Vulnerabilities > CVE-2019-0215

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
high complexity
apache
fedoraproject
nessus

Summary

In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.

Nessus

  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-1_0-0230_HTTPD.NASL
    descriptionAn update of the httpd package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id124870
    published2019-05-14
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124870
    titlePhoton OS 1.0: Httpd PHSA-2019-1.0-0230
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2019-1.0-0230. The text
    # itself is copyright (C) VMware, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124870);
      script_version("1.2");
      script_cvs_date("Date: 2019/05/17  9:44:17");
    
      script_cve_id(
        "CVE-2018-17189",
        "CVE-2018-17199",
        "CVE-2019-0190",
        "CVE-2019-0211",
        "CVE-2019-0215",
        "CVE-2019-0217"
      );
    
      script_name(english:"Photon OS 1.0: Httpd PHSA-2019-1.0-0230");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the httpd package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-230.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-0211");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:httpd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-1.0", reference:"httpd-2.4.39-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"httpd-debuginfo-2.4.39-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"httpd-devel-2.4.39-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"httpd-docs-2.4.39-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"httpd-tools-2.4.39-1.ph1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-2_0-0157_HTTPD.NASL
    descriptionAn update of the httpd package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id124680
    published2019-05-08
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124680
    titlePhoton OS 2.0: Httpd PHSA-2019-2.0-0157
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2019-2.0-0157. The text
    # itself is copyright (C) VMware, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124680);
      script_version("1.2");
      script_cvs_date("Date: 2019/05/17  9:44:17");
    
      script_cve_id(
        "CVE-2018-17189",
        "CVE-2018-17199",
        "CVE-2019-0190",
        "CVE-2019-0211",
        "CVE-2019-0215",
        "CVE-2019-0217"
      );
    
      script_name(english:"Photon OS 2.0: Httpd PHSA-2019-2.0-0157");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the httpd package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-157.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-0211");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/08");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:httpd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-2.0", reference:"httpd-2.4.39-1.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", reference:"httpd-debuginfo-2.4.39-1.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", reference:"httpd-devel-2.4.39-1.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", reference:"httpd-docs-2.4.39-1.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", reference:"httpd-tools-2.4.39-1.ph2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd");
    }
    
  • NASL familyWeb Servers
    NASL idAPACHE_2_4_39.NASL
    descriptionAccording to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.39. It is, therefore, affected by multiple vulnerabilities: - A privilege escalation vulnerability exists in module scripts due to an ability to execute arbitrary code as the parent process by manipulating the scoreboard. (CVE-2019-0211) - An access control bypass vulnerability exists in mod_auth_digest due to a race condition when running in a threaded server. An attacker with valid credentials could authenticate using another username. (CVE-2019-0217) - An access control bypass vulnerability exists in mod_ssl when using per-location client certificate verification with TLSv1.3. (CVE-2019-0215) In addition, Apache httpd is also affected by several additional vulnerabilities including a denial of service, read-after-free and URL path normalization inconsistencies. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id123642
    published2019-04-02
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123642
    titleApache 2.4.x < 2.4.39 Multiple Vulnerabilities
    code
    
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123642);
      script_version("1.5");
      script_cvs_date("Date: 2019/08/22 16:57:38");
    
      script_cve_id(
        "CVE-2019-0196",
        "CVE-2019-0197",
        "CVE-2019-0211",
        "CVE-2019-0215",
        "CVE-2019-0217",
        "CVE-2019-0220"
      );
    
      script_name(english:"Apache 2.4.x < 2.4.39 Multiple Vulnerabilities");
      script_summary(english:"Checks version in Server response header.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote web server is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its banner, the version of Apache running on the remote
    host is 2.4.x prior to 2.4.39. It is, therefore, affected by multiple
    vulnerabilities:
    
      - A privilege escalation vulnerability exists in
        module scripts due to an ability to execute arbitrary
        code as the parent process by manipulating the
        scoreboard. (CVE-2019-0211)
    
      - An access control bypass vulnerability exists in 
        mod_auth_digest due to a race condition when running
        in a threaded server. An attacker with valid credentials
        could authenticate using another username. (CVE-2019-0217)
    
      - An access control bypass vulnerability exists in 
        mod_ssl when using per-location client certificate
        verification with TLSv1.3. (CVE-2019-0215)
    
    In addition, Apache httpd is also affected by several additional 
    vulnerabilities including a denial of service, read-after-free
    and URL path normalization inconsistencies. 
    
    Note that Nessus has not tested for these issues but has instead
    relied only on the application's self-reported version number.");
      # https://httpd.apache.org/security/vulnerabilities_24.html#2.4.39
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a84bee48");
      # https://httpd.apache.org/security/vulnerabilities-httpd.xml
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?586e6a34");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Apache version 2.4.39 or later.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-0211");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/01");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/02");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:http_server");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:httpd");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Web Servers");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("apache_http_version.nasl");
      script_require_keys("installed_sw/Apache");
      script_require_ports("Services/www", 80);
    
      exit(0);
    }
    
    include("vcf.inc");
    include("http.inc");
    
    port = get_http_port(default:80);
    kb_base = 'www/apache/'+port+'/';
    kb_ver = NULL;
    kb_backport = NULL;
    kb_source = NULL;
    
    if (get_kb_item(kb_base+'version')) kb_ver = kb_base+'version';
    if (get_kb_item(kb_base+'backported')) kb_backport = kb_base+'backported';
    if (get_kb_item(kb_base+'source')) kb_source = kb_base+'source';
    
    app_info = vcf::get_app_info(
      app:'Apache',
      port:port,
      kb_ver:kb_ver,
      kb_backport:kb_backport,
      kb_source:kb_source,
      service:TRUE
    );
    
    vcf::check_granularity(app_info:app_info, sig_segments:3);
    
    # 2.4.39
    constraints = [
      { 'min_version':'2.4', 'fixed_version':'2.4.39' }
    ];
    
    vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-CF7695B470.NASL
    descriptionResolves: #1695046 CVE-2019-0196 CVE-2019-0197 CVE-2019-0215 CVE-2019-0217 CVE-2019-0220 httpd: various flaws Resolves: #1694510 httpd-2.4.39 is available Resolves: #1694986 - CVE-2019-0211 httpd: privilege escalation from modules scripts Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124541
    published2019-05-02
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124541
    titleFedora 30 : httpd (2019-cf7695b470)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2019-cf7695b470.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124541);
      script_version("1.3");
      script_cvs_date("Date: 2019/09/23 11:21:11");
    
      script_cve_id("CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220");
      script_xref(name:"FEDORA", value:"2019-cf7695b470");
    
      script_name(english:"Fedora 30 : httpd (2019-cf7695b470)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Resolves: #1695046 CVE-2019-0196 CVE-2019-0197 CVE-2019-0215
    CVE-2019-0217 CVE-2019-0220 httpd: various flaws Resolves: #1694510
    httpd-2.4.39 is available Resolves: #1694986 - CVE-2019-0211 httpd:
    privilege escalation from modules scripts
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-cf7695b470"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected httpd package.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:httpd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC30", reference:"httpd-2.4.39-2.fc30")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-0980.NASL
    descriptionFrom Red Hat Security Advisory 2019:0980 : An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es) : * httpd: privilege escalation from modules scripts (CVE-2019-0211) * httpd: mod_ssl: access control bypass when using per-location client certification authentication (CVE-2019-0215) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id127570
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127570
    titleOracle Linux 8 : httpd:2.4 (ELSA-2019-0980)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2019:0980 and 
    # Oracle Linux Security Advisory ELSA-2019-0980 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(127570);
      script_version("1.3");
      script_cvs_date("Date: 2019/09/27 13:00:39");
    
      script_cve_id("CVE-2019-0211", "CVE-2019-0215");
      script_xref(name:"RHSA", value:"2019:0980");
    
      script_name(english:"Oracle Linux 8 : httpd:2.4 (ELSA-2019-0980)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2019:0980 :
    
    An update for the httpd:2.4 module is now available for Red Hat
    Enterprise Linux 8.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The httpd packages provide the Apache HTTP Server, a powerful,
    efficient, and extensible web server.
    
    Security Fix(es) :
    
    * httpd: privilege escalation from modules scripts (CVE-2019-0211)
    
    * httpd: mod_ssl: access control bypass when using per-location client
    certification authentication (CVE-2019-0215)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2019-August/008960.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected httpd:2.4 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:httpd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:httpd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:httpd-filesystem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:httpd-manual");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:httpd-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mod_http2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mod_ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mod_md");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mod_proxy_html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mod_session");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mod_ssl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:8");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/08/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 8", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL8", cpu:"x86_64", reference:"httpd-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6")) flag++;
    if (rpm_check(release:"EL8", cpu:"x86_64", reference:"httpd-devel-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6")) flag++;
    if (rpm_check(release:"EL8", cpu:"x86_64", reference:"httpd-filesystem-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6")) flag++;
    if (rpm_check(release:"EL8", cpu:"x86_64", reference:"httpd-manual-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6")) flag++;
    if (rpm_check(release:"EL8", cpu:"x86_64", reference:"httpd-tools-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6")) flag++;
    if (rpm_check(release:"EL8", cpu:"x86_64", reference:"mod_http2-1.11.3-2.module+el8.0.0+5209+a98d70d6")) flag++;
    if (rpm_check(release:"EL8", cpu:"x86_64", reference:"mod_ldap-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6")) flag++;
    if (rpm_check(release:"EL8", cpu:"x86_64", reference:"mod_md-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6")) flag++;
    if (rpm_check(release:"EL8", cpu:"x86_64", reference:"mod_proxy_html-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6")) flag++;
    if (rpm_check(release:"EL8", cpu:"x86_64", reference:"mod_session-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6")) flag++;
    if (rpm_check(release:"EL8", cpu:"x86_64", reference:"mod_ssl-2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd / httpd-devel / httpd-filesystem / httpd-manual / httpd-tools / etc");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1189.NASL
    descriptionIn Apache HTTP Server with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. (CVE-2019-0211) mod_http2: read-after-free on a string compare (CVE-2019-0196) mod_http2: possible crash on late upgrade (CVE-2019-0197) httpd: URL normalization inconsistency (CVE-2019-0220) In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.(CVE-2019-0215) A race condition was found in mod_auth_digest when the web server was running in a threaded MPM configuration. It could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.(CVE-2019-0217)
    last seen2020-06-01
    modified2020-06-02
    plugin id124125
    published2019-04-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124125
    titleAmazon Linux 2 : httpd (ALAS-2019-1189)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux 2 Security Advisory ALAS-2019-1189.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124125);
      script_version("1.3");
      script_cvs_date("Date: 2019/05/21  9:43:50");
    
      script_cve_id("CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220");
      script_xref(name:"ALAS", value:"2019-1189");
    
      script_name(english:"Amazon Linux 2 : httpd (ALAS-2019-1189)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux 2 host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "In Apache HTTP Server with MPM event, worker or prefork, code
    executing in less-privileged child processes or threads (including
    scripts executed by an in-process scripting interpreter) could execute
    arbitrary code with the privileges of the parent process (usually
    root) by manipulating the scoreboard. (CVE-2019-0211)
    
    mod_http2: read-after-free on a string compare (CVE-2019-0196)
    
    mod_http2: possible crash on late upgrade (CVE-2019-0197)
    
    httpd: URL normalization inconsistency (CVE-2019-0220)
    
    In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl
    when using per-location client certificate verification with TLSv1.3
    allowed a client to bypass configured access control
    restrictions.(CVE-2019-0215)
    
    A race condition was found in mod_auth_digest when the web server was
    running in a threaded MPM configuration. It could allow a user with
    valid credentials to authenticate using another username, bypassing
    configured access control restrictions.(CVE-2019-0217)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/AL2/ALAS-2019-1189.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update httpd' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd-filesystem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd-manual");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mod_ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mod_md");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mod_proxy_html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mod_session");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mod_ssl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/18");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "2")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"AL2", reference:"httpd-2.4.39-1.amzn2.0.1")) flag++;
    if (rpm_check(release:"AL2", reference:"httpd-debuginfo-2.4.39-1.amzn2.0.1")) flag++;
    if (rpm_check(release:"AL2", reference:"httpd-devel-2.4.39-1.amzn2.0.1")) flag++;
    if (rpm_check(release:"AL2", reference:"httpd-filesystem-2.4.39-1.amzn2.0.1")) flag++;
    if (rpm_check(release:"AL2", reference:"httpd-manual-2.4.39-1.amzn2.0.1")) flag++;
    if (rpm_check(release:"AL2", reference:"httpd-tools-2.4.39-1.amzn2.0.1")) flag++;
    if (rpm_check(release:"AL2", reference:"mod_ldap-2.4.39-1.amzn2.0.1")) flag++;
    if (rpm_check(release:"AL2", reference:"mod_md-2.4.39-1.amzn2.0.1")) flag++;
    if (rpm_check(release:"AL2", reference:"mod_proxy_html-2.4.39-1.amzn2.0.1")) flag++;
    if (rpm_check(release:"AL2", reference:"mod_session-2.4.39-1.amzn2.0.1")) flag++;
    if (rpm_check(release:"AL2", reference:"mod_ssl-2.4.39-1.amzn2.0.1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd / httpd-debuginfo / httpd-devel / httpd-filesystem / etc");
    }
    
  • NASL familyMisc.
    NASL idORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JUL_2019_CPU.NASL
    descriptionThe version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - An unspecified vulnerability in Networking (cURL) subcomponent of Oracle Enterprise Manager Ops Center, which could allow an unauthenticated attacker with network access to compromise Enterprise Manager Ops Center. (CVE-2019-3822) - An unspecified vulnerability in Networking (OpenSSL) subcomponent of Oracle Enterprise Manager Ops Center, which could allow an unauthenticated attacker with network access to compromise Enterprise Manager Ops Center. (CVE-2019-1559) - An unspecified vulnerability in Networking (OpenSSL) subcomponent of Oracle Enterprise Manager Ops Center, which could allow a low privileged attacker with network access to compromise Enterprise Manager Ops Center. (CVE-2019-2728)
    last seen2020-06-01
    modified2020-06-02
    plugin id126777
    published2019-07-17
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126777
    titleOracle Enterprise Manager Ops Center (Jul 2019 CPU)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(126777);
      script_version("1.3");
      script_cvs_date("Date: 2019/11/14");
    
      script_cve_id(
        "CVE-2019-3822",
        "CVE-2019-0211",
        "CVE-2019-1559",
        "CVE-2019-2728",
        "CVE-2019-0196",
        "CVE-2019-0197",
        "CVE-2019-0215",
        "CVE-2019-0217",
        "CVE-2019-0220"
      );
    
      script_name(english:"Oracle Enterprise Manager Ops Center (Jul 2019 CPU)");
      script_summary(english:"Checks for the patch ID.");
      script_set_attribute(attribute:"synopsis", value:
    "An enterprise management application installed on the remote host is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Oracle Enterprise Manager Cloud Control installed on
    the remote host is affected by multiple vulnerabilities in
    Enterprise Manager Base Platform component:
    
      - An unspecified vulnerability in Networking (cURL) subcomponent
        of Oracle Enterprise Manager Ops Center, which could allow
        an unauthenticated attacker with network access to
        compromise Enterprise Manager Ops Center. (CVE-2019-3822)
    
      - An unspecified vulnerability in Networking (OpenSSL) subcomponent
        of Oracle Enterprise Manager Ops Center, which could allow
        an unauthenticated attacker with network access to
        compromise Enterprise Manager Ops Center. (CVE-2019-1559)
    
      - An unspecified vulnerability in Networking (OpenSSL) subcomponent
        of Oracle Enterprise Manager Ops Center, which could allow
        a low privileged attacker with network access to
        compromise Enterprise Manager Ops Center. (CVE-2019-2728)
    
    ");
      # https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9aa2b901");
      script_set_attribute(attribute:"solution", value:
    "Apply the appropriate patch according to the July 2019
    Oracle Critical Patch Update advisory.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-3822");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/07/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/17");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"agent", value:"unix");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:enterprise_manager_ops_center");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("oracle_enterprise_manager_ops_center_installed.nbin");
      script_require_keys("installed_sw/Oracle Enterprise Manager Ops Center");
    
      exit(0);
    }
    
    include('global_settings.inc');
    include('misc_func.inc');
    include('install_func.inc');
    
    get_kb_item_or_exit('Host/local_checks_enabled');
    app_name = 'Oracle Enterprise Manager Ops Center';
    
    install = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);
    version = install['version'];
    version_full = install['Full Patch Version'];
    path = install['path'];
    patch_version = install['Patch Version'];
    
    
    patchid = NULL;
    fix = NULL;
    
    if (version_full =~ "^12\.3\.3\.")
    {
      patchid = '29943334';
      fix = '1821';
    } 
    else if (version_full =~ "^12\.4\.0\.")
    {
      patchid = '30044132';
      fix = '1203';
    }
    
    if (isnull(patchid))
      audit(AUDIT_HOST_NOT, 'affected');
    
    if (ver_compare(ver:patch_version, fix:fix, strict:FALSE) != -1)
      audit(AUDIT_INST_PATH_NOT_VULN, app_name, version_full, path);
    
    report = 
      '\n Path                : ' + path + 
      '\n Version             : ' + version + 
      '\n Ops Agent Version   : ' + version_full + 
      '\n Current Patch       : ' + patch_version + 
      '\n Fixed Patch Version : ' + fix +
      '\n Fix                 : ' + patchid;
    
    security_report_v4(extra:report, severity:SECURITY_HOLE, port:0);
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1189.NASL
    descriptionIn Apache HTTP Server with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. (CVE-2019-0211) A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes (
    last seen2020-06-01
    modified2020-06-02
    plugin id123958
    published2019-04-10
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123958
    titleAmazon Linux AMI : httpd24 (ALAS-2019-1189)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2311.NASL
    descriptionAccording to the versions of the httpd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.(CVE-2018-11763) - In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.(CVE-2019-0211) - In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.(CVE-2018-17189) - In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.(CVE-2019-0215) - A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes (
    last seen2020-06-01
    modified2020-06-02
    plugin id131476
    published2019-12-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131476
    titleEulerOS Virtualization for ARM 64 3.0.3.0 : httpd (EulerOS-SA-2019-2311)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-119B14075A.NASL
    descriptionThis update includes the latest upstream release of **Apache httpd**, version **2.4.39**, including multiple bug and security fixes. To see the full list of changes in this release, see: https://www.apache.org/dist/httpd/CHANGES_2.4.39 The following security vulnerabilities are addressed : - `CVE-2019-0211` - MPMs unix: Fix a local priviledge escalation vulnerability by not maintaining each child
    last seen2020-06-01
    modified2020-06-02
    plugin id123801
    published2019-04-08
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123801
    titleFedora 29 : httpd (2019-119b14075a)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1835.NASL
    descriptionAccording to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.(CVE-2018-17189) - In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.(CVE-2019-0215) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2019-08-27
    plugin id128204
    published2019-08-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128204
    titleEulerOS 2.0 SP8 : httpd (EulerOS-SA-2019-1835)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_CF2105C6551B11E9B95CB499BAEBFEAF.NASL
    descriptionThe Apache httpd Project reports : Apache HTTP Server privilege escalation from modules
    last seen2020-06-01
    modified2020-06-02
    plugin id123644
    published2019-04-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123644
    titleFreeBSD : Apache -- Multiple vulnerabilities (cf2105c6-551b-11e9-b95c-b499baebfeaf)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0980.NASL
    descriptionAn update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es) : * httpd: privilege escalation from modules scripts (CVE-2019-0211) * httpd: mod_ssl: access control bypass when using per-location client certification authentication (CVE-2019-0215) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-23
    modified2019-05-07
    plugin id124667
    published2019-05-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124667
    titleRHEL 8 : httpd:2.4 (RHSA-2019:0980)

Redhat

advisories
bugzilla
id1695025
titleCVE-2019-0215 httpd: mod_ssl: access control bypass when using per-location client certification authentication
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 8 is installed
      ovaloval:com.redhat.rhba:tst:20193384074
    • commentModule httpd:2.4 is enabled
      ovaloval:com.redhat.rhsa:tst:20190980027
    • OR
      • AND
        • commentmod_ssl is earlier than 1:2.4.37-11.module+el8.0.0+2969+90015743
          ovaloval:com.redhat.rhsa:tst:20190980001
        • commentmod_ssl is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20111245026
      • AND
        • commentmod_session is earlier than 0:2.4.37-11.module+el8.0.0+2969+90015743
          ovaloval:com.redhat.rhsa:tst:20190980003
        • commentmod_session is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20140921012
      • AND
        • commentmod_proxy_html is earlier than 1:2.4.37-11.module+el8.0.0+2969+90015743
          ovaloval:com.redhat.rhsa:tst:20190980005
        • commentmod_proxy_html is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20140921016
      • AND
        • commentmod_md is earlier than 0:2.4.37-11.module+el8.0.0+2969+90015743
          ovaloval:com.redhat.rhsa:tst:20190980007
        • commentmod_md is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20190980008
      • AND
        • commentmod_ldap is earlier than 0:2.4.37-11.module+el8.0.0+2969+90015743
          ovaloval:com.redhat.rhsa:tst:20190980009
        • commentmod_ldap is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20140921014
      • AND
        • commentmod_http2-debugsource is earlier than 0:1.11.3-2.module+el8.0.0+2969+90015743
          ovaloval:com.redhat.rhsa:tst:20190980011
        • commentmod_http2-debugsource is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20190980012
      • AND
        • commentmod_http2 is earlier than 0:1.11.3-2.module+el8.0.0+2969+90015743
          ovaloval:com.redhat.rhsa:tst:20190980013
        • commentmod_http2 is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20190980014
      • AND
        • commenthttpd-tools is earlier than 0:2.4.37-11.module+el8.0.0+2969+90015743
          ovaloval:com.redhat.rhsa:tst:20190980015
        • commenthttpd-tools is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20111245030
      • AND
        • commenthttpd-devel is earlier than 0:2.4.37-11.module+el8.0.0+2969+90015743
          ovaloval:com.redhat.rhsa:tst:20190980017
        • commenthttpd-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20111245024
      • AND
        • commenthttpd-debugsource is earlier than 0:2.4.37-11.module+el8.0.0+2969+90015743
          ovaloval:com.redhat.rhsa:tst:20190980019
        • commenthttpd-debugsource is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20190980020
      • AND
        • commenthttpd is earlier than 0:2.4.37-11.module+el8.0.0+2969+90015743
          ovaloval:com.redhat.rhsa:tst:20190980021
        • commenthttpd is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20111245028
      • AND
        • commenthttpd-manual is earlier than 0:2.4.37-11.module+el8.0.0+2969+90015743
          ovaloval:com.redhat.rhsa:tst:20190980023
        • commenthttpd-manual is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20111245022
      • AND
        • commenthttpd-filesystem is earlier than 0:2.4.37-11.module+el8.0.0+2969+90015743
          ovaloval:com.redhat.rhsa:tst:20190980025
        • commenthttpd-filesystem is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20190980026
rhsa
idRHSA-2019:0980
released2019-05-07
severityImportant
titleRHSA-2019:0980: httpd:2.4 security update (Important)
rpms
  • httpd-0:2.4.37-11.module+el8.0.0+2969+90015743
  • httpd-debuginfo-0:2.4.37-11.module+el8.0.0+2969+90015743
  • httpd-debugsource-0:2.4.37-11.module+el8.0.0+2969+90015743
  • httpd-devel-0:2.4.37-11.module+el8.0.0+2969+90015743
  • httpd-filesystem-0:2.4.37-11.module+el8.0.0+2969+90015743
  • httpd-manual-0:2.4.37-11.module+el8.0.0+2969+90015743
  • httpd-tools-0:2.4.37-11.module+el8.0.0+2969+90015743
  • httpd-tools-debuginfo-0:2.4.37-11.module+el8.0.0+2969+90015743
  • mod_http2-0:1.11.3-2.module+el8.0.0+2969+90015743
  • mod_http2-debuginfo-0:1.11.3-2.module+el8.0.0+2969+90015743
  • mod_http2-debugsource-0:1.11.3-2.module+el8.0.0+2969+90015743
  • mod_ldap-0:2.4.37-11.module+el8.0.0+2969+90015743
  • mod_ldap-debuginfo-0:2.4.37-11.module+el8.0.0+2969+90015743
  • mod_md-0:2.4.37-11.module+el8.0.0+2969+90015743
  • mod_md-debuginfo-0:2.4.37-11.module+el8.0.0+2969+90015743
  • mod_proxy_html-1:2.4.37-11.module+el8.0.0+2969+90015743
  • mod_proxy_html-debuginfo-1:2.4.37-11.module+el8.0.0+2969+90015743
  • mod_session-0:2.4.37-11.module+el8.0.0+2969+90015743
  • mod_session-debuginfo-0:2.4.37-11.module+el8.0.0+2969+90015743
  • mod_ssl-1:2.4.37-11.module+el8.0.0+2969+90015743
  • mod_ssl-debuginfo-1:2.4.37-11.module+el8.0.0+2969+90015743

The Hacker News

idTHN:BD4668D0C2864A2575DE9C758747F0D4
last seen2019-04-03
modified2019-04-03
published2019-04-02
reporterThe Hacker News
sourcehttps://thehackernews.com/2019/04/apache-web-server-security.html
titleNew Apache Web Server Bug Threatens Security of Shared Web Hosts

References