Issue
-----
NVT: Apache 'mod_deflate' Denial Of Service Vulnerability - July09
OID: 1.3.6.1.4.1.25623.1.0.800837
Threat: High (CVSS: 7.1)
Port: 80/tcp
Summary:
This host is running Apache HTTP Server and is prone to Denial of Service
vulnerability.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation will allow remote attackers to cause Denial of Service
to the legitimate user by CPU consumption.
Impact Level: Application
Solution:
Fixed in the SVN repository.
http://svn.apache.org/viewvc?view=rev&revision=791454
******
NOTE: Ignore this warning if above mentioned patch is already applied.
******
Affected Software/OS:
Apache HTTP Server version 2.2.11 and prior
Vulnerability Insight:
The flaw is due to error in 'mod_deflate' module which can cause a high CPU
load by requesting large files which are compressed and then disconnecting.
Vulnerability Detection Method:
Details:
Apache 'mod_deflate' Denial Of Service Vulnerability - July09
(OID: 1.3.6.1.4.1.25623.1.0.800837)
Version used: $Revision: 4865 $
References:
CVE: CVE-2009-1891
BID: 35623
CERT: DFN-CERT-2011-0700
, DFN-CERT-2010-1665
, DFN-CERT-2010-1647
, DFN-CERT-2009-1725
, DFN-CERT-2009-1602
, DFN-CERT-2009-1507
, DFN-CERT-2009-1225
, DFN-CERT-2009-1101
Other:
http://secunia.com/advisories/35781
http://www.vupen.com/english/advisories/2009/1841
https://rhn.redhat.com/errata/RHSA-2009-1148.html
https://bugzilla.redhat.com/show_bug.cgi?id=509125
Issue
-----
NVT: Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
OID: 1.3.6.1.4.1.25623.1.0.900842
Threat: High (CVSS: 7.5)
Port: 80/tcp
Summary:
The host is running Apache and is prone to Command Injection
vulnerability.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation could allow remote attackers to bypass intended access
restrictions in the context of the affected application, and can cause the
arbitrary command injection.
Impact Level: Application
Solution:
Upgrade to Apache HTTP Server version 2.2.15 or later
For updates refer to http://www.apache.org/
Affected Software/OS:
Apache HTTP Server on Linux.
Vulnerability Insight:
The flaw is due to error in the mod_proxy_ftp module which can be exploited
via vectors related to the embedding of these commands in the Authorization
HTTP header.
Vulnerability Detection Method:
Details:
Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.900842)
Version used: $Revision: 5390 $
References:
CVE: CVE-2009-3095
BID: 36254
CERT: DFN-CERT-2012-0618
, DFN-CERT-2011-0700
, DFN-CERT-2010-1647
, DFN-CERT-2010-0730
, DFN-CERT-2010-0446
, DFN-CERT-2010-0273
, DFN-CERT-2009-1809
, DFN-CERT-2009-1755
, DFN-CERT-2009-1725
, DFN-CERT-2009-1623
, DFN-CERT-2009-1603
, DFN-CERT-2009-1602
, DFN-CERT-2009-1507
, DFN-CERT-2009-1340
, DFN-CERT-2009-1326
Other:
http://intevydis.com/vd-list.shtml
http://httpd.apache.org/docs/2.0/mod/mod_proxy_ftp.html
Issue
-----
NVT: Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
OID: 1.3.6.1.4.1.25623.1.0.800827
Threat: High (CVSS: 7.1)
Port: 80/tcp
Summary:
This host is running Apache HTTP Server and is prone to Denial of Service
vulnerability.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation will allow remote attackers to cause Denial of Service
to the legitimate user by CPU consumption.
Impact Level: Application
Solution:
Fixed in the SVN repository.
http://svn.apache.org/viewvc?view=rev&revision=790587
Affected Software/OS:
Apache HTTP Server version prior to 2.3.3
Vulnerability Insight:
The flaw is due to error in 'stream_reqbody_cl' function in 'mod_proxy_http.c'
in the mod_proxy module. When a reverse proxy is configured, it does not prope!
rly
handle an amount of streamed data that exceeds the Content-Length value via
crafted requests.
Vulnerability Detection Method:
Details:
Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
(OID: 1.3.6.1.4.1.25623.1.0.800827)
Version used: $Revision: 4865 $
References:
CVE: CVE-2009-1890
BID: 35565
CERT: DFN-CERT-2010-1665
, DFN-CERT-2010-1647
, DFN-CERT-2009-1725
, DFN-CERT-2009-1507
, DFN-CERT-2009-1225
Other:
http://secunia.com/advisories/35691
http://www.vupen.com/english/advisories/2009/1773
http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=790587&r2=790586&pathrev=790587
Issue
-----
NVT: Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
OID: 1.3.6.1.4.1.25623.1.0.100211
Threat: Medium (CVSS: 4.9)
Port: 80/tcp
Summary:
Apache HTTP server is prone to a security-bypass vulnerability
related to the handling of specific configuration directives.
A local attacker may exploit this issue to execute arbitrary code
within the context of the webserver process. This may result in
elevated privileges or aid in further attacks.
Versions prior to Apache 2.2.9 are vulnerable.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Solution:
Updates are available. Please see http://httpd.apache.org/
for more Information.
Vulnerability Detection Method:
Details:
Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
(OID: 1.3.6.1.4.1.25623.1.0.100211)
Version used: $Revision: 4574 $
References:
CVE: CVE-2009-1195
BID: 35115
CERT: DFN-CERT-2011-0700
, DFN-CERT-2010-1665
, DFN-CERT-2010-1647
, DFN-CERT-2009-1725
, DFN-CERT-2009-1507
, DFN-CERT-2009-1225
Other:
http://www.securityfocus.com/bid/35115
Issue
-----
NVT: Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
OID: 1.3.6.1.4.1.25623.1.0.902830
Threat: Medium (CVSS: 4.3)
Port: 80/tcp
Summary:
This host is running Apache HTTP Server and is prone to cookie
information disclosure vulnerability.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation will allow attackers to obtain sensitive information
that may aid in further attacks.
Impact Level: Application
Solution:
Solution type: VendorFix
Upgrade to Apache HTTP Server version 2.2.22 or later,
For updates refer to http://httpd.apache.org/
Affected Software/OS:
Apache HTTP Server versions 2.2.0 through 2.2.21
Vulnerability Insight:
The flaw is due to an error within the default error response for
status code 400 when no custom ErrorDocument is configured, which can be
exploited to expose 'httpOnly' cookies.
Vulnerability Detection Method:
Details:
Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
(OID: 1.3.6.1.4.1.25623.1.0.902830)
Version used: $Revision: 5950 $
References:
CVE: CVE-2012-0053
BID: 51706
CERT: CB-K15/0080
, CB-K14/1505
, CB-K14/0608
, DFN-CERT-2015-0082
, DFN-CERT-2014-1592
, DFN-CERT-2014-0635
, DFN-CERT-2013-1307
, DFN-CERT-2012-1276
, DFN-CERT-2012-1112
, DFN-CERT-2012-0928
, DFN-CERT-2012-0758
, DFN-CERT-2012-0744
, DFN-CERT-2012-0568
, DFN-CERT-2012-0425
, DFN-CERT-2012-0424
, DFN-CERT-2012-0387
, DFN-CERT-2012-0343
, DFN-CERT-2012-0332
, DFN-CERT-2012-0306
, DFN-CERT-2012-0264
, DFN-CERT-2012-0203
, DFN-CERT-2012-0188
Other:
http://secunia.com/advisories/47779
http://www.exploit-db.com/exploits/18442
http://rhn.redhat.com/errata/RHSA-2012-0128.html
http://httpd.apache.org/security/vulnerabilities_22.html
http://svn.apache.org/viewvc?view=revision&revision=1235454
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html
Issue
-----
NVT: Apache HTTP Server Man-in-the-Middle attack Vulnerability - July16 (Linux)
OID: 1.3.6.1.4.1.25623.1.0.808632
Threat: Medium (CVSS: 5.1)
Port: 80/tcp
Product detection result: cpe:/a:apache:http_server:1.3.37
Detected by: Apache Web Server Version Detection (OID: 1.3.6.1.4.1.25623.1.0.900498)
Summary:
This host is installed with Apache HTTP Server
and is prone to man-in-the-middle attack vulnerability.
Vulnerability Detection Result:
Installed version: 1.3.37
Fixed version: 2.4.24
Impact:
Successful exploitation will allow remote
attackers to redirect an application's outbound HTTP traffic to an arbitrary
proxy server via a crafted proxy header in an HTTP request.
Impact Level: Application
Solution:
Solution type: VendorFix
Upgrade to version 2.4.24, or 2.2.32, or newer.
For updates refer http://www.apache.org
Affected Software/OS:
Apache HTTP Server through 2.4.23 on Linux
----
NOTE: Apache HTTP Server 2.2.32 is not vulnerable
----
Vulnerability Insight:
The flaw is due to 'CGI Servlet' does not
protect applications from the presence of untrusted client data in the
'HTTP_PROXY' environment variable.
Vulnerability Detection Method:
Get the installed version with the help
of detect NVT and check the version is vulnerable or not.
Details:
Apache HTTP Server Man-in-the-Middle attack Vulnerability - July16 (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.808632)
Version used: $Revision: 5588 $
Product Detection Result:
Product:cpe:/a:apache:http_server:1.3.37
Method:Apache Web Server Version Detection
(OID: 1.3.6.1.4.1.25623.1.0.900498)
References:
CVE: CVE-2016-5387
BID: 91816
CERT: CB-K17/0055
, CB-K16/1995
, CB-K16/1620
, CB-K16/1289
, CB-K16/1103
, CB-K16/1088
, CB-K16/1087
, DFN-CERT-2017-0532
, DFN-CERT-2017-0060
, DFN-CERT-2016-2108
, DFN-CERT-2016-1717
, DFN-CERT-2016-1372
, DFN-CERT-2016-1175
, DFN-CERT-2016-1162
, DFN-CERT-2016-1153
Other:
https://www.apache.org/security/asf-httpoxy-response.txt
Issue
-----
NVT: Apache HTTP Server Mod_Lua Denial of service Vulnerability -01 May15
OID: 1.3.6.1.4.1.25623.1.0.805616
Threat: Medium (CVSS: 5.0)
Port: 80/tcp
Product detection result: cpe:/a:apache:http_server:1.3.37
Detected by: Apache Web Server Version Detection (OID: 1.3.6.1.4.1.25623.1.0.900498)
Summary:
This host is installed with Apache HTTP Server
and is prone to denial of service vulnerability.
Vulnerability Detection Result:
Installed version: 1.3.37
Fixed version: 2.4.13
Impact:
Successful exploitation will allow a remote
attackers to cause a denial of service via some crafted dimension.
Impact Level: Application
Solution:
Solution type: VendorFix
Upgrade to version 2.4.13 or
later, For updates refer http://www.apache.org
Affected Software/OS:
Apache HTTP Server versions through
2.4.12.
Vulnerability Insight:
Flaw is due to vulnerability in
lua_websocket_read function in lua_request.c in the mod_lua module.
Vulnerability Detection Method:
Get the installed version with the help
of detect NVT and check the version is vulnerable or not.
Details:
Apache HTTP Server Mod_Lua Denial of service Vulnerability -01 May15
(OID: 1.3.6.1.4.1.25623.1.0.805616)
Version used: $Revision: 3496 $
Product Detection Result:
Product:cpe:/a:apache:http_server:1.3.37
Method:Apache Web Server Version Detection
(OID: 1.3.6.1.4.1.25623.1.0.900498)
References:
CVE: CVE-2015-0228
BID: 73041
CERT: CB-K15/1360
, CB-K15/1188
, CB-K15/1051
, CB-K15/0273
, CB-K14/1592
, DFN-CERT-2015-1435
, DFN-CERT-2015-1252
, DFN-CERT-2015-1087
, DFN-CERT-2015-0285
, DFN-CERT-2014-1691
Other:
https://bugs.mageia.org/show_bug.cgi?id=15428
http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/CHANGES
Issue
-----
NVT: Apache mod_proxy_ajp Information Disclosure Vulnerability
OID: 1.3.6.1.4.1.25623.1.0.900499
Threat: Medium (CVSS: 5.0)
Port: 80/tcp
Summary:
This host is running Apache Web Server and is prone to
Information Disclosure Vulnerability.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation will let the attacker craft a special HTTP POST
request and gain sensitive information about the web server.
Impact level: Application
Solution:
Upgrade to Apache HTTP Version 2.2.15 or later
For further updates refer, http://httpd.apache.org/download.cgi
Affected Software/OS:
Apache HTTP Version 2.2.11
Workaround:
Update mod_proxy_ajp.c through SVN Repository (Revision 767089)
http://www.apache.org/dist/httpd/patches/apply_to_2.2.11/PR46949.diff
Vulnerability Insight:
This flaw is due to an error in 'mod_proxy_ajp' when handling
improperly malformed POST requests.
Vulnerability Detection Method:
Details:
Apache mod_proxy_ajp Information Disclosure Vulnerability
(OID: 1.3.6.1.4.1.25623.1.0.900499)
Version used: $Revision: 5055 $
References:
CVE: CVE-2009-1191
BID: 34663
CERT: DFN-CERT-2010-1647
, DFN-CERT-2009-1725
, DFN-CERT-2009-1225
Other:
http://secunia.com/advisories/34827
http://xforce.iss.net/xforce/xfdb/50059
http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=766938&r2=767089