Vulnerabilities > CVE-2019-9517 - Allocation of Resources Without Limits or Throttling vulnerability in multiple products

Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.

Vulnerable Configurations

Part	Description	Count
Application	Apple Apple Swiftnio 1.0.0 Apple Swiftnio 1.0.1 Apple Swiftnio 1.1.0 Apple Swiftnio 1.1.1 Apple Swiftnio 1.2.0 Apple Swiftnio 1.2.1 Apple Swiftnio 1.2.2 Apple Swiftnio 1.3.0 Apple Swiftnio 1.3.1 Apple Swiftnio 1.3.2 Apple Swiftnio 1.4.0	11
Application	Apache Apache Traffic Server 8.0.0 Apache Traffic Server 8.0.1 Apache Traffic Server 8.0.2 Apache Traffic Server 8.0.3 Apache Traffic Server 7.0.0 Apache Traffic Server 7.1.0 Apache Traffic Server 7.1.1 Apache Traffic Server 7.1.2 Apache Traffic Server 7.1.3 Apache Traffic Server 7.1.4 Apache Traffic Server 7.1.5 Apache Traffic Server 7.1.6 Apache Traffic Server 6.0.0 Apache Traffic Server 6.0.3 Apache Traffic Server 6.1.0 Apache Traffic Server 6.1.1 Apache Traffic Server 6.2.0 Apache Traffic Server 6.2.1 Apache Traffic Server 6.2.2 Apache Traffic Server 6.2.3 Apache Http Server 2.4.20 Apache Http Server 2.4.21 Apache Http Server 2.4.22 Apache Http Server 2.4.23 Apache Http Server 2.4.24 Apache Http Server 2.4.25 Apache Http Server 2.4.26 Apache Http Server 2.4.27 Apache Http Server 2.4.28 Apache Http Server 2.4.29 Apache Http Server 2.4.30 Apache Http Server 2.4.31 Apache Http Server 2.4.32 Apache Http Server 2.4.33 Apache Http Server 2.4.34 Apache Http Server 2.4.35 Apache Http Server 2.4.36 Apache Http Server 2.4.37 Apache Http Server 2.4.38 Apache Http Server 2.4.39	69
Application	Synology Synology Skynas - Synology Diskstation Manager 6.2	2
Application	Redhat Redhat Software Collections 1.0 Redhat Jboss Core Services 1.0 Redhat Jboss Enterprise Application Platform 7.2.0 Redhat Jboss Enterprise Application Platform 7.3.0 Redhat Quay 3.0.0 Redhat Openshift Service Mesh 1.0	6
Application	Oracle Oracle Retail Xstore Point OF Service 7.1 Oracle Graalvm 19.2.0 Oracle Instantis Enterprisetrack 17.1 Oracle Instantis Enterprisetrack 17.2 Oracle Instantis Enterprisetrack 17.3 Oracle Communications Element Manager 8.2.0 Oracle Communications Element Manager 8.1.1 Oracle Communications Element Manager 8.1.0 Oracle Communications Element Manager 8.0.0	9
Application	Mcafee Mcafee WEB Gateway 7.7.2.0 Mcafee WEB Gateway 7.7.2.1 Mcafee WEB Gateway 7.7.2.2 Mcafee WEB Gateway 7.7.2.3 Mcafee WEB Gateway 7.7.2.4 Mcafee WEB Gateway 7.7.2.5 Mcafee WEB Gateway 7.7.2.6 Mcafee WEB Gateway 7.7.2.7 Mcafee WEB Gateway 7.7.2.8 Mcafee WEB Gateway 7.7.2.9 Mcafee WEB Gateway 7.7.2.10 Mcafee WEB Gateway 7.7.2.11 Mcafee WEB Gateway 7.7.2.12 Mcafee WEB Gateway 7.7.2.13 Mcafee WEB Gateway 7.7.2.14 Mcafee WEB Gateway 7.7.2.15 Mcafee WEB Gateway 7.7.2.16 Mcafee WEB Gateway 7.7.2.17 Mcafee WEB Gateway 7.7.2.18 Mcafee WEB Gateway 7.7.2.19 Mcafee WEB Gateway 7.7.2.20 Mcafee WEB Gateway 7.7.2.21 Mcafee WEB Gateway 7.7.2.22 Mcafee WEB Gateway 7.7.2.23 Mcafee WEB Gateway 7.8.2.0 Mcafee WEB Gateway 7.8.2.1 Mcafee WEB Gateway 7.8.2.2 Mcafee WEB Gateway 7.8.2.3 Mcafee WEB Gateway 7.8.2.4 Mcafee WEB Gateway 7.8.2.5 Mcafee WEB Gateway 7.8.2.6 Mcafee WEB Gateway 7.8.2.7 Mcafee WEB Gateway 7.8.2.8 Mcafee WEB Gateway 7.8.2.9 Mcafee WEB Gateway 7.8.2.10 Mcafee WEB Gateway 7.8.2.11 Mcafee WEB Gateway 7.8.2.12 Mcafee WEB Gateway 8.1.0 Mcafee WEB Gateway 8.1.1 Mcafee WEB Gateway 8.1.2 Mcafee WEB Gateway 8.1.3 Mcafee WEB Gateway 8.1.4 Mcafee WEB Gateway 8.1.5	43
Application	Netapp Netapp Clustered Data Ontap -	1
Application	Nodejs Nodejs Node.Js 8.0.0 Nodejs Node.Js 8.1.0 Nodejs Node.Js 8.1.1 Nodejs Node.Js 8.1.2 Nodejs Node.Js 8.1.3 Nodejs Node.Js 8.1.4 Nodejs Node.Js 8.2.0 Nodejs Node.Js 8.2.1 Nodejs Node.Js 8.3.0 Nodejs Node.Js 8.4.0 Nodejs Node.Js 8.5.0 Nodejs Node.Js 8.6.0 Nodejs Node.Js 8.7.0 Nodejs Node.Js 8.8.0 Nodejs Node.Js 8.8.1 Nodejs Node.Js 10.0.0 Nodejs Node.Js 10.1.0 Nodejs Node.Js 10.2.0 Nodejs Node.Js 10.2.1 Nodejs Node.Js 10.3.0 Nodejs Node.Js 10.4.0 Nodejs Node.Js 10.4.1 Nodejs Node.Js 10.5.0 Nodejs Node.Js 10.6.0 Nodejs Node.Js 10.7.0 Nodejs Node.Js 10.8.0 Nodejs Node.Js 10.9.0 Nodejs Node.Js 10.10.0 Nodejs Node.Js 10.11.0 Nodejs Node.Js 12.0.0 Nodejs Node.Js 12.1.0 Nodejs Node.Js 12.2.0 Nodejs Node.Js 12.3.0 Nodejs Node.Js 12.3.1 Nodejs Node.Js 12.4.0 Nodejs Node.Js 12.5.0 Nodejs Node.Js 12.6.0 Nodejs Node.Js 12.7.0 Nodejs Node.Js 12.8.0 Nodejs Node.Js 10.13.0 Nodejs Node.Js 10.14.0 Nodejs Node.Js 10.14.1 Nodejs Node.Js 10.14.2 Nodejs Node.Js 10.15.0 Nodejs Node.Js 10.15.1 Nodejs Node.Js 10.15.2 Nodejs Node.Js 10.15.3 Nodejs Node.Js 10.16.0 Nodejs Node.Js 10.16.1 Nodejs Node.Js 10.16.2 Nodejs Node.Js 8.9.0 Nodejs Node.Js 8.9.1 Nodejs Node.Js 8.9.2 Nodejs Node.Js 8.9.3 Nodejs Node.Js 8.9.4 Nodejs Node.Js 8.10.0 Nodejs Node.Js 8.11.0 Nodejs Node.Js 8.11.1 Nodejs Node.Js 8.11.2 Nodejs Node.Js 8.11.3 Nodejs Node.Js 8.11.4 Nodejs Node.Js 8.12.0 Nodejs Node.Js 8.13.0 Nodejs Node.Js 8.14.0 Nodejs Node.Js 8.14.1 Nodejs Node.Js 8.15.0 Nodejs Node.Js 8.15.1	67
OS	Apple Apple MAC OS X *	1
OS	Canonical Canonical Ubuntu Linux * Canonical Ubuntu Linux 16.04 Canonical Ubuntu Linux 18.04 Canonical Ubuntu Linux 19.04	4
OS	Debian Debian Debian Linux 9.0 Debian Debian Linux 10.0	2
OS	Synology Synology Vs960Hd Firmware -	1
OS	Fedoraproject Fedoraproject Fedora 29 Fedoraproject Fedora 30	2
OS	Opensuse Opensuse Leap 15.0 Opensuse Leap 15.1	2
OS	Redhat Redhat Enterprise Linux 8.0	1
Hardware	Synology Synology Vs960Hd -	1

Common Weakness Enumeration (CWE)

CWE-770 - Allocation of Resources Without Limits or Throttling

Common Attack Pattern Enumeration and Classification (CAPEC)

Locate and Exploit Test APIs
An attacker exploits a sample, demonstration, or test API that is insecure by default and should not be resident on production systems. Some applications include APIs that are intended to allow an administrator to test and refine their domain. These APIs should usually be disabled once a system enters a production environment. Testing APIs may expose a great deal of diagnostic information intended to aid an administrator, but which can also be used by an attacker to further refine their attack. Moreover, testing APIs may not have adequate security controls or may not have undergone rigorous testing since they were not intended for use in production environments. As such, they may have many flaws and vulnerabilities that would allow an attacker to severely disrupt a target.
Flooding
An attacker consumes the resources of a target by rapidly engaging in a large number of interactions with the target. This type of attack generally exposes a weakness in rate limiting or flow control in management of interactions. Since each request consumes some of the target's resources, if a sufficiently large number of requests must be processed at the same time then the target's resources can be exhausted. The degree to which the attack is successful depends upon the volume of requests in relation to the amount of the resource the target has access to, and other mitigating circumstances such as the target's ability to shift load or acquired additional resources to deal with the depletion. The more protected the resource and the greater the quantity of it that must be consumed, the more resources the attacker may need to have at their disposal. A typical TCP/IP flooding attack is a Distributed Denial-of-Service attack where many machines simultaneously make a large number of requests to a target. Against a target with strong defenses and a large pool of resources, many tens of thousands of attacking machines may be required. When successful this attack prevents legitimate users from accessing the service and can cause the target to crash. This attack differs from resource depletion through leaks or allocations in that the latter attacks do not rely on the volume of requests made to the target but instead focus on manipulation of the target's operations. The key factor in a flooding attack is the number of requests the attacker can make in a given period of time. The greater this number, the more likely an attack is to succeed against a given target.
Excessive Allocation
An attacker causes the target to allocate excessive resources to servicing the attackers' request, thereby reducing the resources available for legitimate services and degrading or denying services. Usually, this attack focuses on memory allocation, but any finite resource on the target could be the attacked, including bandwidth, processing cycles, or other resources. This attack does not attempt to force this allocation through a large number of requests (that would be Resource Depletion through Flooding) but instead uses one or a small number of requests that are carefully formatted to force the target to allocate excessive resources to service this request(s). Often this attack takes advantage of a bug in the target to cause the target to allocate resources vastly beyond what would be needed for a normal request. For example, using an Integer Attack, the attacker could cause a variable that controls allocation for a request to hold an excessively large value. Excessive allocation of resources can render a service degraded or unavailable to legitimate users and can even lead to crashing of the target.
XML Ping of the Death
An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.
XML Entity Expansion
An attacker submits an XML document to a target application where the XML document uses nested entity expansion to produce an excessively large output XML. XML allows the definition of macro-like structures that can be used to simplify the creation of complex structures. However, this capability can be abused to create excessive demands on a processor's CPU and memory. A small number of nested expansions can result in an exponential growth in demands on memory.

Nessus

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2019-2893.NASL
description	An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es) : * HTTP/2: request for large response leads to denial of service (CVE-2019-9517) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
last seen	2020-05-23
modified	2019-09-25
plugin id	129333
published	2019-09-25
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/129333
title	RHEL 8 : httpd:2.4 (RHSA-2019:2893) (Internal Data Buffering)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2019:2893. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(129333); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/22"); script_cve_id("CVE-2019-9517"); script_xref(name:"RHSA", value:"2019:2893"); script_name(english:"RHEL 8 : httpd:2.4 (RHSA-2019:2893) (Internal Data Buffering)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es) : * HTTP/2: request for large response leads to denial of service (CVE-2019-9517) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2019:2893" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-9517" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-9517"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-filesystem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-manual"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_http2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_http2-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_md"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_proxy_html"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_session"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_ssl"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8::appstream"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/13"); script_set_attribute(attribute:"patch_publication_date", value:"2019/09/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/25"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^8([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 8.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); module_ver = get_kb_item('Host/RedHat/appstream/httpd'); if (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4'); if ('2.4' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module httpd:' + module_ver); appstreams = { 'httpd:2.4': [ {'reference':'httpd-2.4.37-12.module+el8.0.0+4096+eb40e6da', 'cpu':'aarch64', 'release':'8'}, {'reference':'httpd-2.4.37-12.module+el8.0.0+4096+eb40e6da', 'cpu':'s390x', 'release':'8'}, {'reference':'httpd-2.4.37-12.module+el8.0.0+4096+eb40e6da', 'cpu':'x86_64', 'release':'8'}, {'reference':'httpd-debugsource-2.4.37-12.module+el8.0.0+4096+eb40e6da', 'cpu':'aarch64', 'release':'8'}, {'reference':'httpd-debugsource-2.4.37-12.module+el8.0.0+4096+eb40e6da', 'cpu':'s390x', 'release':'8'}, {'reference':'httpd-debugsource-2.4.37-12.module+el8.0.0+4096+eb40e6da', 'cpu':'x86_64', 'release':'8'}, {'reference':'httpd-devel-2.4.37-12.module+el8.0.0+4096+eb40e6da', 'cpu':'aarch64', 'release':'8'}, {'reference':'httpd-devel-2.4.37-12.module+el8.0.0+4096+eb40e6da', 'cpu':'s390x', 'release':'8'}, {'reference':'httpd-devel-2.4.37-12.module+el8.0.0+4096+eb40e6da', 'cpu':'x86_64', 'release':'8'}, {'reference':'httpd-filesystem-2.4.37-12.module+el8.0.0+4096+eb40e6da', 'release':'8'}, {'reference':'httpd-manual-2.4.37-12.module+el8.0.0+4096+eb40e6da', 'release':'8'}, {'reference':'httpd-tools-2.4.37-12.module+el8.0.0+4096+eb40e6da', 'cpu':'aarch64', 'release':'8'}, {'reference':'httpd-tools-2.4.37-12.module+el8.0.0+4096+eb40e6da', 'cpu':'s390x', 'release':'8'}, {'reference':'httpd-tools-2.4.37-12.module+el8.0.0+4096+eb40e6da', 'cpu':'x86_64', 'release':'8'}, {'reference':'mod_http2-1.11.3-3.module+el8.0.0+4096+eb40e6da', 'cpu':'aarch64', 'release':'8'}, {'reference':'mod_http2-1.11.3-3.module+el8.0.0+4096+eb40e6da', 'cpu':'s390x', 'release':'8'}, {'reference':'mod_http2-1.11.3-3.module+el8.0.0+4096+eb40e6da', 'cpu':'x86_64', 'release':'8'}, {'reference':'mod_http2-debugsource-1.11.3-3.module+el8.0.0+4096+eb40e6da', 'cpu':'aarch64', 'release':'8'}, {'reference':'mod_http2-debugsource-1.11.3-3.module+el8.0.0+4096+eb40e6da', 'cpu':'s390x', 'release':'8'}, {'reference':'mod_http2-debugsource-1.11.3-3.module+el8.0.0+4096+eb40e6da', 'cpu':'x86_64', 'release':'8'}, {'reference':'mod_ldap-2.4.37-12.module+el8.0.0+4096+eb40e6da', 'cpu':'aarch64', 'release':'8'}, {'reference':'mod_ldap-2.4.37-12.module+el8.0.0+4096+eb40e6da', 'cpu':'s390x', 'release':'8'}, {'reference':'mod_ldap-2.4.37-12.module+el8.0.0+4096+eb40e6da', 'cpu':'x86_64', 'release':'8'}, {'reference':'mod_md-2.4.37-12.module+el8.0.0+4096+eb40e6da', 'cpu':'aarch64', 'release':'8'}, {'reference':'mod_md-2.4.37-12.module+el8.0.0+4096+eb40e6da', 'cpu':'s390x', 'release':'8'}, {'reference':'mod_md-2.4.37-12.module+el8.0.0+4096+eb40e6da', 'cpu':'x86_64', 'release':'8'}, {'reference':'mod_proxy_html-2.4.37-12.module+el8.0.0+4096+eb40e6da', 'cpu':'aarch64', 'release':'8', 'epoch':'1'}, {'reference':'mod_proxy_html-2.4.37-12.module+el8.0.0+4096+eb40e6da', 'cpu':'s390x', 'release':'8', 'epoch':'1'}, {'reference':'mod_proxy_html-2.4.37-12.module+el8.0.0+4096+eb40e6da', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}, {'reference':'mod_session-2.4.37-12.module+el8.0.0+4096+eb40e6da', 'cpu':'aarch64', 'release':'8'}, {'reference':'mod_session-2.4.37-12.module+el8.0.0+4096+eb40e6da', 'cpu':'s390x', 'release':'8'}, {'reference':'mod_session-2.4.37-12.module+el8.0.0+4096+eb40e6da', 'cpu':'x86_64', 'release':'8'}, {'reference':'mod_ssl-2.4.37-12.module+el8.0.0+4096+eb40e6da', 'cpu':'aarch64', 'release':'8', 'epoch':'1'}, {'reference':'mod_ssl-2.4.37-12.module+el8.0.0+4096+eb40e6da', 'cpu':'s390x', 'release':'8', 'epoch':'1'}, {'reference':'mod_ssl-2.4.37-12.module+el8.0.0+4096+eb40e6da', 'cpu':'x86_64', 'release':'8', 'epoch':'1'} ], }; flag = 0; appstreams_found = 0; foreach module (keys(appstreams)) { appstream = NULL; appstream_name = NULL; appstream_version = NULL; appstream_split = split(module, sep:':', keep:FALSE); if (!empty_or_null(appstream_split)) { appstream_name = appstream_split[0]; appstream_version = appstream_split[1]; if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name); } if (!empty_or_null(appstream) && appstream_version == appstream \|\| appstream_name == 'all') { appstreams_found++; foreach package_array ( appstreams[module] ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (reference && release) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++; } } } } if (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4'); if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-debugsource / httpd-devel / etc'); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2020-0059-1.NASL
description	This update for nodejs12 fixes the following issues : Update to LTS release 12.13.0 (jsc#SLE-8947). Security issues fixed : CVE-2019-9511: Fixed the HTTP/2 implementation that was vulnerable to window size manipulations (bsc#1146091). CVE-2019-9512: Fixed the HTTP/2 implementation that was vulnerable to floods using PING frames (bsc#1146099). CVE-2019-9513: Fixed the HTTP/2 implementation that was vulnerable to resource loops, potentially leading to a denial of service (bsc#1146094). CVE-2019-9514: Fixed the HTTP/2 implementation that was vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095). CVE-2019-9515: Fixed the HTTP/2 implementation that was vulnerable to a SETTINGS frame flood (bsc#1146100). CVE-2019-9516: Fixed the HTTP/2 implementation that was vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090). CVE-2019-9517: Fixed the HTTP/2 implementation that was vulnerable to unconstrained interal data buffering (bsc#1146097). CVE-2019-9518: Fixed the HTTP/2 implementation that was vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093). CVE-2019-13173: Fixed a file overwrite in the fstream.DirWriter() function (bsc#1140290). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	132767
published	2020-01-10
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/132767
title	SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2020:0059-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2020:0059-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(132767); script_version("1.2"); script_cvs_date("Date: 2020/01/15"); script_cve_id("CVE-2019-13173", "CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"); script_name(english:"SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2020:0059-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for nodejs12 fixes the following issues : Update to LTS release 12.13.0 (jsc#SLE-8947). Security issues fixed : CVE-2019-9511: Fixed the HTTP/2 implementation that was vulnerable to window size manipulations (bsc#1146091). CVE-2019-9512: Fixed the HTTP/2 implementation that was vulnerable to floods using PING frames (bsc#1146099). CVE-2019-9513: Fixed the HTTP/2 implementation that was vulnerable to resource loops, potentially leading to a denial of service (bsc#1146094). CVE-2019-9514: Fixed the HTTP/2 implementation that was vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095). CVE-2019-9515: Fixed the HTTP/2 implementation that was vulnerable to a SETTINGS frame flood (bsc#1146100). CVE-2019-9516: Fixed the HTTP/2 implementation that was vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090). CVE-2019-9517: Fixed the HTTP/2 implementation that was vulnerable to unconstrained interal data buffering (bsc#1146097). CVE-2019-9518: Fixed the HTTP/2 implementation that was vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093). CVE-2019-13173: Fixed a file overwrite in the fstream.DirWriter() function (bsc#1140290). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1140290" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1146090" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1146091" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1146093" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1146094" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1146095" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1146097" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1146099" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1146100" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1149792" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-13173/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-9511/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-9512/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-9513/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-9514/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-9515/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-9516/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-9517/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-9518/" ); # https://www.suse.com/support/update/announcement/2020/suse-su-20200059-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?cadca2ae" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2020-59=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-13173"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nodejs12"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nodejs12-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nodejs12-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nodejs12-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:npm12"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/02"); script_set_attribute(attribute:"patch_publication_date", value:"2020/01/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/10"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S\|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"0", reference:"nodejs12-12.13.0-1.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"nodejs12-debuginfo-12.13.0-1.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"nodejs12-debugsource-12.13.0-1.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"nodejs12-devel-12.13.0-1.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"npm12-12.13.0-1.3.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nodejs12"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2019-4427FD65BE.NASL
description	Rebuilt with newer nghttp2 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	128400
published	2019-08-30
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/128400
title	Fedora 29 : mod_http2 (2019-4427fd65be) (0-Length Headers Leak) (Data Dribble) (Internal Data Buffering)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-4113-1.NASL
description	Stefan Eissing discovered that the HTTP/2 implementation in Apache did not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in some situations. A remote attacker could use this to cause a denial of service (daemon crash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-0197) Craig Young discovered that a memory overwrite error existed in Apache when performing HTTP/2 very early pushes in some situations. A remote attacker could use this to cause a denial of service (daemon crash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10081) Craig Young discovered that a read-after-free error existed in the HTTP/2 implementation in Apache during connection shutdown. A remote attacker could use this to possibly cause a denial of service (daemon crash) or possibly expose sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10082) Matei Badanoiu discovered that the mod_proxy component of Apache did not properly filter URLs when reporting errors in some configurations. A remote attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. (CVE-2019-10092) Daniel McCarney discovered that mod_remoteip component of Apache contained a stack buffer overflow when parsing headers from a trusted intermediary proxy in some situations. A remote attacker controlling a trusted proxy could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2019-10097) Yukitsugu Sasaki discovered that the mod_rewrite component in Apache was vulnerable to open redirects in some situations. A remote attacker could use this to possibly expose sensitive information or bypass intended restrictions. (CVE-2019-10098) Jonathan Looney discovered that the HTTP/2 implementation in Apache did not properly limit the amount of buffering for client connections in some situations. A remote attacker could use this to cause a denial of service (unresponsive daemon). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-9517). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	128412
published	2019-08-30
reporter	Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/128412
title	Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : apache2 vulnerabilities (USN-4113-1) (Internal Data Buffering)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2019-2893.NASL
description	From Red Hat Security Advisory 2019:2893 : An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es) : * HTTP/2: request for large response leads to denial of service (CVE-2019-9517) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
last seen	2020-06-01
modified	2020-06-02
plugin id	129330
published	2019-09-25
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/129330
title	Oracle Linux 8 : httpd:2.4 (ELSA-2019-2893) (Internal Data Buffering)

NASL family	Amazon Linux Local Security Checks
NASL id	AL2_ALAS-2019-1342.NASL
description	Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.(CVE-2019-9511) Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.(CVE-2019-9516) Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.(CVE-2019-9517)
last seen	2020-06-01
modified	2020-06-02
plugin id	130401
published	2019-10-31
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/130401
title	Amazon Linux 2 : mod_http2 (ALAS-2019-1342) (0-Length Headers Leak) (Data Dribble) (Internal Data Buffering)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-2114.NASL
description	This update for nodejs10 to version 10.16.3 fixes the following issues : Security issues fixed : - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091). - CVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099). - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service. (bsc#1146094). - CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095). - CVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100). - CVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090). - CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1146097). - CVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093). This update was imported from the SUSE:SLE-15:Update update project.
last seen	2020-06-01
modified	2020-06-02
plugin id	128668
published	2019-09-11
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/128668
title	openSUSE Security Update : nodejs10 (openSUSE-2019-2114) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2019-2799.NASL
description	An update for the nginx:1.14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 (Post Office Protocol 3) and IMAP protocols, with a focus on high concurrency, performance and low memory usage. Security Fix(es) : * HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
last seen	2020-05-23
modified	2019-09-20
plugin id	129089
published	2019-09-20
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/129089
title	RHEL 8 : nginx:1.14 (RHSA-2019:2799) (0-Length Headers Leak) (Data Dribble) (Resource Loop)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2019-2946.NASL
description	An update is now available for JBoss Core Services on RHEL 6 and RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.29 Service Pack 3 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.29, and includes bug fixes for CVEs which are linked in the References section. Security Fix(es) : * mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) * mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517) Bug Fix(es) : * nghttp2: Rebase to 1.39.2 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
last seen	2020-05-15
modified	2019-10-02
plugin id	129520
published	2019-10-02
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/129520
title	RHEL 6 / 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP3 (RHSA-2019:2946) (0-Length Headers Leak) (Data Dribble) (Internal Data Buffering) (Resource Loop)

NASL family	Misc.
NASL id	ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_OCT_2019_CPU.NASL
description	The version of Oracle Enterprise Manager Ops Center installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - An unspecified vulnerability in the Networking (cURL) component of Oracle Enterprise Manager Ops Center. An easy to exploit vulnerability could allow an unauthenticated attacker with network access via HTTPS to compromise Enterprise Manager Ops Center. A successful attack of this vulnerability can result in takeover of Enterprise Manager Ops Center. (CVE-2019-5443) - An unspecified vulnerability in the Networking (jQuery) component of Oracle Enterprise Manager Ops Center. A difficult to exploit vulnerability could allow a low privileged attacker with logon to the infrastructure where Enterprise Manager Ops Center executes to compromise Enterprise Manager Ops Center. A successful attack of this vulnerability can result in unauthorized access of Enterprise Manager Ops Center data. (CVE-2019-11358) - An unspecified vulnerability in the OS Provisioning (Apache HTTP Server) component of Oracle Enterprise Manager Ops Center. An easily exploitable vulnerability could allow an unauthenticated attacker with network access via multiple protocols to compromise Enterprise Manager Ops Center. A successful attack of this vulnerability can result in unauthorized access of Enterprise Manager Ops Center data. (CVE-2019-9517)
last seen	2020-05-08
modified	2020-01-17
plugin id	133057
published	2020-01-17
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133057
title	Oracle Enterprise Manager Ops Center (Oct 2019 CPU)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-2259-1.NASL
description	This update for nodejs10 to version 10.16.3 fixes the following issues : Security issues fixed : CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091). CVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099). CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service. (bsc#1146094). CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095). CVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100). CVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090). CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1146097). CVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	128467
published	2019-09-03
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/128467
title	SUSE SLES15 Security Update : nodejs10 (SUSE-SU-2019:2259-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2019-6A2980DE56.NASL
description	Update to Node.js 10.6.13 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	128133
published	2019-08-26
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/128133
title	Fedora 29 : 1:nodejs (2019-6a2980de56) (0-Length Headers Leak) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-2115.NASL
description	This update for nodejs8 to version 8.16.1 fixes the following issues : Security issues fixed : - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091). - CVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099). - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service. (bsc#1146094). - CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095). - CVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100). - CVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090). - CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1146097). - CVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093). Bug fixes : - Fixed that npm resolves its default config file like in all other versions, as /etc/nodejs/npmrc (bsc#1144919). This update was imported from the SUSE:SLE-15:Update update project.
last seen	2020-06-01
modified	2020-06-02
plugin id	128669
published	2019-09-11
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/128669
title	openSUSE Security Update : nodejs8 (openSUSE-2019-2115) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201909-04.NASL
description	The remote host is affected by the vulnerability described in GLSA-201909-04 (Apache: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Apache. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	128593
published	2019-09-09
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/128593
title	GLSA-201909-04 : Apache: Multiple vulnerabilities (Internal Data Buffering)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2019-2925.NASL
description	An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (10.16.3). Security Fix(es) : * HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511) * HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512) * HTTP/2: flood using PRIORITY frames results in excessive resource consumption (CVE-2019-9513) * HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514) * HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515) * HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516) * HTTP/2: request for large response leads to denial of service (CVE-2019-9517) * HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
last seen	2020-05-23
modified	2019-10-01
plugin id	129480
published	2019-10-01
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/129480
title	RHEL 8 : nodejs:10 (RHSA-2019:2925) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-2051.NASL
description	This update for apache2 fixes the following issues : Security issues fixed : - CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1145575). - CVE-2019-10081: Fixed mod_http2 that is vulnerable to memory corruption on early pushes (bsc#1145742). - CVE-2019-10082: Fixed mod_http2 that is vulnerable to read-after-free in h2 connection shutdown (bsc#1145741). - CVE-2019-10092: Fixed limited cross-site scripting in mod_proxy (bsc#1145740). - CVE-2019-10097: Fixed mod_remoteip stack-based buffer overflow and NULL pointer dereference (bsc#1145739). - CVE-2019-10098: Fixed mod_rewrite configuration vulnerablility to open redirect (bsc#1145738). This update was imported from the SUSE:SLE-15:Update update project.
last seen	2020-06-01
modified	2020-06-02
plugin id	128460
published	2019-09-03
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/128460
title	openSUSE Security Update : apache2 (openSUSE-2019-2051) (Internal Data Buffering)

NASL family	Web Servers
NASL id	APACHE_2_4_41.NASL
description	The version of Apache httpd installed on the remote host is prior to 2.4.41. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.41 advisory, including the following: - A limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed. (CVE-2019-10092) - HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with H2PushResource, could lead to an overwrite of memory in the pushing request
last seen	2020-04-12
modified	2019-08-20
plugin id	128033
published	2019-08-20
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/128033
title	Apache 2.4.x < 2.4.41 Multiple Vulnerabilities

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-2329-1.NASL
description	This update for apache2 fixes the following issues : Security issues fixed : CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1145575). CVE-2019-10081: Fixed mod_http2 that is vulnerable to memory corruption on early pushes (bsc#1145742). CVE-2019-10082: Fixed mod_http2 that is vulnerable to read-after-free in h2 connection shutdown (bsc#1145741). CVE-2019-10092: Fixed limited cross-site scripting in mod_proxy (bsc#1145740). CVE-2019-10098: Fixed mod_rewrite configuration vulnerablility to open redirect (bsc#1145738). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	128612
published	2019-09-09
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/128612
title	SUSE SLES12 Security Update : apache2 (SUSE-SU-2019:2329-1) (Internal Data Buffering)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-2260-1.NASL
description	This update for nodejs8 to version 8.16.1 fixes the following issues : Security issues fixed : CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091). CVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099). CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service. (bsc#1146094). CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095). CVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100). CVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090). CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1146097). CVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093). Bug fixes: Fixed that npm resolves its default config file like in all other versions, as /etc/nodejs/npmrc (bsc#1144919). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	128468
published	2019-09-03
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/128468
title	SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2019:2260-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2019-2925.NASL
description	From Red Hat Security Advisory 2019:2925 : An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (10.16.3). Security Fix(es) : * HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511) * HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512) * HTTP/2: flood using PRIORITY frames results in excessive resource consumption (CVE-2019-9513) * HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514) * HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515) * HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516) * HTTP/2: request for large response leads to denial of service (CVE-2019-9517) * HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
last seen	2020-06-01
modified	2020-06-02
plugin id	129514
published	2019-10-02
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/129514
title	Oracle Linux 8 : nodejs:10 (ELSA-2019-2925) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2020-1155.NASL
description	According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the
last seen	2020-05-03
modified	2020-02-25
plugin id	133989
published	2020-02-25
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133989
title	EulerOS 2.0 SP8 : httpd (EulerOS-SA-2020-1155)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2020-1359.NASL
description	According to the versions of the httpd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.(CVE-2018-17199) - In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.(CVE-2019-10082) - HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with
last seen	2020-04-07
modified	2020-04-02
plugin id	135146
published	2020-04-02
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135146
title	EulerOS Virtualization for ARM 64 3.0.6.0 : httpd (EulerOS-SA-2020-1359)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2019-63BA15CC83.NASL
description	Rebuilt with newer nghttp2 ---- This update includes the latest upstream release of `mod_http2`, version 1.15.3. Upstream changes include : - fixes Timeout vs. KeepAliveTimeout behaviour, see PR 63534. - Fixes stream cleanup when connection throttling is in place. - Counts stream resets by client on streams initiated by client as cause for connection throttling. - Header length checks are now logged similar to HTTP/1.1 protocol handler - Header length is checked also on the merged value from several header instances and results in a 431 response. - fixing mod_proxy_http2 to support trailers in both directions. See PR 63502. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	128436
published	2019-09-03
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/128436
title	Fedora 30 : mod_http2 (2019-63ba15cc83) (0-Length Headers Leak) (Data Dribble) (Internal Data Buffering)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-2254-1.NASL
description	This update for nodejs10 to version 10.16.3 fixes the following issues : Security issues fixed : CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091). CVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099). CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service. (bsc#1146094). CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095). CVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100). CVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090). CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1146097). CVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	128411
published	2019-08-30
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/128411
title	SUSE SLES12 Security Update : nodejs10 (SUSE-SU-2019:2254-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2019-3932.NASL
description	Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Security Fix(es) : * openssl: RSA key generation cache timing vulnerability in crypto/rsa/ rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) * mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * openssl: Side-channel vulnerability on SMT/ Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * mod_session_cookie does not respect expiry time (CVE-2018-17199) * mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) * mod_http2: possible crash on late upgrade (CVE-2019-0197) * mod_http2: read-after-free on a string compare (CVE-2019-0196) * nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) * mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
last seen	2020-06-01
modified	2020-06-02
plugin id	131215
published	2019-11-22
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/131215
title	RHEL 6 : JBoss Core Services (RHSA-2019:3932) (0-Length Headers Leak) (Data Dribble) (Internal Data Buffering) (Resource Loop)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2019-3933.NASL
description	An update is now available for JBoss Core Services on RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Security Fix(es) : * openssl: RSA key generation cache timing vulnerability in crypto/rsa/ rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) * mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * mod_session_cookie does not respect expiry time (CVE-2018-17199) * mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) * mod_http2: possible crash on late upgrade (CVE-2019-0197) * mod_http2: read-after-free on a string compare (CVE-2019-0196) * nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) * mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
last seen	2020-06-01
modified	2020-06-02
plugin id	131216
published	2019-11-22
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/131216
title	RHEL 7 : JBoss Core Services (RHSA-2019:3933) (0-Length Headers Leak) (Data Dribble) (Internal Data Buffering) (Resource Loop)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-4509.NASL
description	Several vulnerabilities have been found in the Apache HTTPD server. - CVE-2019-9517 Jonathan Looney reported that a malicious client could perform a denial of service attack (exhausting h2 workers) by flooding a connection with requests and basically never reading responses on the TCP connection. - CVE-2019-10081 Craig Young reported that HTTP/2 PUSHes could lead to an overwrite of memory in the pushing request
last seen	2020-06-01
modified	2020-06-02
plugin id	128182
published	2019-08-27
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/128182
title	Debian DSA-4509-1 : apache2 - security update (Internal Data Buffering)

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2019-1311.NASL
description	A vulnerability was found in Apache httpd, in mod_http2. Under certain circumstances, HTTP/2 early pushes could lead to memory corruption, causing a server to crash.(CVE-2019-10081) A read-after-free vulnerability was discovered in Apache httpd, in mod_http2. A specially crafted http/2 client session could cause the server to read memory that was previously freed during connection shutdown, potentially leading to a crash.(CVE-2019-10082) A cross-site scripting vulnerability was found in Apache httpd, affecting the mod_proxy error page. Under certain circumstances, a crafted link could inject content into the HTML displayed in the error page, potentially leading to client-side exploitation.(CVE-2019-10092) A vulnerability was discovered in Apache httpd, in mod_remoteip. A trusted proxy using the
last seen	2020-06-01
modified	2020-06-02
plugin id	130281
published	2019-10-28
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/130281
title	Amazon Linux AMI : httpd24 (ALAS-2019-1311) (Internal Data Buffering)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-2237-1.NASL
description	This update for apache2 fixes the following issues : Security issues fixed : CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1145575). CVE-2019-10081: Fixed mod_http2 that is vulnerable to memory corruption on early pushes (bsc#1145742). CVE-2019-10082: Fixed mod_http2 that is vulnerable to read-after-free in h2 connection shutdown (bsc#1145741). CVE-2019-10092: Fixed limited cross-site scripting in mod_proxy (bsc#1145740). CVE-2019-10097: Fixed mod_remoteip stack-based buffer overflow and NULL pointer dereference (bsc#1145739). CVE-2019-10098: Fixed mod_rewrite configuration vulnerablility to open redirect (bsc#1145738). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	128316
published	2019-08-29
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/128316
title	SUSE SLED15 / SLES15 Security Update : apache2 (SUSE-SU-2019:2237-1) (Internal Data Buffering)

NASL family	Slackware Local Security Checks
NASL id	SLACKWARE_SSA_2020-091-02.NASL
description	New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
last seen	2020-04-07
modified	2020-04-02
plugin id	135160
published	2020-04-02
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135160
title	Slackware 14.0 / 14.1 / 14.2 / current : httpd (SSA:2020-091-02) (Internal Data Buffering)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-4113-2.NASL
description	USN-4113-1 fixed vulnerabilities in the Apache HTTP server. Unfortunately, that update introduced a regression when proxying balancer manager connections in some configurations. This update fixes the problem. We apologize for the inconvenience. Original advisory details : Stefan Eissing discovered that the HTTP/2 implementation in Apache did not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in some situations. A remote attacker could use this to cause a denial of service (daemon crash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-0197) Craig Young discovered that a memory overwrite error existed in Apache when performing HTTP/2 very early pushes in some situations. A remote attacker could use this to cause a denial of service (daemon crash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10081) Craig Young discovered that a read-after-free error existed in the HTTP/2 implementation in Apache during connection shutdown. A remote attacker could use this to possibly cause a denial of service (daemon crash) or possibly expose sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10082) Matei Badanoiu discovered that the mod_proxy component of Apache did not properly filter URLs when reporting errors in some configurations. A remote attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. (CVE-2019-10092) Daniel McCarney discovered that mod_remoteip component of Apache contained a stack buffer overflow when parsing headers from a trusted intermediary proxy in some situations. A remote attacker controlling a trusted proxy could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2019-10097) Yukitsugu Sasaki discovered that the mod_rewrite component in Apache was vulnerable to open redirects in some situations. A remote attacker could use this to possibly expose sensitive information or bypass intended restrictions. (CVE-2019-10098) Jonathan Looney discovered that the HTTP/2 implementation in Apache did not properly limit the amount of buffering for client connections in some situations. A remote attacker could use this to cause a denial of service (unresponsive daemon). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-9517). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	128993
published	2019-09-18
reporter	Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/128993
title	Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : apache2 regression (USN-4113-2) (Internal Data Buffering)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_CAF545F2C0D911E990514C72B94353B5.NASL
description	SO-AND-SO reports : SECURITY: CVE-2019-10081 mod_http2: HTTP/2 very early pushes, for example configured with
last seen	2020-06-01
modified	2020-06-02
plugin id	127951
published	2019-08-20
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/127951
title	FreeBSD : Apache -- Multiple vulnerabilities (caf545f2-c0d9-11e9-9051-4c72b94353b5) (Internal Data Buffering)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_C97A940BC39211E9BB38000D3AB229D6.NASL
description	Node.js reports : Node.js, as well as many other implementations of HTTP/2, have been found vulnerable to Denial of Service attacks. See https://github.com/Netflix/security-bulletins/blob/master/advisories/t hird-party/2019-002.md for more information. Updates are now available for all active Node.js release lines, including Linux ARMv6 builds for Node.js 8.x (which had been delayed). We recommend that all Node.js users upgrade to a version listed below as soon as possible. Vulnerabilities Fixed Impact: All versions of Node.js 8 (LTS
last seen	2020-06-01
modified	2020-06-02
plugin id	128043
published	2019-08-21
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/128043
title	FreeBSD : Node.js -- multiple vulnerabilities (c97a940b-c392-11e9-bb38-000d3ab229d6) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2019-5A6A7BC12C.NASL
description	Update to Node.js 10.6.13 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	128131
published	2019-08-26
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/128131
title	Fedora 30 : 1:nodejs (2019-5a6a7bc12c) (0-Length Headers Leak) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)

Redhat

advisories

bugzilla

id	1741868
title	CVE-2019-9517 HTTP/2: request for large response leads to denial of service

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 8 is installed
oval oval:com.redhat.rhba:tst:20193384074
comment Module httpd:2.4 is enabled
oval oval:com.redhat.rhsa:tst:20190980027

AND

comment mod_ssl is earlier than 1:2.4.37-12.module+el8.0.0+4096+eb40e6da
oval oval:com.redhat.rhsa:tst:20192893001
comment mod_ssl is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20111245026

AND

comment mod_session is earlier than 0:2.4.37-12.module+el8.0.0+4096+eb40e6da
oval oval:com.redhat.rhsa:tst:20192893003
comment mod_session is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140921012

AND

comment mod_proxy_html is earlier than 1:2.4.37-12.module+el8.0.0+4096+eb40e6da
oval oval:com.redhat.rhsa:tst:20192893005
comment mod_proxy_html is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140921016

AND

comment mod_md is earlier than 0:2.4.37-12.module+el8.0.0+4096+eb40e6da
oval oval:com.redhat.rhsa:tst:20192893007
comment mod_md is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20190980008

AND

comment mod_ldap is earlier than 0:2.4.37-12.module+el8.0.0+4096+eb40e6da
oval oval:com.redhat.rhsa:tst:20192893009
comment mod_ldap is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140921014

AND

comment mod_http2-debugsource is earlier than 0:1.11.3-3.module+el8.0.0+4096+eb40e6da
oval oval:com.redhat.rhsa:tst:20192893011
comment mod_http2-debugsource is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20190980012

AND

comment mod_http2 is earlier than 0:1.11.3-3.module+el8.0.0+4096+eb40e6da
oval oval:com.redhat.rhsa:tst:20192893013
comment mod_http2 is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20190980014

AND

comment httpd-tools is earlier than 0:2.4.37-12.module+el8.0.0+4096+eb40e6da
oval oval:com.redhat.rhsa:tst:20192893015
comment httpd-tools is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20111245030

AND

comment httpd-devel is earlier than 0:2.4.37-12.module+el8.0.0+4096+eb40e6da
oval oval:com.redhat.rhsa:tst:20192893017
comment httpd-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20111245024

AND

comment httpd-debugsource is earlier than 0:2.4.37-12.module+el8.0.0+4096+eb40e6da
oval oval:com.redhat.rhsa:tst:20192893019
comment httpd-debugsource is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20190980020

AND

comment httpd is earlier than 0:2.4.37-12.module+el8.0.0+4096+eb40e6da
oval oval:com.redhat.rhsa:tst:20192893021
comment httpd is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20111245028

AND

comment httpd-manual is earlier than 0:2.4.37-12.module+el8.0.0+4096+eb40e6da
oval oval:com.redhat.rhsa:tst:20192893023
comment httpd-manual is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20111245022

AND

comment httpd-filesystem is earlier than 0:2.4.37-12.module+el8.0.0+4096+eb40e6da
oval oval:com.redhat.rhsa:tst:20192893025
comment httpd-filesystem is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20190980026

rhsa

id	RHSA-2019:2893
released	2019-09-24
severity	Important
title	RHSA-2019:2893: httpd:2.4 security update (Important)

rhsa
id RHSA-2019:2925
rhsa
id RHSA-2019:2939
rhsa
id RHSA-2019:2946
rhsa
id RHSA-2019:2949
rhsa
id RHSA-2019:2950
rhsa
id RHSA-2019:2955
rhsa
id RHSA-2019:3932
rhsa
id RHSA-2019:3933
rhsa
id RHSA-2019:3935

rpms

httpd-0:2.4.37-12.module+el8.0.0+4096+eb40e6da
httpd-debuginfo-0:2.4.37-12.module+el8.0.0+4096+eb40e6da
httpd-debugsource-0:2.4.37-12.module+el8.0.0+4096+eb40e6da
httpd-devel-0:2.4.37-12.module+el8.0.0+4096+eb40e6da
httpd-filesystem-0:2.4.37-12.module+el8.0.0+4096+eb40e6da
httpd-manual-0:2.4.37-12.module+el8.0.0+4096+eb40e6da
httpd-tools-0:2.4.37-12.module+el8.0.0+4096+eb40e6da
httpd-tools-debuginfo-0:2.4.37-12.module+el8.0.0+4096+eb40e6da
mod_http2-0:1.11.3-3.module+el8.0.0+4096+eb40e6da
mod_http2-debuginfo-0:1.11.3-3.module+el8.0.0+4096+eb40e6da
mod_http2-debugsource-0:1.11.3-3.module+el8.0.0+4096+eb40e6da
mod_ldap-0:2.4.37-12.module+el8.0.0+4096+eb40e6da
mod_ldap-debuginfo-0:2.4.37-12.module+el8.0.0+4096+eb40e6da
mod_md-0:2.4.37-12.module+el8.0.0+4096+eb40e6da
mod_md-debuginfo-0:2.4.37-12.module+el8.0.0+4096+eb40e6da
mod_proxy_html-1:2.4.37-12.module+el8.0.0+4096+eb40e6da
mod_proxy_html-debuginfo-1:2.4.37-12.module+el8.0.0+4096+eb40e6da
mod_session-0:2.4.37-12.module+el8.0.0+4096+eb40e6da
mod_session-debuginfo-0:2.4.37-12.module+el8.0.0+4096+eb40e6da
mod_ssl-1:2.4.37-12.module+el8.0.0+4096+eb40e6da
mod_ssl-debuginfo-1:2.4.37-12.module+el8.0.0+4096+eb40e6da
nodejs-1:10.16.3-2.module+el8.0.0+4214+49953fda
nodejs-debuginfo-1:10.16.3-2.module+el8.0.0+4214+49953fda
nodejs-debugsource-1:10.16.3-2.module+el8.0.0+4214+49953fda
nodejs-devel-1:10.16.3-2.module+el8.0.0+4214+49953fda
nodejs-devel-debuginfo-1:10.16.3-2.module+el8.0.0+4214+49953fda
nodejs-docs-1:10.16.3-2.module+el8.0.0+4214+49953fda
nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed
nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a
npm-1:6.9.0-1.10.16.3.2.module+el8.0.0+4214+49953fda
rh-nodejs10-0:3.2-3.el7
rh-nodejs10-nodejs-0:10.16.3-3.el7
rh-nodejs10-nodejs-debuginfo-0:10.16.3-3.el7
rh-nodejs10-nodejs-devel-0:10.16.3-3.el7
rh-nodejs10-nodejs-docs-0:10.16.3-3.el7
rh-nodejs10-npm-0:6.9.0-10.16.3.3.el7
rh-nodejs10-runtime-0:3.2-3.el7
rh-nodejs10-scldevel-0:3.2-3.el7
jbcs-httpd24-httpd-0:2.4.29-41.jbcs.el6
jbcs-httpd24-httpd-0:2.4.29-41.jbcs.el7
jbcs-httpd24-httpd-debuginfo-0:2.4.29-41.jbcs.el6
jbcs-httpd24-httpd-debuginfo-0:2.4.29-41.jbcs.el7
jbcs-httpd24-httpd-devel-0:2.4.29-41.jbcs.el6
jbcs-httpd24-httpd-devel-0:2.4.29-41.jbcs.el7
jbcs-httpd24-httpd-manual-0:2.4.29-41.jbcs.el6
jbcs-httpd24-httpd-manual-0:2.4.29-41.jbcs.el7
jbcs-httpd24-httpd-selinux-0:2.4.29-41.jbcs.el6
jbcs-httpd24-httpd-selinux-0:2.4.29-41.jbcs.el7
jbcs-httpd24-httpd-tools-0:2.4.29-41.jbcs.el6
jbcs-httpd24-httpd-tools-0:2.4.29-41.jbcs.el7
jbcs-httpd24-mod_ldap-0:2.4.29-41.jbcs.el6
jbcs-httpd24-mod_ldap-0:2.4.29-41.jbcs.el7
jbcs-httpd24-mod_proxy_html-1:2.4.29-41.jbcs.el6
jbcs-httpd24-mod_proxy_html-1:2.4.29-41.jbcs.el7
jbcs-httpd24-mod_session-0:2.4.29-41.jbcs.el6
jbcs-httpd24-mod_session-0:2.4.29-41.jbcs.el7
jbcs-httpd24-mod_ssl-1:2.4.29-41.jbcs.el6
jbcs-httpd24-mod_ssl-1:2.4.29-41.jbcs.el7
jbcs-httpd24-nghttp2-0:1.39.2-1.jbcs.el6
jbcs-httpd24-nghttp2-0:1.39.2-1.jbcs.el7
jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-1.jbcs.el6
jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-1.jbcs.el7
jbcs-httpd24-nghttp2-devel-0:1.39.2-1.jbcs.el6
jbcs-httpd24-nghttp2-devel-0:1.39.2-1.jbcs.el7
httpd24-httpd-0:2.4.34-8.el6.1
httpd24-httpd-0:2.4.34-8.el7.1
httpd24-httpd-debuginfo-0:2.4.34-8.el6.1
httpd24-httpd-debuginfo-0:2.4.34-8.el7.1
httpd24-httpd-devel-0:2.4.34-8.el6.1
httpd24-httpd-devel-0:2.4.34-8.el7.1
httpd24-httpd-manual-0:2.4.34-8.el6.1
httpd24-httpd-manual-0:2.4.34-8.el7.1
httpd24-httpd-tools-0:2.4.34-8.el6.1
httpd24-httpd-tools-0:2.4.34-8.el7.1
httpd24-libnghttp2-0:1.7.1-7.el6.1
httpd24-libnghttp2-0:1.7.1-7.el7.1
httpd24-libnghttp2-devel-0:1.7.1-7.el6.1
httpd24-libnghttp2-devel-0:1.7.1-7.el7.1
httpd24-mod_ldap-0:2.4.34-8.el6.1
httpd24-mod_ldap-0:2.4.34-8.el7.1
httpd24-mod_md-0:2.4.34-8.el7.1
httpd24-mod_proxy_html-1:2.4.34-8.el6.1
httpd24-mod_proxy_html-1:2.4.34-8.el7.1
httpd24-mod_session-0:2.4.34-8.el6.1
httpd24-mod_session-0:2.4.34-8.el7.1
httpd24-mod_ssl-1:2.4.34-8.el6.1
httpd24-mod_ssl-1:2.4.34-8.el7.1
httpd24-nghttp2-0:1.7.1-7.el6.1
httpd24-nghttp2-0:1.7.1-7.el7.1
httpd24-nghttp2-debuginfo-0:1.7.1-7.el6.1
httpd24-nghttp2-debuginfo-0:1.7.1-7.el7.1
rh-nodejs8-0:3.0-5.el7
rh-nodejs8-nodejs-0:8.16.1-2.el7
rh-nodejs8-nodejs-debuginfo-0:8.16.1-2.el7
rh-nodejs8-nodejs-devel-0:8.16.1-2.el7
rh-nodejs8-nodejs-docs-0:8.16.1-2.el7
rh-nodejs8-npm-0:6.4.1-8.16.1.2.el7
rh-nodejs8-runtime-0:3.0-5.el7
rh-nodejs8-scldevel-0:3.0-5.el7
jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6
jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6
jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6
jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6
jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6
jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6
jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6
jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6
jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6
jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6
jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6
jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6
jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6
jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6
jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6
jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6
jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6
jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6
jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6
jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6
jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6
jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6
jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6
jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6
jbcs-httpd24-jansson-0:2.11-20.jbcs.el6
jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6
jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6
jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6
jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6
jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6
jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6
jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6
jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6
jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6
jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6
jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6
jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6
jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6
jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6
jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6
jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6
jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6
jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6
jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6
jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6
jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6
jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6
jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6
jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6
jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6
jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7
jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7
jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7
jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7
jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7
jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7
jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7
jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7
jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7
jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7
jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7
jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7
jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7
jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7
jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7
jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7
jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7
jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7
jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7
jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7
jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7
jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7
jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7
jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7
jbcs-httpd24-jansson-0:2.11-20.jbcs.el7
jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7
jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7
jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7
jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7
jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7
jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7
jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7
jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7
jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7
jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7
jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7
jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7
jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7
jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7
jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7
jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7
jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7
jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7
jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7
jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7
jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7
jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7
jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7
jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7
jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Redhat

References