Vulnerabilities > CVE-2019-0220 - Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Leveraging/Manipulating Configuration File Search Paths This attack loads a malicious resource into a program's standard path used to bootstrap and/or provide contextual information for a program like a path variable or classpath. J2EE applications and other component based applications that are built from multiple binaries can have very long list of dependencies to execute. If one of these libraries and/or references is controllable by the attacker then application controls can be circumvented by the attacker. A standard UNIX path looks similar to this If the attacker modifies the path variable to point to a locale that includes malicious resources then the user unwittingly can execute commands on the attackers' behalf: This is a form of usurping control of the program and the attack can be done on the classpath, database resources, or any other resources built from compound parts. At runtime detection and blocking of this attack is nearly impossible, because the configuration allows execution.
- DLL Search Order Hijacking The attacker exploits the functionality of the Windows DLL loader where the process loading the DLL searches for the DLL to be loaded first in the same directory in which the process binary resides and then in other directories (e.g., System32). Exploitation of this preferential search order can allow an attacker to make the loading process load the attackers' rogue DLL rather than the legitimate DLL. For instance, an attacker with access to the file system may place a malicious ntshrui.dll in the C:\Windows directory. This DLL normally resides in the System32 folder. Process explorer.exe which also resides in C:\Windows, upon trying to load the ntshrui.dll from the System32 folder will actually load the DLL supplied by the attacker simply because of the preferential search order. Since the attacker has placed its malicious ntshrui.dll in the same directory as the loading explorer.exe process, the DLL supplied by the attacker will be found first and thus loaded in lieu of the legitimate DLL. Since explorer.exe is loaded during the boot cycle, the attackers' malware is guaranteed to execute. This attack can be leveraged with many different DLLs and with many different loading processes. No forensic trails are left in the system's registry or file system that an incorrect DLL had been loaded.
- Passing Local Filenames to Functions That Expect a URL This attack relies on client side code to access local files and resources instead of URLs. When the client browser is expecting a URL string, but instead receives a request for a local file, that execution is likely to occur in the browser process space with the browser's authority to local files. The attacker can send the results of this request to the local files out to a site that they control. This attack may be used to steal sensitive authentication data (either local or remote), or to gain system profile information to launch further attacks.
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4422.NASL description Several vulnerabilities have been found in the Apache HTTP server. - CVE-2018-17189 Gal Goldshtein of F5 Networks discovered a denial of service vulnerability in mod_http2. By sending malformed requests, the http/2 stream for that request unnecessarily occupied a server thread cleaning up incoming data, resulting in denial of service. - CVE-2018-17199 Diego Angulo from ImExHS discovered that mod_session_cookie does not respect expiry time. - CVE-2019-0196 Craig Young discovered that the http/2 request handling in mod_http2 could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly. - CVE-2019-0211 Charles Fol discovered a privilege escalation from the less-privileged child process to the parent process running as root. - CVE-2019-0217 A race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. The issue was discovered by Simon Kappel. - CVE-2019-0220 Bernhard Lorenz of Alpha Strike Labs GmbH reported that URL normalizations were inconsistently handled. When the path component of a request URL contains multiple consecutive slashes ( last seen 2020-06-01 modified 2020-06-02 plugin id 123691 published 2019-04-04 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123691 title Debian DSA-4422-1 : apache2 - security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-4422. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(123691); script_version("1.4"); script_cvs_date("Date: 2019/04/12 9:50:26"); script_cve_id("CVE-2018-17189", "CVE-2018-17199", "CVE-2019-0196", "CVE-2019-0211", "CVE-2019-0217", "CVE-2019-0220"); script_xref(name:"DSA", value:"4422"); script_name(english:"Debian DSA-4422-1 : apache2 - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been found in the Apache HTTP server. - CVE-2018-17189 Gal Goldshtein of F5 Networks discovered a denial of service vulnerability in mod_http2. By sending malformed requests, the http/2 stream for that request unnecessarily occupied a server thread cleaning up incoming data, resulting in denial of service. - CVE-2018-17199 Diego Angulo from ImExHS discovered that mod_session_cookie does not respect expiry time. - CVE-2019-0196 Craig Young discovered that the http/2 request handling in mod_http2 could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly. - CVE-2019-0211 Charles Fol discovered a privilege escalation from the less-privileged child process to the parent process running as root. - CVE-2019-0217 A race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. The issue was discovered by Simon Kappel. - CVE-2019-0220 Bernhard Lorenz of Alpha Strike Labs GmbH reported that URL normalizations were inconsistently handled. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920302" ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920303" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2018-17189" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2018-17199" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-0196" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-0211" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-0217" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-0220" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/apache2" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/stretch/apache2" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2019/dsa-4422" ); script_set_attribute( attribute:"solution", value: "Upgrade the apache2 packages. For the stable distribution (stretch), these problems have been fixed in version 2.4.25-3+deb9u7. This update also contains bug fixes that were scheduled for inclusion in the next stable point release. This includes a fix for a regression caused by a security fix in version 2.4.25-3+deb9u6." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:apache2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/30"); script_set_attribute(attribute:"patch_publication_date", value:"2019/04/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"9.0", prefix:"apache2", reference:"2.4.25-3+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"apache2-bin", reference:"2.4.25-3+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"apache2-data", reference:"2.4.25-3+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"apache2-dbg", reference:"2.4.25-3+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"apache2-dev", reference:"2.4.25-3+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"apache2-doc", reference:"2.4.25-3+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"apache2-ssl-dev", reference:"2.4.25-3+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"apache2-suexec-custom", reference:"2.4.25-3+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"apache2-suexec-pristine", reference:"2.4.25-3+deb9u7")) flag++; if (deb_check(release:"9.0", prefix:"apache2-utils", reference:"2.4.25-3+deb9u7")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Web Servers NASL id APACHE_2_4_39.NASL description According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.39. It is, therefore, affected by multiple vulnerabilities: - A privilege escalation vulnerability exists in module scripts due to an ability to execute arbitrary code as the parent process by manipulating the scoreboard. (CVE-2019-0211) - An access control bypass vulnerability exists in mod_auth_digest due to a race condition when running in a threaded server. An attacker with valid credentials could authenticate using another username. (CVE-2019-0217) - An access control bypass vulnerability exists in mod_ssl when using per-location client certificate verification with TLSv1.3. (CVE-2019-0215) In addition, Apache httpd is also affected by several additional vulnerabilities including a denial of service, read-after-free and URL path normalization inconsistencies. Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 123642 published 2019-04-02 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123642 title Apache 2.4.x < 2.4.39 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(123642); script_version("1.5"); script_cvs_date("Date: 2019/08/22 16:57:38"); script_cve_id( "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220" ); script_name(english:"Apache 2.4.x < 2.4.39 Multiple Vulnerabilities"); script_summary(english:"Checks version in Server response header."); script_set_attribute(attribute:"synopsis", value: "The remote web server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.39. It is, therefore, affected by multiple vulnerabilities: - A privilege escalation vulnerability exists in module scripts due to an ability to execute arbitrary code as the parent process by manipulating the scoreboard. (CVE-2019-0211) - An access control bypass vulnerability exists in mod_auth_digest due to a race condition when running in a threaded server. An attacker with valid credentials could authenticate using another username. (CVE-2019-0217) - An access control bypass vulnerability exists in mod_ssl when using per-location client certificate verification with TLSv1.3. (CVE-2019-0215) In addition, Apache httpd is also affected by several additional vulnerabilities including a denial of service, read-after-free and URL path normalization inconsistencies. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); # https://httpd.apache.org/security/vulnerabilities_24.html#2.4.39 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a84bee48"); # https://httpd.apache.org/security/vulnerabilities-httpd.xml script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?586e6a34"); script_set_attribute(attribute:"solution", value: "Upgrade to Apache version 2.4.39 or later."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-0211"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/01"); script_set_attribute(attribute:"patch_publication_date", value:"2019/04/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/02"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:http_server"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:httpd"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("apache_http_version.nasl"); script_require_keys("installed_sw/Apache"); script_require_ports("Services/www", 80); exit(0); } include("vcf.inc"); include("http.inc"); port = get_http_port(default:80); kb_base = 'www/apache/'+port+'/'; kb_ver = NULL; kb_backport = NULL; kb_source = NULL; if (get_kb_item(kb_base+'version')) kb_ver = kb_base+'version'; if (get_kb_item(kb_base+'backported')) kb_backport = kb_base+'backported'; if (get_kb_item(kb_base+'source')) kb_source = kb_base+'source'; app_info = vcf::get_app_info( app:'Apache', port:port, kb_ver:kb_ver, kb_backport:kb_backport, kb_source:kb_source, service:TRUE ); vcf::check_granularity(app_info:app_info, sig_segments:3); # 2.4.39 constraints = [ { 'min_version':'2.4', 'fixed_version':'2.4.39' } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
NASL family Fedora Local Security Checks NASL id FEDORA_2019-CF7695B470.NASL description Resolves: #1695046 CVE-2019-0196 CVE-2019-0197 CVE-2019-0215 CVE-2019-0217 CVE-2019-0220 httpd: various flaws Resolves: #1694510 httpd-2.4.39 is available Resolves: #1694986 - CVE-2019-0211 httpd: privilege escalation from modules scripts Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124541 published 2019-05-02 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124541 title Fedora 30 : httpd (2019-cf7695b470) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-cf7695b470. # include("compat.inc"); if (description) { script_id(124541); script_version("1.3"); script_cvs_date("Date: 2019/09/23 11:21:11"); script_cve_id("CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220"); script_xref(name:"FEDORA", value:"2019-cf7695b470"); script_name(english:"Fedora 30 : httpd (2019-cf7695b470)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Resolves: #1695046 CVE-2019-0196 CVE-2019-0197 CVE-2019-0215 CVE-2019-0217 CVE-2019-0220 httpd: various flaws Resolves: #1694510 httpd-2.4.39 is available Resolves: #1694986 - CVE-2019-0211 httpd: privilege escalation from modules scripts Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-cf7695b470" ); script_set_attribute(attribute:"solution", value:"Update the affected httpd package."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:httpd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/08"); script_set_attribute(attribute:"patch_publication_date", value:"2019/04/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC30", reference:"httpd-2.4.39-2.fc30")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd"); }
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2019-2343.NASL description An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es) : * httpd: mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * httpd: URL normalization inconsistency (CVE-2019-0220) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 129017 published 2019-09-19 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129017 title CentOS 7 : httpd (CESA-2019:2343) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2019:2343 and # CentOS Errata and Security Advisory 2019:2343 respectively. # include("compat.inc"); if (description) { script_id(129017); script_version("1.4"); script_cvs_date("Date: 2019/12/31"); script_cve_id("CVE-2019-0217", "CVE-2019-0220"); script_xref(name:"RHSA", value:"2019:2343"); script_name(english:"CentOS 7 : httpd (CESA-2019:2343)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es) : * httpd: mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * httpd: URL normalization inconsistency (CVE-2019-0220) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section." ); # https://lists.centos.org/pipermail/centos-announce/2019-September/023440.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?63f989d8" ); script_set_attribute( attribute:"solution", value:"Update the affected httpd packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-0217"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:httpd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:httpd-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:httpd-manual"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:httpd-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mod_ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mod_proxy_html"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mod_session"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mod_ssl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/08"); script_set_attribute(attribute:"patch_publication_date", value:"2019/09/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/19"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"httpd-2.4.6-90.el7.centos")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"httpd-devel-2.4.6-90.el7.centos")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"httpd-manual-2.4.6-90.el7.centos")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"httpd-tools-2.4.6-90.el7.centos")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"mod_ldap-2.4.6-90.el7.centos")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"mod_proxy_html-2.4.6-90.el7.centos")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"mod_session-2.4.6-90.el7.centos")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"mod_ssl-2.4.6-90.el7.centos")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd / httpd-devel / httpd-manual / httpd-tools / mod_ldap / etc"); }
NASL family Scientific Linux Local Security Checks NASL id SL_20190806_HTTPD_ON_SL7_X.NASL description Security Fix(es) : - httpd: mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) - httpd: URL normalization inconsistency (CVE-2019-0220) last seen 2020-03-18 modified 2019-08-27 plugin id 128223 published 2019-08-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128223 title Scientific Linux Security Update : httpd on SL7.x x86_64 (20190806) code # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(128223); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24"); script_cve_id("CVE-2019-0217", "CVE-2019-0220"); script_name(english:"Scientific Linux Security Update : httpd on SL7.x x86_64 (20190806)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Security Fix(es) : - httpd: mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) - httpd: URL normalization inconsistency (CVE-2019-0220)" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1908&L=SCIENTIFIC-LINUX-ERRATA&P=24041 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?556d0d8a" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:httpd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:httpd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:httpd-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:httpd-manual"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:httpd-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mod_ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mod_proxy_html"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mod_session"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mod_ssl"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/08"); script_set_attribute(attribute:"patch_publication_date", value:"2019/08/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"httpd-2.4.6-90.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"httpd-debuginfo-2.4.6-90.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"httpd-devel-2.4.6-90.el7")) flag++; if (rpm_check(release:"SL7", reference:"httpd-manual-2.4.6-90.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"httpd-manual-2.4.6-90.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"httpd-tools-2.4.6-90.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"mod_ldap-2.4.6-90.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"mod_proxy_html-2.4.6-90.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"mod_session-2.4.6-90.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"mod_ssl-2.4.6-90.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1748.NASL description Several vulnerabilities have been found in the Apache HTTP server. CVE-2019-0217 A race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. The issue was discovered by Simon Kappel. CVE-2019-0220 Bernhard Lorenz of Alpha Strike Labs GmbH reported that URL normalizations were inconsistently handled. When the path component of a request URL contains multiple consecutive slashes ( last seen 2020-06-01 modified 2020-06-02 plugin id 123689 published 2019-04-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123689 title Debian DLA-1748-1 : apache2 security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-1748-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(123689); script_version("1.3"); script_cvs_date("Date: 2020/01/27"); script_cve_id("CVE-2019-0217", "CVE-2019-0220"); script_name(english:"Debian DLA-1748-1 : apache2 security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been found in the Apache HTTP server. CVE-2019-0217 A race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. The issue was discovered by Simon Kappel. CVE-2019-0220 Bernhard Lorenz of Alpha Strike Labs GmbH reported that URL normalizations were inconsistently handled. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them. For Debian 8 'Jessie', these problems have been fixed in version 2.4.10-10+deb8u14. We recommend that you upgrade your apache2 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/jessie/apache2" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:apache2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:apache2-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:apache2-data"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:apache2-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:apache2-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:apache2-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:apache2-mpm-event"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:apache2-mpm-itk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:apache2-mpm-prefork"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:apache2-mpm-worker"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:apache2-suexec"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:apache2-suexec-custom"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:apache2-suexec-pristine"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:apache2-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:apache2.2-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:apache2.2-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libapache2-mod-macro"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libapache2-mod-proxy-html"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/08"); script_set_attribute(attribute:"patch_publication_date", value:"2019/04/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"8.0", prefix:"apache2", reference:"2.4.10-10+deb8u14")) flag++; if (deb_check(release:"8.0", prefix:"apache2-bin", reference:"2.4.10-10+deb8u14")) flag++; if (deb_check(release:"8.0", prefix:"apache2-data", reference:"2.4.10-10+deb8u14")) flag++; if (deb_check(release:"8.0", prefix:"apache2-dbg", reference:"2.4.10-10+deb8u14")) flag++; if (deb_check(release:"8.0", prefix:"apache2-dev", reference:"2.4.10-10+deb8u14")) flag++; if (deb_check(release:"8.0", prefix:"apache2-doc", reference:"2.4.10-10+deb8u14")) flag++; if (deb_check(release:"8.0", prefix:"apache2-mpm-event", reference:"2.4.10-10+deb8u14")) flag++; if (deb_check(release:"8.0", prefix:"apache2-mpm-itk", reference:"2.4.10-10+deb8u14")) flag++; if (deb_check(release:"8.0", prefix:"apache2-mpm-prefork", reference:"2.4.10-10+deb8u14")) flag++; if (deb_check(release:"8.0", prefix:"apache2-mpm-worker", reference:"2.4.10-10+deb8u14")) flag++; if (deb_check(release:"8.0", prefix:"apache2-suexec", reference:"2.4.10-10+deb8u14")) flag++; if (deb_check(release:"8.0", prefix:"apache2-suexec-custom", reference:"2.4.10-10+deb8u14")) flag++; if (deb_check(release:"8.0", prefix:"apache2-suexec-pristine", reference:"2.4.10-10+deb8u14")) flag++; if (deb_check(release:"8.0", prefix:"apache2-utils", reference:"2.4.10-10+deb8u14")) flag++; if (deb_check(release:"8.0", prefix:"apache2.2-bin", reference:"2.4.10-10+deb8u14")) flag++; if (deb_check(release:"8.0", prefix:"apache2.2-common", reference:"2.4.10-10+deb8u14")) flag++; if (deb_check(release:"8.0", prefix:"libapache2-mod-macro", reference:"2.4.10-10+deb8u14")) flag++; if (deb_check(release:"8.0", prefix:"libapache2-mod-proxy-html", reference:"2.4.10-10+deb8u14")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3937-1.NASL description Charles Fol discovered that the Apache HTTP Server incorrectly handled the scoreboard shared memory area. A remote attacker able to upload and run scripts could possibly use this issue to execute arbitrary code with root privileges. (CVE-2019-0211) It was discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-17189) It was discovered that the Apache HTTP Server incorrectly handled session expiry times. When used with mod_session_cookie, this may result in the session expiry time to be ignored, contrary to expectations. (CVE-2018-17199) Craig Young discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to process requests incorrectly. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2019-0196) Simon Kappel discovered that the Apache HTTP Server mod_auth_digest module incorrectly handled threads. A remote attacker with valid credentials could possibly use this issue to authenticate using another username, bypassing access control restrictions. (CVE-2019-0217) Bernhard Lorenz discovered that the Apache HTTP Server was inconsistent when processing requests containing multiple consecutive slashes. This could lead to directives such as LocationMatch and RewriteRule to perform contrary to expectations. (CVE-2019-0220). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 123787 published 2019-04-05 reporter Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123787 title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : apache2 vulnerabilities (USN-3937-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-3937-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(123787); script_version("1.5"); script_cvs_date("Date: 2019/09/18 12:31:49"); script_cve_id("CVE-2018-17189", "CVE-2018-17199", "CVE-2019-0196", "CVE-2019-0211", "CVE-2019-0217", "CVE-2019-0220"); script_xref(name:"USN", value:"3937-1"); script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : apache2 vulnerabilities (USN-3937-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Charles Fol discovered that the Apache HTTP Server incorrectly handled the scoreboard shared memory area. A remote attacker able to upload and run scripts could possibly use this issue to execute arbitrary code with root privileges. (CVE-2019-0211) It was discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-17189) It was discovered that the Apache HTTP Server incorrectly handled session expiry times. When used with mod_session_cookie, this may result in the session expiry time to be ignored, contrary to expectations. (CVE-2018-17199) Craig Young discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to process requests incorrectly. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2019-0196) Simon Kappel discovered that the Apache HTTP Server mod_auth_digest module incorrectly handled threads. A remote attacker with valid credentials could possibly use this issue to authenticate using another username, bypassing access control restrictions. (CVE-2019-0217) Bernhard Lorenz discovered that the Apache HTTP Server was inconsistent when processing requests containing multiple consecutive slashes. This could lead to directives such as LocationMatch and RewriteRule to perform contrary to expectations. (CVE-2019-0220). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/3937-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected apache2-bin package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-bin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/30"); script_set_attribute(attribute:"patch_publication_date", value:"2019/04/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(14\.04|16\.04|18\.04|18\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 18.04 / 18.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"14.04", pkgname:"apache2-bin", pkgver:"2.4.7-1ubuntu4.22")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"apache2-bin", pkgver:"2.4.18-2ubuntu3.10")) flag++; if (ubuntu_check(osver:"18.04", pkgname:"apache2-bin", pkgver:"2.4.29-1ubuntu4.6")) flag++; if (ubuntu_check(osver:"18.10", pkgname:"apache2-bin", pkgver:"2.4.34-1ubuntu2.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-bin"); }
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2249.NASL description According to the version of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ( last seen 2020-05-08 modified 2019-11-08 plugin id 130711 published 2019-11-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130711 title EulerOS 2.0 SP3 : httpd (EulerOS-SA-2019-2249) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(130711); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07"); script_cve_id( "CVE-2019-0220" ); script_name(english:"EulerOS 2.0 SP3 : httpd (EulerOS-SA-2019-2249)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.(CVE-2019-0220) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2249 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9d3fb5fb"); script_set_attribute(attribute:"solution", value: "Update the affected httpd package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2019/10/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/08"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:httpd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:httpd-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:httpd-manual"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:httpd-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:mod_ssl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["httpd-2.4.6-45.0.1.4.h13", "httpd-devel-2.4.6-45.0.1.4.h13", "httpd-manual-2.4.6-45.0.1.4.h13", "httpd-tools-2.4.6-45.0.1.4.h13", "mod_ssl-2.4.6-45.0.1.4.h13"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-3436.NASL description An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es) : * httpd: mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * httpd: URL normalization inconsistency (CVE-2019-0220) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. last seen 2020-05-23 modified 2019-11-06 plugin id 130540 published 2019-11-06 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130540 title RHEL 8 : httpd:2.4 (RHSA-2019:3436) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2019:3436. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(130540); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/22"); script_cve_id("CVE-2019-0217", "CVE-2019-0220"); script_xref(name:"RHSA", value:"2019:3436"); script_name(english:"RHEL 8 : httpd:2.4 (RHSA-2019:3436)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es) : * httpd: mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * httpd: URL normalization inconsistency (CVE-2019-0220) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section." ); # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?774148ae" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2019:3436" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-0217" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-0220" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-0217"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-filesystem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-manual"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_http2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_http2-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_md"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_proxy_html"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_session"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_ssl"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8::appstream"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/08"); script_set_attribute(attribute:"patch_publication_date", value:"2019/11/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 8.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); module_ver = get_kb_item('Host/RedHat/appstream/httpd'); if (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4'); if ('2.4' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module httpd:' + module_ver); appstreams = { 'httpd:2.4': [ {'reference':'httpd-2.4.37-16.module+el8.1.0+4134+e6bad0ed', 'cpu':'aarch64', 'release':'8'}, {'reference':'httpd-2.4.37-16.module+el8.1.0+4134+e6bad0ed', 'cpu':'s390x', 'release':'8'}, {'reference':'httpd-2.4.37-16.module+el8.1.0+4134+e6bad0ed', 'cpu':'x86_64', 'release':'8'}, {'reference':'httpd-debugsource-2.4.37-16.module+el8.1.0+4134+e6bad0ed', 'cpu':'aarch64', 'release':'8'}, {'reference':'httpd-debugsource-2.4.37-16.module+el8.1.0+4134+e6bad0ed', 'cpu':'s390x', 'release':'8'}, {'reference':'httpd-debugsource-2.4.37-16.module+el8.1.0+4134+e6bad0ed', 'cpu':'x86_64', 'release':'8'}, {'reference':'httpd-devel-2.4.37-16.module+el8.1.0+4134+e6bad0ed', 'cpu':'aarch64', 'release':'8'}, {'reference':'httpd-devel-2.4.37-16.module+el8.1.0+4134+e6bad0ed', 'cpu':'s390x', 'release':'8'}, {'reference':'httpd-devel-2.4.37-16.module+el8.1.0+4134+e6bad0ed', 'cpu':'x86_64', 'release':'8'}, {'reference':'httpd-filesystem-2.4.37-16.module+el8.1.0+4134+e6bad0ed', 'release':'8'}, {'reference':'httpd-manual-2.4.37-16.module+el8.1.0+4134+e6bad0ed', 'release':'8'}, {'reference':'httpd-tools-2.4.37-16.module+el8.1.0+4134+e6bad0ed', 'cpu':'aarch64', 'release':'8'}, {'reference':'httpd-tools-2.4.37-16.module+el8.1.0+4134+e6bad0ed', 'cpu':'s390x', 'release':'8'}, {'reference':'httpd-tools-2.4.37-16.module+el8.1.0+4134+e6bad0ed', 'cpu':'x86_64', 'release':'8'}, {'reference':'mod_http2-1.11.3-3.module+el8.1.0+4134+e6bad0ed', 'cpu':'aarch64', 'release':'8'}, {'reference':'mod_http2-1.11.3-3.module+el8.1.0+4134+e6bad0ed', 'cpu':'s390x', 'release':'8'}, {'reference':'mod_http2-1.11.3-3.module+el8.1.0+4134+e6bad0ed', 'cpu':'x86_64', 'release':'8'}, {'reference':'mod_http2-debugsource-1.11.3-3.module+el8.1.0+4134+e6bad0ed', 'cpu':'aarch64', 'release':'8'}, {'reference':'mod_http2-debugsource-1.11.3-3.module+el8.1.0+4134+e6bad0ed', 'cpu':'s390x', 'release':'8'}, {'reference':'mod_http2-debugsource-1.11.3-3.module+el8.1.0+4134+e6bad0ed', 'cpu':'x86_64', 'release':'8'}, {'reference':'mod_ldap-2.4.37-16.module+el8.1.0+4134+e6bad0ed', 'cpu':'aarch64', 'release':'8'}, {'reference':'mod_ldap-2.4.37-16.module+el8.1.0+4134+e6bad0ed', 'cpu':'s390x', 'release':'8'}, {'reference':'mod_ldap-2.4.37-16.module+el8.1.0+4134+e6bad0ed', 'cpu':'x86_64', 'release':'8'}, {'reference':'mod_md-2.4.37-16.module+el8.1.0+4134+e6bad0ed', 'cpu':'aarch64', 'release':'8'}, {'reference':'mod_md-2.4.37-16.module+el8.1.0+4134+e6bad0ed', 'cpu':'s390x', 'release':'8'}, {'reference':'mod_md-2.4.37-16.module+el8.1.0+4134+e6bad0ed', 'cpu':'x86_64', 'release':'8'}, {'reference':'mod_proxy_html-2.4.37-16.module+el8.1.0+4134+e6bad0ed', 'cpu':'aarch64', 'release':'8', 'epoch':'1'}, {'reference':'mod_proxy_html-2.4.37-16.module+el8.1.0+4134+e6bad0ed', 'cpu':'s390x', 'release':'8', 'epoch':'1'}, {'reference':'mod_proxy_html-2.4.37-16.module+el8.1.0+4134+e6bad0ed', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}, {'reference':'mod_session-2.4.37-16.module+el8.1.0+4134+e6bad0ed', 'cpu':'aarch64', 'release':'8'}, {'reference':'mod_session-2.4.37-16.module+el8.1.0+4134+e6bad0ed', 'cpu':'s390x', 'release':'8'}, {'reference':'mod_session-2.4.37-16.module+el8.1.0+4134+e6bad0ed', 'cpu':'x86_64', 'release':'8'}, {'reference':'mod_ssl-2.4.37-16.module+el8.1.0+4134+e6bad0ed', 'cpu':'aarch64', 'release':'8', 'epoch':'1'}, {'reference':'mod_ssl-2.4.37-16.module+el8.1.0+4134+e6bad0ed', 'cpu':'s390x', 'release':'8', 'epoch':'1'}, {'reference':'mod_ssl-2.4.37-16.module+el8.1.0+4134+e6bad0ed', 'cpu':'x86_64', 'release':'8', 'epoch':'1'} ], }; flag = 0; appstreams_found = 0; foreach module (keys(appstreams)) { appstream = NULL; appstream_name = NULL; appstream_version = NULL; appstream_split = split(module, sep:':', keep:FALSE); if (!empty_or_null(appstream_split)) { appstream_name = appstream_split[0]; appstream_version = appstream_split[1]; if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name); } if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') { appstreams_found++; foreach package_array ( appstreams[module] ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (reference && release) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++; } } } } if (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4'); if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-debugsource / httpd-devel / etc'); }
NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2019-1189.NASL description In Apache HTTP Server with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. (CVE-2019-0211) mod_http2: read-after-free on a string compare (CVE-2019-0196) mod_http2: possible crash on late upgrade (CVE-2019-0197) httpd: URL normalization inconsistency (CVE-2019-0220) In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.(CVE-2019-0215) A race condition was found in mod_auth_digest when the web server was running in a threaded MPM configuration. It could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.(CVE-2019-0217) last seen 2020-06-01 modified 2020-06-02 plugin id 124125 published 2019-04-18 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124125 title Amazon Linux 2 : httpd (ALAS-2019-1189) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux 2 Security Advisory ALAS-2019-1189. # include("compat.inc"); if (description) { script_id(124125); script_version("1.3"); script_cvs_date("Date: 2019/05/21 9:43:50"); script_cve_id("CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220"); script_xref(name:"ALAS", value:"2019-1189"); script_name(english:"Amazon Linux 2 : httpd (ALAS-2019-1189)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux 2 host is missing a security update." ); script_set_attribute( attribute:"description", value: "In Apache HTTP Server with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. (CVE-2019-0211) mod_http2: read-after-free on a string compare (CVE-2019-0196) mod_http2: possible crash on late upgrade (CVE-2019-0197) httpd: URL normalization inconsistency (CVE-2019-0220) In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.(CVE-2019-0215) A race condition was found in mod_auth_digest when the web server was running in a threaded MPM configuration. It could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.(CVE-2019-0217)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2019-1189.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update httpd' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd-filesystem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd-manual"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mod_ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mod_md"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mod_proxy_html"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mod_session"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mod_ssl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/08"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/18"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "2") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"AL2", reference:"httpd-2.4.39-1.amzn2.0.1")) flag++; if (rpm_check(release:"AL2", reference:"httpd-debuginfo-2.4.39-1.amzn2.0.1")) flag++; if (rpm_check(release:"AL2", reference:"httpd-devel-2.4.39-1.amzn2.0.1")) flag++; if (rpm_check(release:"AL2", reference:"httpd-filesystem-2.4.39-1.amzn2.0.1")) flag++; if (rpm_check(release:"AL2", reference:"httpd-manual-2.4.39-1.amzn2.0.1")) flag++; if (rpm_check(release:"AL2", reference:"httpd-tools-2.4.39-1.amzn2.0.1")) flag++; if (rpm_check(release:"AL2", reference:"mod_ldap-2.4.39-1.amzn2.0.1")) flag++; if (rpm_check(release:"AL2", reference:"mod_md-2.4.39-1.amzn2.0.1")) flag++; if (rpm_check(release:"AL2", reference:"mod_proxy_html-2.4.39-1.amzn2.0.1")) flag++; if (rpm_check(release:"AL2", reference:"mod_session-2.4.39-1.amzn2.0.1")) flag++; if (rpm_check(release:"AL2", reference:"mod_ssl-2.4.39-1.amzn2.0.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd / httpd-debuginfo / httpd-devel / httpd-filesystem / etc"); }
NASL family Misc. NASL id ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JUL_2019_CPU.NASL description The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - An unspecified vulnerability in Networking (cURL) subcomponent of Oracle Enterprise Manager Ops Center, which could allow an unauthenticated attacker with network access to compromise Enterprise Manager Ops Center. (CVE-2019-3822) - An unspecified vulnerability in Networking (OpenSSL) subcomponent of Oracle Enterprise Manager Ops Center, which could allow an unauthenticated attacker with network access to compromise Enterprise Manager Ops Center. (CVE-2019-1559) - An unspecified vulnerability in Networking (OpenSSL) subcomponent of Oracle Enterprise Manager Ops Center, which could allow a low privileged attacker with network access to compromise Enterprise Manager Ops Center. (CVE-2019-2728) last seen 2020-06-01 modified 2020-06-02 plugin id 126777 published 2019-07-17 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126777 title Oracle Enterprise Manager Ops Center (Jul 2019 CPU) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(126777); script_version("1.3"); script_cvs_date("Date: 2019/11/14"); script_cve_id( "CVE-2019-3822", "CVE-2019-0211", "CVE-2019-1559", "CVE-2019-2728", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220" ); script_name(english:"Oracle Enterprise Manager Ops Center (Jul 2019 CPU)"); script_summary(english:"Checks for the patch ID."); script_set_attribute(attribute:"synopsis", value: "An enterprise management application installed on the remote host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - An unspecified vulnerability in Networking (cURL) subcomponent of Oracle Enterprise Manager Ops Center, which could allow an unauthenticated attacker with network access to compromise Enterprise Manager Ops Center. (CVE-2019-3822) - An unspecified vulnerability in Networking (OpenSSL) subcomponent of Oracle Enterprise Manager Ops Center, which could allow an unauthenticated attacker with network access to compromise Enterprise Manager Ops Center. (CVE-2019-1559) - An unspecified vulnerability in Networking (OpenSSL) subcomponent of Oracle Enterprise Manager Ops Center, which could allow a low privileged attacker with network access to compromise Enterprise Manager Ops Center. (CVE-2019-2728) "); # https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9aa2b901"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch according to the July 2019 Oracle Critical Patch Update advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-3822"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/16"); script_set_attribute(attribute:"patch_publication_date", value:"2019/07/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/17"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"agent", value:"unix"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:enterprise_manager_ops_center"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("oracle_enterprise_manager_ops_center_installed.nbin"); script_require_keys("installed_sw/Oracle Enterprise Manager Ops Center"); exit(0); } include('global_settings.inc'); include('misc_func.inc'); include('install_func.inc'); get_kb_item_or_exit('Host/local_checks_enabled'); app_name = 'Oracle Enterprise Manager Ops Center'; install = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE); version = install['version']; version_full = install['Full Patch Version']; path = install['path']; patch_version = install['Patch Version']; patchid = NULL; fix = NULL; if (version_full =~ "^12\.3\.3\.") { patchid = '29943334'; fix = '1821'; } else if (version_full =~ "^12\.4\.0\.") { patchid = '30044132'; fix = '1203'; } if (isnull(patchid)) audit(AUDIT_HOST_NOT, 'affected'); if (ver_compare(ver:patch_version, fix:fix, strict:FALSE) != -1) audit(AUDIT_INST_PATH_NOT_VULN, app_name, version_full, path); report = '\n Path : ' + path + '\n Version : ' + version + '\n Ops Agent Version : ' + version_full + '\n Current Patch : ' + patch_version + '\n Fixed Patch Version : ' + fix + '\n Fix : ' + patchid; security_report_v4(extra:report, severity:SECURITY_HOLE, port:0);
NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0878-1.NASL description This update for apache2 fixes the following issues : CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241] CVE-2019-0217: A race condition in Apache last seen 2020-06-01 modified 2020-06-02 plugin id 123785 published 2019-04-05 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123785 title SUSE SLES12 Security Update : apache2 (SUSE-SU-2019:0878-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2019:0878-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(123785); script_version("1.5"); script_cvs_date("Date: 2019/09/10 13:51:50"); script_cve_id("CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0217", "CVE-2019-0220"); script_name(english:"SUSE SLES12 Security Update : apache2 (SUSE-SU-2019:0878-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for apache2 fixes the following issues : CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241] CVE-2019-0217: A race condition in Apache's 'mod_auth_digest' when running in a threaded server could have allowed users with valid credentials to authenticate using another username, bypassing configured access control restrictions. [bsc#1131239] CVE-2019-0211: A flaw in the Apache HTTP Server allowed less-privileged child processes or threads to execute arbitrary code with the privileges of the parent process. Attackers with control over CGI scripts or extension modules run by the server could have abused this issue to potentially gain super user privileges. [bsc#1131233] CVE-2019-0197: When HTTP/2 support was enabled in the Apache server for a 'http' host or H2Upgrade was enabled for h2 on a 'https' host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. This issue could have been abused to mount a denial-of-service attack. Servers that never enabled the h2 protocol or that only enabled it for https: and did not configure the 'H2Upgrade on' are unaffected. [bsc#1131245] CVE-2019-0196: Through specially crafted network input the Apache's http/2 request handler could be lead to access previously freed memory while determining the method of a request. This resulted in the request being misclassified and thus being processed incorrectly. [bsc#1131237] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1131233" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1131237" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1131239" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1131241" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1131245" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-0196/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-0197/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-0211/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-0217/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-0220/" ); # https://www.suse.com/support/update/announcement/2019/suse-su-20190878-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?62e5190f" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE OpenStack Cloud 7:zypper in -t patch SUSE-OpenStack-Cloud-7-2019-878=1 SUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-878=1 SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-878=1 SUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-878=1 SUSE Linux Enterprise Server 12-SP4:zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-878=1 SUSE Linux Enterprise Server 12-SP3:zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-878=1 SUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-878=1 SUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-878=1 SUSE Enterprise Storage 4:zypper in -t patch SUSE-Storage-4-2019-878=1" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-example-pages"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-prefork"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-prefork-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-utils-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-worker"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-worker-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/08"); script_set_attribute(attribute:"patch_publication_date", value:"2019/04/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(2|3|4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP2/3/4", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"4", reference:"apache2-2.4.23-29.40.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"apache2-debuginfo-2.4.23-29.40.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"apache2-debugsource-2.4.23-29.40.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"apache2-example-pages-2.4.23-29.40.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"apache2-prefork-2.4.23-29.40.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"apache2-prefork-debuginfo-2.4.23-29.40.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"apache2-utils-2.4.23-29.40.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"apache2-utils-debuginfo-2.4.23-29.40.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"apache2-worker-2.4.23-29.40.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"apache2-worker-debuginfo-2.4.23-29.40.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"apache2-2.4.23-29.40.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"apache2-debuginfo-2.4.23-29.40.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"apache2-debugsource-2.4.23-29.40.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"apache2-example-pages-2.4.23-29.40.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"apache2-prefork-2.4.23-29.40.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"apache2-prefork-debuginfo-2.4.23-29.40.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"apache2-utils-2.4.23-29.40.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"apache2-utils-debuginfo-2.4.23-29.40.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"apache2-worker-2.4.23-29.40.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"apache2-worker-debuginfo-2.4.23-29.40.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"apache2-2.4.23-29.40.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"apache2-debuginfo-2.4.23-29.40.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"apache2-debugsource-2.4.23-29.40.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"apache2-example-pages-2.4.23-29.40.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"apache2-prefork-2.4.23-29.40.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"apache2-prefork-debuginfo-2.4.23-29.40.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"apache2-utils-2.4.23-29.40.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"apache2-utils-debuginfo-2.4.23-29.40.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"apache2-worker-2.4.23-29.40.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"apache2-worker-debuginfo-2.4.23-29.40.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"apache2-2.4.23-29.40.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"apache2-debuginfo-2.4.23-29.40.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"apache2-debugsource-2.4.23-29.40.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"apache2-example-pages-2.4.23-29.40.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"apache2-prefork-2.4.23-29.40.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"apache2-prefork-debuginfo-2.4.23-29.40.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"apache2-utils-2.4.23-29.40.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"apache2-utils-debuginfo-2.4.23-29.40.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"apache2-worker-2.4.23-29.40.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"apache2-worker-debuginfo-2.4.23-29.40.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2"); }
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1250.NASL description According to the versions of the httpd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ( last seen 2020-03-19 modified 2020-03-13 plugin id 134539 published 2020-03-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134539 title EulerOS Virtualization for ARM 64 3.0.2.0 : httpd (EulerOS-SA-2020-1250) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(134539); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/19"); script_cve_id( "CVE-2014-8109", "CVE-2018-1283", "CVE-2018-1301", "CVE-2019-0220" ); script_bugtraq_id( 73040 ); script_name(english:"EulerOS Virtualization for ARM 64 3.0.2.0 : httpd (EulerOS-SA-2020-1250)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS Virtualization for ARM 64 host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the httpd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.(CVE-2019-0220) - A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.(CVE-2018-1301) - In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a 'Session' header. This comes from the 'HTTP_SESSION' variable name used by mod_session to forward its data to CGIs, since the prefix 'HTTP_' is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications.(CVE-2018-1283) - mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory.(CVE-2014-8109) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1250 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4784dd2c"); script_set_attribute(attribute:"solution", value: "Update the affected httpd packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"patch_publication_date", value:"2020/03/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/13"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:httpd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:httpd-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:mod_ssl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (uvp != "3.0.2.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.0"); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu); flag = 0; pkgs = ["httpd-2.4.6-80.1.h7", "httpd-tools-2.4.6-80.1.h7", "mod_ssl-2.4.6-80.1.h7"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd"); }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1190.NASL description This update for apache2 fixes the following issues : - CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241] - CVE-2019-0217: A race condition in Apache last seen 2020-06-01 modified 2020-06-02 plugin id 124017 published 2019-04-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124017 title openSUSE Security Update : apache2 (openSUSE-2019-1190) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-1190. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(124017); script_version("1.2"); script_cvs_date("Date: 2019/04/30 14:30:16"); script_cve_id("CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0217", "CVE-2019-0220"); script_name(english:"openSUSE Security Update : apache2 (openSUSE-2019-1190)"); script_summary(english:"Check for the openSUSE-2019-1190 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for apache2 fixes the following issues : - CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241] - CVE-2019-0217: A race condition in Apache's 'mod_auth_digest' when running in a threaded server could have allowed users with valid credentials to authenticate using another username, bypassing configured access control restrictions. [bsc#1131239] - CVE-2019-0211: A flaw in the Apache HTTP Server allowed less-privileged child processes or threads to execute arbitrary code with the privileges of the parent process. Attackers with control over CGI scripts or extension modules run by the server could have abused this issue to potentially gain super user privileges. [bsc#1131233] - CVE-2019-0197: When HTTP/2 support was enabled in the Apache server for a 'http' host or H2Upgrade was enabled for h2 on a 'https' host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. This issue could have been abused to mount a denial-of-service attack. Servers that never enabled the h2 protocol or that only enabled it for https: and did not configure the 'H2Upgrade on' are unaffected. [bsc#1131245] - CVE-2019-0196: Through specially crafted network input the Apache's http/2 request handler could be lead to access previously freed memory while determining the method of a request. This resulted in the request being misclassified and thus being processed incorrectly. [bsc#1131237] This update was imported from the SUSE:SLE-12-SP2:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131233" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131237" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131239" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131241" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131245" ); script_set_attribute( attribute:"solution", value:"Update the affected apache2 packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-event"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-event-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-example-pages"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-prefork"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-prefork-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-utils-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-worker"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-worker-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/08"); script_set_attribute(attribute:"patch_publication_date", value:"2019/04/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.3", reference:"apache2-2.4.23-45.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"apache2-debuginfo-2.4.23-45.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"apache2-debugsource-2.4.23-45.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"apache2-devel-2.4.23-45.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"apache2-event-2.4.23-45.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"apache2-event-debuginfo-2.4.23-45.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"apache2-example-pages-2.4.23-45.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"apache2-prefork-2.4.23-45.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"apache2-prefork-debuginfo-2.4.23-45.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"apache2-utils-2.4.23-45.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"apache2-utils-debuginfo-2.4.23-45.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"apache2-worker-2.4.23-45.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"apache2-worker-debuginfo-2.4.23-45.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2 / apache2-debuginfo / apache2-debugsource / apache2-devel / etc"); }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0873-1.NASL description This update for apache2 fixes the following issues : CVE-2019-0211: A flaw in the Apache HTTP Server allowed less-privileged child processes or threads to execute arbitrary code with the privileges of the parent process. Attackers with control over CGI scripts or extension modules run by the server could have abused this issue to potentially gain super user privileges. [bsc#1131233] CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241] CVE-2019-0217: A race condition in Apache last seen 2020-06-01 modified 2020-06-02 plugin id 123782 published 2019-04-05 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123782 title SUSE SLED15 / SLES15 Security Update : apache2 (SUSE-SU-2019:0873-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2019:0873-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(123782); script_version("1.5"); script_cvs_date("Date: 2019/09/10 13:51:50"); script_cve_id("CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0217", "CVE-2019-0220"); script_name(english:"SUSE SLED15 / SLES15 Security Update : apache2 (SUSE-SU-2019:0873-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for apache2 fixes the following issues : CVE-2019-0211: A flaw in the Apache HTTP Server allowed less-privileged child processes or threads to execute arbitrary code with the privileges of the parent process. Attackers with control over CGI scripts or extension modules run by the server could have abused this issue to potentially gain super user privileges. [bsc#1131233] CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241] CVE-2019-0217: A race condition in Apache's 'mod_auth_digest' when running in a threaded server could have allowed users with valid credentials to authenticate using another username, bypassing configured access control restrictions. [bsc#1131239] CVE-2019-0197: When HTTP/2 support was enabled in the Apache server for a 'http' host or H2Upgrade was enabled for h2 on a 'https' host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. This issue could have been abused to mount a denial-of-service attack. Servers that never enabled the h2 protocol or that only enabled it for https: and did not configure the 'H2Upgrade on' are unaffected. [bsc#1131245] CVE-2019-0196: Through specially crafted network input the Apache's http/2 request handler could be lead to access previously freed memory while determining the method of a request. This resulted in the request being misclassified and thus being processed incorrectly. [bsc#1131237] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1131233" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1131237" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1131239" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1131241" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1131245" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-0196/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-0197/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-0211/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-0217/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-0220/" ); # https://www.suse.com/support/update/announcement/2019/suse-su-20190873-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e2aa985a" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Module for Server Applications 15:zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-873=1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15:zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-873=1" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-event"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-event-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-example-pages"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-prefork"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-prefork-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-utils-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-worker"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-worker-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/08"); script_set_attribute(attribute:"patch_publication_date", value:"2019/04/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0", os_ver + " SP" + sp); if (os_ver == "SLED15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES15", sp:"0", reference:"apache2-2.4.33-3.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"apache2-debuginfo-2.4.33-3.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"apache2-debugsource-2.4.33-3.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"apache2-devel-2.4.33-3.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"apache2-prefork-2.4.33-3.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"apache2-prefork-debuginfo-2.4.33-3.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"apache2-utils-2.4.33-3.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"apache2-utils-debuginfo-2.4.33-3.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"apache2-worker-2.4.33-3.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"apache2-worker-debuginfo-2.4.33-3.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"apache2-debuginfo-2.4.33-3.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"apache2-debugsource-2.4.33-3.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"apache2-event-2.4.33-3.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"apache2-event-debuginfo-2.4.33-3.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"apache2-example-pages-2.4.33-3.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"apache2-debuginfo-2.4.33-3.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"apache2-debugsource-2.4.33-3.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"apache2-event-2.4.33-3.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"apache2-event-debuginfo-2.4.33-3.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"apache2-example-pages-2.4.33-3.15.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2"); }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0888-1.NASL description This update for apache2 fixes the following issues : CVE-2018-17199: A bug in Apache last seen 2020-06-01 modified 2020-06-02 plugin id 123822 published 2019-04-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123822 title SUSE SLES12 Security Update : apache2 (SUSE-SU-2019:0888-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1258.NASL description This update for apache2 fixes the following issues : - CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241] - CVE-2019-0217: A race condition in Apache last seen 2020-06-01 modified 2020-06-02 plugin id 124264 published 2019-04-24 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124264 title openSUSE Security Update : apache2 (openSUSE-2019-1258) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2019-1189.NASL description In Apache HTTP Server with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. (CVE-2019-0211) A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ( last seen 2020-06-01 modified 2020-06-02 plugin id 123958 published 2019-04-10 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123958 title Amazon Linux AMI : httpd24 (ALAS-2019-1189) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2311.NASL description According to the versions of the httpd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.(CVE-2018-11763) - In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.(CVE-2019-0211) - In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.(CVE-2018-17189) - In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.(CVE-2019-0215) - A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ( last seen 2020-06-01 modified 2020-06-02 plugin id 131476 published 2019-12-03 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131476 title EulerOS Virtualization for ARM 64 3.0.3.0 : httpd (EulerOS-SA-2019-2311) NASL family Fedora Local Security Checks NASL id FEDORA_2019-119B14075A.NASL description This update includes the latest upstream release of **Apache httpd**, version **2.4.39**, including multiple bug and security fixes. To see the full list of changes in this release, see: https://www.apache.org/dist/httpd/CHANGES_2.4.39 The following security vulnerabilities are addressed : - `CVE-2019-0211` - MPMs unix: Fix a local priviledge escalation vulnerability by not maintaining each child last seen 2020-06-01 modified 2020-06-02 plugin id 123801 published 2019-04-08 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123801 title Fedora 29 : httpd (2019-119b14075a) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1455.NASL description According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ( last seen 2020-04-30 modified 2020-04-16 plugin id 135617 published 2020-04-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135617 title EulerOS Virtualization 3.0.2.2 : httpd (EulerOS-SA-2020-1455) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2080.NASL description According to the version of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ( last seen 2020-05-03 modified 2019-09-30 plugin id 129439 published 2019-09-30 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129439 title EulerOS 2.0 SP8 : httpd (EulerOS-SA-2019-2080) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-0250.NASL description Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. This release adds the new Apache HTTP Server 2.4.37 Service Pack 1 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Security fix(es) : * httpd: URL normalization inconsistency (CVE-2019-0220) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 133333 published 2020-01-30 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133333 title RHEL 6 / 7 : JBoss Core Services (RHSA-2020:0250) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0202_HTTPD.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has httpd packages installed that are affected by multiple vulnerabilities: - A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ( last seen 2020-06-01 modified 2020-06-02 plugin id 129922 published 2019-10-15 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129922 title NewStart CGSL CORE 5.04 / MAIN 5.04 : httpd Multiple Vulnerabilities (NS-SA-2019-0202) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2157.NASL description According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ( last seen 2020-05-08 modified 2019-11-12 plugin id 130866 published 2019-11-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130866 title EulerOS 2.0 SP5 : httpd (EulerOS-SA-2019-2157) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-2343.NASL description An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es) : * httpd: mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * httpd: URL normalization inconsistency (CVE-2019-0220) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 127715 published 2019-08-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127715 title RHEL 7 : httpd (RHSA-2019:2343) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_CF2105C6551B11E9B95CB499BAEBFEAF.NASL description The Apache httpd Project reports : Apache HTTP Server privilege escalation from modules last seen 2020-06-01 modified 2020-06-02 plugin id 123644 published 2019-04-03 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123644 title FreeBSD : Apache -- Multiple vulnerabilities (cf2105c6-551b-11e9-b95c-b499baebfeaf) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1209.NASL description This update for apache2 fixes the following issues : - CVE-2019-0211: A flaw in the Apache HTTP Server allowed less-privileged child processes or threads to execute arbitrary code with the privileges of the parent process. Attackers with control over CGI scripts or extension modules run by the server could have abused this issue to potentially gain super user privileges. [bsc#1131233] - CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241] - CVE-2019-0217: A race condition in Apache last seen 2020-06-01 modified 2020-06-02 plugin id 124102 published 2019-04-17 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124102 title openSUSE Security Update : apache2 (openSUSE-2019-1209) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0889-1.NASL description This update for apache2 fixes the following issues : Security issues fixed : CVE-2018-17199: A bug in Apache last seen 2020-06-01 modified 2020-06-02 plugin id 123823 published 2019-04-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123823 title SUSE SLES12 Security Update : apache2 (SUSE-SU-2019:0889-1) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0250_HTTPD.NASL description The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has httpd packages installed that are affected by multiple vulnerabilities: - A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ( last seen 2020-06-01 modified 2020-06-02 plugin id 132454 published 2019-12-31 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132454 title NewStart CGSL CORE 5.05 / MAIN 5.05 : httpd Multiple Vulnerabilities (NS-SA-2019-0250)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- https://www.debian.org/security/2019/dsa-4422
- https://usn.ubuntu.com/3937-1/
- https://support.f5.com/csp/article/K44591505
- https://seclists.org/bugtraq/2019/Apr/5
- https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html
- https://httpd.apache.org/security/vulnerabilities_24.html
- http://www.securityfocus.com/bid/107670
- http://www.openwall.com/lists/oss-security/2019/04/02/6
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html
- https://security.netapp.com/advisory/ntap-20190625-0007/
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://access.redhat.com/errata/RHSA-2019:2343
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://access.redhat.com/errata/RHSA-2019:3436
- https://access.redhat.com/errata/RHSA-2019:4126
- https://access.redhat.com/errata/RHSA-2020:0250
- https://access.redhat.com/errata/RHSA-2020:0251
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/
- https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r31f46d1f16ffcafa68058596b21f6eaf6d352290e522690a1cdccdd7%40%3Cbugs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E