217", "CVE-2019-0220");
      script_xref(name:"USN", value:"3937-1");
    
      script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : apache2 vulnerabilities (USN-3937-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Charles Fol discovered that the Apache HTTP Server incorrectly handled
    the scoreboard shared memory area. A remote attacker able to upload
    and run scripts could possibly use this issue to execute arbitrary
    code with root privileges. (CVE-2019-0211)
    
    It was discovered that the Apache HTTP Server HTTP/2 module
    incorrectly handled certain requests. A remote attacker could possibly
    use this issue to cause the server to consume resources, leading to a
    denial of service. This issue only affected Ubuntu 18.04 LTS and
    Ubuntu 18.10. (CVE-2018-17189)
    
    It was discovered that the Apache HTTP Server incorrectly handled
    session expiry times. When used with mod_session_cookie, this may
    result in the session expiry time to be ignored, contrary to
    expectations. (CVE-2018-17199)
    
    Craig Young discovered that the Apache HTTP Server HTTP/2 module
    incorrectly handled certain requests. A remote attacker could possibly
    use this issue to cause the server to process requests incorrectly.
    This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10.
    (CVE-2019-0196)
    
    Simon Kappel discovered that the Apache HTTP Server mod_auth_digest
    module incorrectly handled threads. A remote attacker with valid
    credentials could possibly use this issue to authenticate using
    another username, bypassing access control restrictions.
    (CVE-2019-0217)
    
    Bernhard Lorenz discovered that the Apache HTTP Server was
    inconsistent when processing requests containing multiple consecutive
    slashes. This could lead to directives such as LocationMatch and
    RewriteRule to perform contrary to expectations. (CVE-2019-0220).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3937-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected apache2-bin package."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-bin");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/05");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(14\.04|16\.04|18\.04|18\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 18.04 / 18.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"14.04", pkgname:"apache2-bin", pkgver:"2.4.7-1ubuntu4.22")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"apache2-bin", pkgver:"2.4.18-2ubuntu3.10")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"apache2-bin", pkgver:"2.4.29-1ubuntu4.6")) flag++;
    if (ubuntu_check(osver:"18.10", pkgname:"apache2-bin", pkgver:"2.4.34-1ubuntu2.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-bin");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1189.NASL
    descriptionIn Apache HTTP Server with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. (CVE-2019-0211) mod_http2: read-after-free on a string compare (CVE-2019-0196) mod_http2: possible crash on late upgrade (CVE-2019-0197) httpd: URL normalization inconsistency (CVE-2019-0220) In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.(CVE-2019-0215) A race condition was found in mod_auth_digest when the web server was running in a threaded MPM configuration. It could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.(CVE-2019-0217)
    last seen2020-06-01
    modified2020-06-02
    plugin id124125
    published2019-04-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124125
    titleAmazon Linux 2 : httpd (ALAS-2019-1189)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux 2 Security Advisory ALAS-2019-1189.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124125);
      script_version("1.3");
      script_cvs_date("Date: 2019/05/21  9:43:50");
    
      script_cve_id("CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220");
      script_xref(name:"ALAS", value:"2019-1189");
    
      script_name(english:"Amazon Linux 2 : httpd (ALAS-2019-1189)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux 2 host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "In Apache HTTP Server with MPM event, worker or prefork, code
    executing in less-privileged child processes or threads (including
    scripts executed by an in-process scripting interpreter) could execute
    arbitrary code with the privileges of the parent process (usually
    root) by manipulating the scoreboard. (CVE-2019-0211)
    
    mod_http2: read-after-free on a string compare (CVE-2019-0196)
    
    mod_http2: possible crash on late upgrade (CVE-2019-0197)
    
    httpd: URL normalization inconsistency (CVE-2019-0220)
    
    In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl
    when using per-location client certificate verification with TLSv1.3
    allowed a client to bypass configured access control
    restrictions.(CVE-2019-0215)
    
    A race condition was found in mod_auth_digest when the web server was
    running in a threaded MPM configuration. It could allow a user with
    valid credentials to authenticate using another username, bypassing
    configured access control restrictions.(CVE-2019-0217)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/AL2/ALAS-2019-1189.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update httpd' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd-filesystem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd-manual");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mod_ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mod_md");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mod_proxy_html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mod_session");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mod_ssl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/18");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "2")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"AL2", reference:"httpd-2.4.39-1.amzn2.0.1")) flag++;
    if (rpm_check(release:"AL2", reference:"httpd-debuginfo-2.4.39-1.amzn2.0.1")) flag++;
    if (rpm_check(release:"AL2", reference:"httpd-devel-2.4.39-1.amzn2.0.1")) flag++;
    if (rpm_check(release:"AL2", reference:"httpd-filesystem-2.4.39-1.amzn2.0.1")) flag++;
    if (rpm_check(release:"AL2", reference:"httpd-manual-2.4.39-1.amzn2.0.1")) flag++;
    if (rpm_check(release:"AL2", reference:"httpd-tools-2.4.39-1.amzn2.0.1")) flag++;
    if (rpm_check(release:"AL2", reference:"mod_ldap-2.4.39-1.amzn2.0.1")) flag++;
    if (rpm_check(release:"AL2", reference:"mod_md-2.4.39-1.amzn2.0.1")) flag++;
    if (rpm_check(release:"AL2", reference:"mod_proxy_html-2.4.39-1.amzn2.0.1")) flag++;
    if (rpm_check(release:"AL2", reference:"mod_session-2.4.39-1.amzn2.0.1")) flag++;
    if (rpm_check(release:"AL2", reference:"mod_ssl-2.4.39-1.amzn2.0.1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd / httpd-debuginfo / httpd-devel / httpd-filesystem / etc");
    }
    
  • NASL familyMisc.
    NASL idORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JUL_2019_CPU.NASL
    descriptionThe version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - An unspecified vulnerability in Networking (cURL) subcomponent of Oracle Enterprise Manager Ops Center, which could allow an unauthenticated attacker with network access to compromise Enterprise Manager Ops Center. (CVE-2019-3822) - An unspecified vulnerability in Networking (OpenSSL) subcomponent of Oracle Enterprise Manager Ops Center, which could allow an unauthenticated attacker with network access to compromise Enterprise Manager Ops Center. (CVE-2019-1559) - An unspecified vulnerability in Networking (OpenSSL) subcomponent of Oracle Enterprise Manager Ops Center, which could allow a low privileged attacker with network access to compromise Enterprise Manager Ops Center. (CVE-2019-2728)
    last seen2020-06-01
    modified2020-06-02
    plugin id126777
    published2019-07-17
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126777
    titleOracle Enterprise Manager Ops Center (Jul 2019 CPU)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(126777);
      script_version("1.3");
      script_cvs_date("Date: 2019/11/14");
    
      script_cve_id(
        "CVE-2019-3822",
        "CVE-2019-0211",
        "CVE-2019-1559",
        "CVE-2019-2728",
        "CVE-2019-0196",
        "CVE-2019-0197",
        "CVE-2019-0215",
        "CVE-2019-0217",
        "CVE-2019-0220"
      );
    
      script_name(english:"Oracle Enterprise Manager Ops Center (Jul 2019 CPU)");
      script_summary(english:"Checks for the patch ID.");
      script_set_attribute(attribute:"synopsis", value:
    "An enterprise management application installed on the remote host is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Oracle Enterprise Manager Cloud Control installed on
    the remote host is affected by multiple vulnerabilities in
    Enterprise Manager Base Platform component:
    
      - An unspecified vulnerability in Networking (cURL) subcomponent
        of Oracle Enterprise Manager Ops Center, which could allow
        an unauthenticated attacker with network access to
        compromise Enterprise Manager Ops Center. (CVE-2019-3822)
    
      - An unspecified vulnerability in Networking (OpenSSL) subcomponent
        of Oracle Enterprise Manager Ops Center, which could allow
        an unauthenticated attacker with network access to
        compromise Enterprise Manager Ops Center. (CVE-2019-1559)
    
      - An unspecified vulnerability in Networking (OpenSSL) subcomponent
        of Oracle Enterprise Manager Ops Center, which could allow
        a low privileged attacker with network access to
        compromise Enterprise Manager Ops Center. (CVE-2019-2728)
    
    ");
      # https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9aa2b901");
      script_set_attribute(attribute:"solution", value:
    "Apply the appropriate patch according to the July 2019
    Oracle Critical Patch Update advisory.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-3822");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/07/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/17");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"agent", value:"unix");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:enterprise_manager_ops_center");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("oracle_enterprise_manager_ops_center_installed.nbin");
      script_require_keys("installed_sw/Oracle Enterprise Manager Ops Center");
    
      exit(0);
    }
    
    include('global_settings.inc');
    include('misc_func.inc');
    include('install_func.inc');
    
    get_kb_item_or_exit('Host/local_checks_enabled');
    app_name = 'Oracle Enterprise Manager Ops Center';
    
    install = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);
    version = install['version'];
    version_full = install['Full Patch Version'];
    path = install['path'];
    patch_version = install['Patch Version'];
    
    
    patchid = NULL;
    fix = NULL;
    
    if (version_full =~ "^12\.3\.3\.")
    {
      patchid = '29943334';
      fix = '1821';
    } 
    else if (version_full =~ "^12\.4\.0\.")
    {
      patchid = '30044132';
      fix = '1203';
    }
    
    if (isnull(patchid))
      audit(AUDIT_HOST_NOT, 'affected');
    
    if (ver_compare(ver:patch_version, fix:fix, strict:FALSE) != -1)
      audit(AUDIT_INST_PATH_NOT_VULN, app_name, version_full, path);
    
    report = 
      '\n Path                : ' + path + 
      '\n Version             : ' + version + 
      '\n Ops Agent Version   : ' + version_full + 
      '\n Current Patch       : ' + patch_version + 
      '\n Fixed Patch Version : ' + fix +
      '\n Fix                 : ' + patchid;
    
    security_report_v4(extra:report, severity:SECURITY_HOLE, port:0);
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0878-1.NASL
    descriptionThis update for apache2 fixes the following issues : CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241] CVE-2019-0217: A race condition in Apache
    last seen2020-06-01
    modified2020-06-02
    plugin id123785
    published2019-04-05
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123785
    titleSUSE SLES12 Security Update : apache2 (SUSE-SU-2019:0878-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:0878-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123785);
      script_version("1.5");
      script_cvs_date("Date: 2019/09/10 13:51:50");
    
      script_cve_id("CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0217", "CVE-2019-0220");
    
      script_name(english:"SUSE SLES12 Security Update : apache2 (SUSE-SU-2019:0878-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for apache2 fixes the following issues :
    
    CVE-2019-0220: The Apache HTTP server did not use a consistent
    strategy for URL normalization throughout all of its components. In
    particular, consecutive slashes were not always collapsed. Attackers
    could potentially abuse these inconsistencies to by-pass access
    control mechanisms and thus gain unauthorized access to protected
    parts of the service. [bsc#1131241]
    
    CVE-2019-0217: A race condition in Apache's 'mod_auth_digest' when
    running in a threaded server could have allowed users with valid
    credentials to authenticate using another username, bypassing
    configured access control restrictions. [bsc#1131239]
    
    CVE-2019-0211: A flaw in the Apache HTTP Server allowed
    less-privileged child processes or threads to execute arbitrary code
    with the privileges of the parent process. Attackers with control over
    CGI scripts or extension modules run by the server could have abused
    this issue to potentially gain super user privileges. [bsc#1131233]
    
    CVE-2019-0197: When HTTP/2 support was enabled in the Apache server
    for a 'http' host or H2Upgrade was enabled for h2 on a 'https' host,
    an Upgrade request from http/1.1 to http/2 that was not the first
    request on a connection could lead to a misconfiguration and crash.
    This issue could have been abused to mount a denial-of-service attack.
    Servers that never enabled the h2 protocol or that only enabled it for
    https: and did not configure the 'H2Upgrade on' are unaffected.
    [bsc#1131245]
    
    CVE-2019-0196: Through specially crafted network input the Apache's
    http/2 request handler could be lead to access previously freed memory
    while determining the method of a request. This resulted in the
    request being misclassified and thus being processed incorrectly.
    [bsc#1131237]
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1131233"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1131237"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1131239"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1131241"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1131245"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-0196/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-0197/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-0211/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-0217/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-0220/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20190878-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?62e5190f"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE OpenStack Cloud 7:zypper in -t patch
    SUSE-OpenStack-Cloud-7-2019-878=1
    
    SUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t
    patch SUSE-SLE-SDK-12-SP4-2019-878=1
    
    SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
    patch SUSE-SLE-SDK-12-SP3-2019-878=1
    
    SUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch
    SUSE-SLE-SAP-12-SP2-2019-878=1
    
    SUSE Linux Enterprise Server 12-SP4:zypper in -t patch
    SUSE-SLE-SERVER-12-SP4-2019-878=1
    
    SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
    SUSE-SLE-SERVER-12-SP3-2019-878=1
    
    SUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-SP2-2019-878=1
    
    SUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch
    SUSE-SLE-SERVER-12-SP2-BCL-2019-878=1
    
    SUSE Enterprise Storage 4:zypper in -t patch SUSE-Storage-4-2019-878=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-example-pages");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-prefork");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-prefork-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-utils-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-worker");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-worker-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/05");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(2|3|4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP2/3/4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"4", reference:"apache2-2.4.23-29.40.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"apache2-debuginfo-2.4.23-29.40.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"apache2-debugsource-2.4.23-29.40.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"apache2-example-pages-2.4.23-29.40.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"apache2-prefork-2.4.23-29.40.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"apache2-prefork-debuginfo-2.4.23-29.40.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"apache2-utils-2.4.23-29.40.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"apache2-utils-debuginfo-2.4.23-29.40.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"apache2-worker-2.4.23-29.40.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"apache2-worker-debuginfo-2.4.23-29.40.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"apache2-2.4.23-29.40.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"apache2-debuginfo-2.4.23-29.40.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"apache2-debugsource-2.4.23-29.40.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"apache2-example-pages-2.4.23-29.40.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"apache2-prefork-2.4.23-29.40.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"apache2-prefork-debuginfo-2.4.23-29.40.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"apache2-utils-2.4.23-29.40.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"apache2-utils-debuginfo-2.4.23-29.40.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"apache2-worker-2.4.23-29.40.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"apache2-worker-debuginfo-2.4.23-29.40.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"apache2-2.4.23-29.40.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"apache2-debuginfo-2.4.23-29.40.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"apache2-debugsource-2.4.23-29.40.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"apache2-example-pages-2.4.23-29.40.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"apache2-prefork-2.4.23-29.40.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"apache2-prefork-debuginfo-2.4.23-29.40.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"apache2-utils-2.4.23-29.40.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"apache2-utils-debuginfo-2.4.23-29.40.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"apache2-worker-2.4.23-29.40.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"apache2-worker-debuginfo-2.4.23-29.40.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"apache2-2.4.23-29.40.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"apache2-debuginfo-2.4.23-29.40.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"apache2-debugsource-2.4.23-29.40.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"apache2-example-pages-2.4.23-29.40.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"apache2-prefork-2.4.23-29.40.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"apache2-prefork-debuginfo-2.4.23-29.40.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"apache2-utils-2.4.23-29.40.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"apache2-utils-debuginfo-2.4.23-29.40.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"apache2-worker-2.4.23-29.40.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"apache2-worker-debuginfo-2.4.23-29.40.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1190.NASL
    descriptionThis update for apache2 fixes the following issues : - CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241] - CVE-2019-0217: A race condition in Apache
    last seen2020-06-01
    modified2020-06-02
    plugin id124017
    published2019-04-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124017
    titleopenSUSE Security Update : apache2 (openSUSE-2019-1190)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-1190.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124017);
      script_version("1.2");
      script_cvs_date("Date: 2019/04/30 14:30:16");
    
      script_cve_id("CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0217", "CVE-2019-0220");
    
      script_name(english:"openSUSE Security Update : apache2 (openSUSE-2019-1190)");
      script_summary(english:"Check for the openSUSE-2019-1190 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for apache2 fixes the following issues :
    
      - CVE-2019-0220: The Apache HTTP server did not use a
        consistent strategy for URL normalization throughout all
        of its components. In particular, consecutive slashes
        were not always collapsed. Attackers could potentially
        abuse these inconsistencies to by-pass access control
        mechanisms and thus gain unauthorized access to
        protected parts of the service. [bsc#1131241]
    
      - CVE-2019-0217: A race condition in Apache's
        'mod_auth_digest' when running in a threaded server
        could have allowed users with valid credentials to
        authenticate using another username, bypassing
        configured access control restrictions. [bsc#1131239]
    
      - CVE-2019-0211: A flaw in the Apache HTTP Server allowed
        less-privileged child processes or threads to execute
        arbitrary code with the privileges of the parent
        process. Attackers with control over CGI scripts or
        extension modules run by the server could have abused
        this issue to potentially gain super user privileges.
        [bsc#1131233]
    
      - CVE-2019-0197: When HTTP/2 support was enabled in the
        Apache server for a 'http' host or H2Upgrade was enabled
        for h2 on a 'https' host, an Upgrade request from
        http/1.1 to http/2 that was not the first request on a
        connection could lead to a misconfiguration and crash.
        This issue could have been abused to mount a
        denial-of-service attack. Servers that never enabled the
        h2 protocol or that only enabled it for https: and did
        not configure the 'H2Upgrade on' are unaffected.
        [bsc#1131245]
    
      - CVE-2019-0196: Through specially crafted network input
        the Apache's http/2 request handler could be lead to
        access previously freed memory while determining the
        method of a request. This resulted in the request being
        misclassified and thus being processed incorrectly.
        [bsc#1131237]
    
    This update was imported from the SUSE:SLE-12-SP2:Update update
    project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131233"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131237"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131239"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131241"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131245"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected apache2 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-event");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-event-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-example-pages");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-prefork");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-prefork-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-utils-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-worker");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-worker-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.3", reference:"apache2-2.4.23-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"apache2-debuginfo-2.4.23-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"apache2-debugsource-2.4.23-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"apache2-devel-2.4.23-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"apache2-event-2.4.23-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"apache2-event-debuginfo-2.4.23-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"apache2-example-pages-2.4.23-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"apache2-prefork-2.4.23-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"apache2-prefork-debuginfo-2.4.23-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"apache2-utils-2.4.23-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"apache2-utils-debuginfo-2.4.23-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"apache2-worker-2.4.23-45.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"apache2-worker-debuginfo-2.4.23-45.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2 / apache2-debuginfo / apache2-debugsource / apache2-devel / etc");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1505.NASL
    descriptionAccording to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.(CVE-2020-1927) - In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.(CVE-2020-1934) - A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.(CVE-2019-0196) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2020-04-20
    plugin id135738
    published2020-04-20
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135738
    titleEulerOS 2.0 SP8 : httpd (EulerOS-SA-2020-1505)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(135738);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/01");
    
      script_cve_id(
        "CVE-2019-0196",
        "CVE-2020-1927",
        "CVE-2020-1934"
      );
    
      script_name(english:"EulerOS 2.0 SP8 : httpd (EulerOS-SA-2020-1505)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the httpd packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - In Apache HTTP Server 2.4.0 to 2.4.41, redirects
        configured with mod_rewrite that were intended to be
        self-referential might be fooled by encoded newlines
        and redirect instead to an an unexpected URL within the
        request URL.(CVE-2020-1927)
    
      - In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp
        may use uninitialized memory when proxying to a
        malicious FTP server.(CVE-2020-1934)
    
      - A vulnerability was found in Apache HTTP Server 2.4.17
        to 2.4.38. Using fuzzed network input, the http/2
        request handling could be made to access freed memory
        in string comparison when determining the method of a
        request and thus process the request
        incorrectly.(CVE-2019-0196)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1505
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bb0cd46f");
      script_set_attribute(attribute:"solution", value:
    "Update the affected httpd packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/20");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:httpd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:httpd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:httpd-filesystem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:httpd-manual");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:httpd-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:mod_session");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:mod_ssl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["httpd-2.4.34-8.h14.eulerosv2r8",
            "httpd-devel-2.4.34-8.h14.eulerosv2r8",
            "httpd-filesystem-2.4.34-8.h14.eulerosv2r8",
            "httpd-manual-2.4.34-8.h14.eulerosv2r8",
            "httpd-tools-2.4.34-8.h14.eulerosv2r8",
            "mod_session-2.4.34-8.h14.eulerosv2r8",
            "mod_ssl-2.4.34-8.h14.eulerosv2r8"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0873-1.NASL
    descriptionThis update for apache2 fixes the following issues : CVE-2019-0211: A flaw in the Apache HTTP Server allowed less-privileged child processes or threads to execute arbitrary code with the privileges of the parent process. Attackers with control over CGI scripts or extension modules run by the server could have abused this issue to potentially gain super user privileges. [bsc#1131233] CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241] CVE-2019-0217: A race condition in Apache
    last seen2020-06-01
    modified2020-06-02
    plugin id123782
    published2019-04-05
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123782
    titleSUSE SLED15 / SLES15 Security Update : apache2 (SUSE-SU-2019:0873-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:0873-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123782);
      script_version("1.5");
      script_cvs_date("Date: 2019/09/10 13:51:50");
    
      script_cve_id("CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0217", "CVE-2019-0220");
    
      script_name(english:"SUSE SLED15 / SLES15 Security Update : apache2 (SUSE-SU-2019:0873-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for apache2 fixes the following issues :
    
    CVE-2019-0211: A flaw in the Apache HTTP Server allowed
    less-privileged child processes or threads to execute arbitrary code
    with the privileges of the parent process. Attackers with control over
    CGI scripts or extension modules run by the server could have abused
    this issue to potentially gain super user privileges. [bsc#1131233]
    
    CVE-2019-0220: The Apache HTTP server did not use a consistent
    strategy for URL normalization throughout all of its components. In
    particular, consecutive slashes were not always collapsed. Attackers
    could potentially abuse these inconsistencies to by-pass access
    control mechanisms and thus gain unauthorized access to protected
    parts of the service. [bsc#1131241]
    
    CVE-2019-0217: A race condition in Apache's 'mod_auth_digest' when
    running in a threaded server could have allowed users with valid
    credentials to authenticate using another username, bypassing
    configured access control restrictions. [bsc#1131239]
    
    CVE-2019-0197: When HTTP/2 support was enabled in the Apache server
    for a 'http' host or H2Upgrade was enabled for h2 on a 'https' host,
    an Upgrade request from http/1.1 to http/2 that was not the first
    request on a connection could lead to a misconfiguration and crash.
    This issue could have been abused to mount a denial-of-service attack.
    Servers that never enabled the h2 protocol or that only enabled it for
    https: and did not configure the 'H2Upgrade on' are unaffected.
    [bsc#1131245]
    
    CVE-2019-0196: Through specially crafted network input the Apache's
    http/2 request handler could be lead to access previously freed memory
    while determining the method of a request. This resulted in the
    request being misclassified and thus being processed incorrectly.
    [bsc#1131237]
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1131233"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1131237"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1131239"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1131241"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1131245"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-0196/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-0197/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-0211/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-0217/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-0220/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20190873-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?e2aa985a"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Module for Server Applications 15:zypper in -t
    patch SUSE-SLE-Module-Server-Applications-15-2019-873=1
    
    SUSE Linux Enterprise Module for Open Buildservice Development Tools
    15:zypper in -t patch
    SUSE-SLE-Module-Development-Tools-OBS-15-2019-873=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-event");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-event-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-example-pages");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-prefork");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-prefork-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-utils-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-worker");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-worker-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/05");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0", os_ver + " SP" + sp);
    if (os_ver == "SLED15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES15", sp:"0", reference:"apache2-2.4.33-3.15.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"apache2-debuginfo-2.4.33-3.15.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"apache2-debugsource-2.4.33-3.15.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"apache2-devel-2.4.33-3.15.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"apache2-prefork-2.4.33-3.15.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"apache2-prefork-debuginfo-2.4.33-3.15.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"apache2-utils-2.4.33-3.15.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"apache2-utils-debuginfo-2.4.33-3.15.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"apache2-worker-2.4.33-3.15.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"apache2-worker-debuginfo-2.4.33-3.15.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"apache2-debuginfo-2.4.33-3.15.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"apache2-debugsource-2.4.33-3.15.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"apache2-event-2.4.33-3.15.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"apache2-event-debuginfo-2.4.33-3.15.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"apache2-example-pages-2.4.33-3.15.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"apache2-debuginfo-2.4.33-3.15.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"apache2-debugsource-2.4.33-3.15.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"apache2-event-2.4.33-3.15.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"apache2-event-debuginfo-2.4.33-3.15.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"apache2-example-pages-2.4.33-3.15.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1264.NASL
    descriptionA vulnerability was found in Apache HTTP Server 2.4. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly. (CVE-2019-0196)
    last seen2020-06-01
    modified2020-06-02
    plugin id127466
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127466
    titleAmazon Linux 2 : mod_http2 (ALAS-2019-1264)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux 2 Security Advisory ALAS-2019-1264.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(127466);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/06");
    
      script_cve_id("CVE-2019-0196");
      script_xref(name:"ALAS", value:"2019-1264");
    
      script_name(english:"Amazon Linux 2 : mod_http2 (ALAS-2019-1264)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux 2 host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A vulnerability was found in Apache HTTP Server 2.4. Using fuzzed
    network input, the http/2 request handling could be made to access
    freed memory in string comparison when determining the method of a
    request and thus process the request incorrectly. (CVE-2019-0196)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/AL2/ALAS-2019-1264.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update mod_http2' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mod_http2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mod_http2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/08/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "2")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"AL2", reference:"mod_http2-1.15.1-1.amzn2")) flag++;
    if (rpm_check(release:"AL2", reference:"mod_http2-debuginfo-1.15.1-1.amzn2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mod_http2 / mod_http2-debuginfo");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1258.NASL
    descriptionThis update for apache2 fixes the following issues : - CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241] - CVE-2019-0217: A race condition in Apache
    last seen2020-06-01
    modified2020-06-02
    plugin id124264
    published2019-04-24
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124264
    titleopenSUSE Security Update : apache2 (openSUSE-2019-1258)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-1258.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124264);
      script_version("1.2");
      script_cvs_date("Date: 2019/04/30 14:30:16");
    
      script_cve_id("CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0217", "CVE-2019-0220");
    
      script_name(english:"openSUSE Security Update : apache2 (openSUSE-2019-1258)");
      script_summary(english:"Check for the openSUSE-2019-1258 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for apache2 fixes the following issues :
    
      - CVE-2019-0220: The Apache HTTP server did not use a
        consistent strategy for URL normalization throughout all
        of its components. In particular, consecutive slashes
        were not always collapsed. Attackers could potentially
        abuse these inconsistencies to by-pass access control
        mechanisms and thus gain unauthorized access to
        protected parts of the service. [bsc#1131241]
    
      - CVE-2019-0217: A race condition in Apache's
        'mod_auth_digest' when running in a threaded server
        could have allowed users with valid credentials to
        authenticate using another username, bypassing
        configured access control restrictions. [bsc#1131239]
    
      - CVE-2019-0211: A flaw in the Apache HTTP Server allowed
        less-privileged child processes or threads to execute
        arbitrary code with the privileges of the parent
        process. Attackers with control over CGI scripts or
        extension modules run by the server could have abused
        this issue to potentially gain super user privileges.
        [bsc#1131233]
    
      - CVE-2019-0197: When HTTP/2 support was enabled in the
        Apache server for a 'http' host or H2Upgrade was enabled
        for h2 on a 'https' host, an Upgrade request from
        http/1.1 to http/2 that was not the first request on a
        connection could lead to a misconfiguration and crash.
        This issue could have been abused to mount a
        denial-of-service attack. Servers that never enabled the
        h2 protocol or that only enabled it for https: and did
        not configure the 'H2Upgrade on' are unaffected.
        [bsc#1131245]
    
      - CVE-2019-0196: Through specially crafted network input
        the Apache's http/2 request handler could be lead to
        access previously freed memory while determining the
        method of a request. This resulted in the request being
        misclassified and thus being processed incorrectly.
        [bsc#1131237]
    
    This update was imported from the SUSE:SLE-12-SP2:Update update
    project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131233"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131237"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131239"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131241"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131245"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected apache2 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-event");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-event-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-example-pages");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-prefork");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-prefork-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-utils-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-worker");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-worker-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.3", reference:"apache2-2.4.23-49.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"apache2-debuginfo-2.4.23-49.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"apache2-debugsource-2.4.23-49.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"apache2-devel-2.4.23-49.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"apache2-event-2.4.23-49.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"apache2-event-debuginfo-2.4.23-49.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"apache2-example-pages-2.4.23-49.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"apache2-prefork-2.4.23-49.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"apache2-prefork-debuginfo-2.4.23-49.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"apache2-utils-2.4.23-49.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"apache2-utils-debuginfo-2.4.23-49.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"apache2-worker-2.4.23-49.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"apache2-worker-debuginfo-2.4.23-49.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2 / apache2-debuginfo / apache2-debugsource / apache2-devel / etc");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1189.NASL
    descriptionIn Apache HTTP Server with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. (CVE-2019-0211) A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes (
    last seen2020-06-01
    modified2020-06-02
    plugin id123958
    published2019-04-10
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123958
    titleAmazon Linux AMI : httpd24 (ALAS-2019-1189)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-08E57D15FD.NASL
    descriptionCode cleanups and Simplifications : - in stream instance and main connection output handling for a common strategy in h2/h2c versions of the protocol. Stream instances are kept in one place which will make future optimizations in state handling easier. - Discarding idea of re-using bucket beams and let them live for one request only. Removing design/implementation overhead of never used features. Making mutexes nested, removing optional lock code no longer necessary. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125419
    published2019-05-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125419
    titleFedora 30 : mod_http2 (2019-08e57d15fd)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_CF2105C6551B11E9B95CB499BAEBFEAF.NASL
    descriptionThe Apache httpd Project reports : Apache HTTP Server privilege escalation from modules
    last seen2020-06-01
    modified2020-06-02
    plugin id123644
    published2019-04-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123644
    titleFreeBSD : Apache -- Multiple vulnerabilities (cf2105c6-551b-11e9-b95c-b499baebfeaf)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1209.NASL
    descriptionThis update for apache2 fixes the following issues : - CVE-2019-0211: A flaw in the Apache HTTP Server allowed less-privileged child processes or threads to execute arbitrary code with the privileges of the parent process. Attackers with control over CGI scripts or extension modules run by the server could have abused this issue to potentially gain super user privileges. [bsc#1131233] - CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241] - CVE-2019-0217: A race condition in Apache
    last seen2020-06-01
    modified2020-06-02
    plugin id124102
    published2019-04-17
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124102
    titleopenSUSE Security Update : apache2 (openSUSE-2019-1209)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3932.NASL
    descriptionUpdated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Security Fix(es) : * openssl: RSA key generation cache timing vulnerability in crypto/rsa/ rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) * mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * openssl: Side-channel vulnerability on SMT/ Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * mod_session_cookie does not respect expiry time (CVE-2018-17199) * mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) * mod_http2: possible crash on late upgrade (CVE-2019-0197) * mod_http2: read-after-free on a string compare (CVE-2019-0196) * nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) * mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id131215
    published2019-11-22
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131215
    titleRHEL 6 : JBoss Core Services (RHSA-2019:3932) (0-Length Headers Leak) (Data Dribble) (Internal Data Buffering) (Resource Loop)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3933.NASL
    descriptionAn update is now available for JBoss Core Services on RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Security Fix(es) : * openssl: RSA key generation cache timing vulnerability in crypto/rsa/ rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) * mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * mod_session_cookie does not respect expiry time (CVE-2018-17199) * mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) * mod_http2: possible crash on late upgrade (CVE-2019-0197) * mod_http2: read-after-free on a string compare (CVE-2019-0196) * nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) * mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id131216
    published2019-11-22
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131216
    titleRHEL 7 : JBoss Core Services (RHSA-2019:3933) (0-Length Headers Leak) (Data Dribble) (Internal Data Buffering) (Resource Loop)

Redhat

advisories
  • rhsa
    idRHSA-2019:3932
  • rhsa
    idRHSA-2019:3933
  • rhsa
    idRHSA-2019:3935
rpms
  • jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6
  • jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6
  • jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6
  • jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6
  • jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6
  • jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6
  • jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6
  • jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6
  • jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6
  • jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6
  • jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6
  • jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6
  • jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6
  • jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6
  • jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6
  • jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6
  • jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6
  • jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6
  • jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6
  • jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6
  • jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6
  • jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6
  • jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6
  • jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6
  • jbcs-httpd24-jansson-0:2.11-20.jbcs.el6
  • jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6
  • jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6
  • jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6
  • jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6
  • jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6
  • jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6
  • jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6
  • jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6
  • jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6
  • jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6
  • jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6
  • jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6
  • jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6
  • jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6
  • jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6
  • jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6
  • jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6
  • jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6
  • jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6
  • jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6
  • jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6
  • jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6
  • jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6
  • jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6
  • jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6
  • jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7
  • jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7
  • jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7
  • jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7
  • jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7
  • jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7
  • jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7
  • jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7
  • jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7
  • jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7
  • jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7
  • jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7
  • jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7
  • jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7
  • jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7
  • jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7
  • jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7
  • jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7
  • jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7
  • jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7
  • jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7
  • jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7
  • jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7
  • jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7
  • jbcs-httpd24-jansson-0:2.11-20.jbcs.el7
  • jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7
  • jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7
  • jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7
  • jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7
  • jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7
  • jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7
  • jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7
  • jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7
  • jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7
  • jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7
  • jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7
  • jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7
  • jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7
  • jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7
  • jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7
  • jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7
  • jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7
  • jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7
  • jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7
  • jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7
  • jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7
  • jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7
  • jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7
  • jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7
  • jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7

References