© 2017 Blackfort Technology

Ernst-Robert-Curtius-Str. 8a

53117 Bonn

Informationssicherheit & Datenschutz


 


Issue
-----
NVT:    Apache 'mod_deflate' Denial Of Service Vulnerability - July09
OID:    1.3.6.1.4.1.25623.1.0.800837
Threat: High (CVSS: 7.1)
Port:   80/tcp

Summary:
This host is running Apache HTTP Server and is prone to Denial of Service
  vulnerability.

Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.

Impact:
Successful exploitation will allow remote attackers to cause Denial of Service
  to the legitimate user by CPU consumption.
  Impact Level: Application

Solution:
Fixed in the SVN repository.
  http://svn.apache.org/viewvc?view=rev&revision=791454
  ******
  NOTE: Ignore this warning if above mentioned patch is already applied.
  ******

Affected Software/OS:
Apache HTTP Server version 2.2.11 and prior

Vulnerability Insight:
The flaw is due to error in 'mod_deflate' module which can cause a high CPU
  load by requesting large files which are compressed and then disconnecting.

Vulnerability Detection Method:
Details:
Apache 'mod_deflate' Denial Of Service Vulnerability - July09
(OID: 1.3.6.1.4.1.25623.1.0.800837)
Version used: $Revision: 4865 $

References:
CVE: CVE-2009-1891
BID: 35623
CERT: DFN-CERT-2011-0700
, DFN-CERT-2010-1665
, DFN-CERT-2010-1647
, DFN-CERT-2009-1725
, DFN-CERT-2009-1602
, DFN-CERT-2009-1507
, DFN-CERT-2009-1225
, DFN-CERT-2009-1101

Other:
    http://secunia.com/advisories/35781
    http://www.vupen.com/english/advisories/2009/1841
    https://rhn.redhat.com/errata/RHSA-2009-1148.html
    https://bugzilla.redhat.com/show_bug.cgi?id=509125


Issue
-----
NVT:    Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
OID:    1.3.6.1.4.1.25623.1.0.900842
Threat: High (CVSS: 7.5)
Port:   80/tcp

Summary:
The host is running Apache and is prone to Command Injection
  vulnerability.

Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.

Impact:
Successful exploitation could allow remote attackers to bypass intended access
  restrictions in the context of the affected application, and can cause the
  arbitrary command injection.
  Impact Level: Application

Solution:
Upgrade to Apache HTTP Server version 2.2.15 or later
  For updates refer to http://www.apache.org/

Affected Software/OS:
Apache HTTP Server on Linux.

Vulnerability Insight:
The flaw is due to error in the mod_proxy_ftp module which can be exploited
  via vectors related to the embedding of these commands in the Authorization
  HTTP header.

Vulnerability Detection Method:
Details:
Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.900842)
Version used: $Revision: 5390 $

References:
CVE: CVE-2009-3095
BID: 36254
CERT: DFN-CERT-2012-0618
, DFN-CERT-2011-0700
, DFN-CERT-2010-1647
, DFN-CERT-2010-0730
, DFN-CERT-2010-0446
, DFN-CERT-2010-0273
, DFN-CERT-2009-1809
, DFN-CERT-2009-1755
, DFN-CERT-2009-1725
, DFN-CERT-2009-1623
, DFN-CERT-2009-1603
, DFN-CERT-2009-1602
, DFN-CERT-2009-1507
, DFN-CERT-2009-1340
, DFN-CERT-2009-1326

Other:
    http://intevydis.com/vd-list.shtml
    http://httpd.apache.org/docs/2.0/mod/mod_proxy_ftp.html


Issue
-----
NVT:    Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
OID:    1.3.6.1.4.1.25623.1.0.800827
Threat: High (CVSS: 7.1)
Port:   80/tcp

Summary:
This host is running Apache HTTP Server and is prone to Denial of Service
  vulnerability.

Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.

Impact:
Successful exploitation will allow remote attackers to cause Denial of Service
  to the legitimate user by CPU consumption.
  Impact Level: Application

Solution:
Fixed in the SVN repository.
  http://svn.apache.org/viewvc?view=rev&revision=790587

Affected Software/OS:
Apache HTTP Server version prior to 2.3.3

Vulnerability Insight:
The flaw is due to error in 'stream_reqbody_cl' function in 'mod_proxy_http.c'
  in the mod_proxy module. When a reverse proxy is configured, it does not prope!
rly
  handle an amount of streamed data that exceeds the Content-Length value via
  crafted requests.

Vulnerability Detection Method:
Details:
Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
(OID: 1.3.6.1.4.1.25623.1.0.800827)
Version used: $Revision: 4865 $

References:
CVE: CVE-2009-1890
BID: 35565
CERT: DFN-CERT-2010-1665
, DFN-CERT-2010-1647
, DFN-CERT-2009-1725
, DFN-CERT-2009-1507
, DFN-CERT-2009-1225

Other:
    http://secunia.com/advisories/35691
    http://www.vupen.com/english/advisories/2009/1773
    http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=790587&r2=790586&pathrev=790587


Issue
-----
NVT:    Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
OID:    1.3.6.1.4.1.25623.1.0.100211
Threat: Medium (CVSS: 4.9)
Port:   80/tcp

Summary:
Apache HTTP server is prone to a security-bypass vulnerability
   related to the handling of specific configuration directives.
   A local attacker may exploit this issue to execute arbitrary code
   within the context of the webserver process. This may result in
   elevated privileges or aid in further attacks.
   Versions prior to Apache 2.2.9 are vulnerable.

Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.

Solution:
Updates are available. Please see http://httpd.apache.org/
   for more Information.

Vulnerability Detection Method:
Details:
Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
(OID: 1.3.6.1.4.1.25623.1.0.100211)
Version used: $Revision: 4574 $

References:
CVE: CVE-2009-1195
BID: 35115
CERT: DFN-CERT-2011-0700
, DFN-CERT-2010-1665
, DFN-CERT-2010-1647
, DFN-CERT-2009-1725
, DFN-CERT-2009-1507
, DFN-CERT-2009-1225

Other:
    http://www.securityfocus.com/bid/35115


Issue
-----
NVT:    Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
OID:    1.3.6.1.4.1.25623.1.0.902830
Threat: Medium (CVSS: 4.3)
Port:   80/tcp

Summary:
This host is running Apache HTTP Server and is prone to cookie
  information disclosure vulnerability.

Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.

Impact:
Successful exploitation will allow attackers to obtain sensitive information
  that may aid in further attacks.
  Impact Level: Application

Solution:
Solution type: VendorFix
Upgrade to Apache HTTP Server version 2.2.22 or later,
  For updates refer to http://httpd.apache.org/

Affected Software/OS:
Apache HTTP Server versions 2.2.0 through 2.2.21

Vulnerability Insight:
The flaw is due to an error within the default error response for
  status code 400 when no custom ErrorDocument is configured, which can be
  exploited to expose 'httpOnly' cookies.

Vulnerability Detection Method:
Details:
Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
(OID: 1.3.6.1.4.1.25623.1.0.902830)
Version used: $Revision: 5950 $

References:
CVE: CVE-2012-0053
BID: 51706
CERT: CB-K15/0080
, CB-K14/1505
, CB-K14/0608
, DFN-CERT-2015-0082
, DFN-CERT-2014-1592
, DFN-CERT-2014-0635
, DFN-CERT-2013-1307
, DFN-CERT-2012-1276
, DFN-CERT-2012-1112
, DFN-CERT-2012-0928
, DFN-CERT-2012-0758
, DFN-CERT-2012-0744
, DFN-CERT-2012-0568
, DFN-CERT-2012-0425
, DFN-CERT-2012-0424
, DFN-CERT-2012-0387
, DFN-CERT-2012-0343
, DFN-CERT-2012-0332
, DFN-CERT-2012-0306
, DFN-CERT-2012-0264
, DFN-CERT-2012-0203
, DFN-CERT-2012-0188

Other:
    http://secunia.com/advisories/47779
    http://www.exploit-db.com/exploits/18442
    http://rhn.redhat.com/errata/RHSA-2012-0128.html
    http://httpd.apache.org/security/vulnerabilities_22.html
    http://svn.apache.org/viewvc?view=revision&revision=1235454
    http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html


Issue
-----
NVT:    Apache HTTP Server Man-in-the-Middle attack Vulnerability - July16 (Linux)
OID:    1.3.6.1.4.1.25623.1.0.808632
Threat: Medium (CVSS: 5.1)
Port:   80/tcp

Product detection result: cpe:/a:apache:http_server:1.3.37
Detected by: Apache Web Server Version Detection (OID: 1.3.6.1.4.1.25623.1.0.900498)

Summary:
This host is installed with Apache HTTP Server
  and is prone to man-in-the-middle attack vulnerability.

Vulnerability Detection Result:
Installed version: 1.3.37
Fixed version:     2.4.24

Impact:
Successful exploitation will allow remote
  attackers to redirect an application's outbound HTTP traffic to an arbitrary
  proxy server via a crafted proxy header in an HTTP request.
  Impact Level: Application

Solution:
Solution type: VendorFix
Upgrade to version 2.4.24, or 2.2.32, or newer.
  For updates refer http://www.apache.org

Affected Software/OS:
Apache HTTP Server through 2.4.23 on Linux
  ----
  NOTE: Apache HTTP Server 2.2.32 is not vulnerable
  ----

Vulnerability Insight:
The flaw is due to 'CGI Servlet' does not
  protect applications from the presence of untrusted client data in the
  'HTTP_PROXY' environment variable.

Vulnerability Detection Method:
Get the installed version with the help
  of detect NVT and check the version is vulnerable or not.
Details:
Apache HTTP Server Man-in-the-Middle attack Vulnerability - July16 (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.808632)
Version used: $Revision: 5588 $

Product Detection Result:
Product:cpe:/a:apache:http_server:1.3.37

Method:Apache Web Server Version Detection
(OID: 1.3.6.1.4.1.25623.1.0.900498)

References:
CVE: CVE-2016-5387
BID: 91816
CERT: CB-K17/0055
, CB-K16/1995
, CB-K16/1620
, CB-K16/1289
, CB-K16/1103
, CB-K16/1088
, CB-K16/1087
, DFN-CERT-2017-0532
, DFN-CERT-2017-0060
, DFN-CERT-2016-2108
, DFN-CERT-2016-1717
, DFN-CERT-2016-1372
, DFN-CERT-2016-1175
, DFN-CERT-2016-1162
, DFN-CERT-2016-1153

Other:
    https://www.apache.org/security/asf-httpoxy-response.txt


Issue
-----
NVT:    Apache HTTP Server Mod_Lua Denial of service Vulnerability -01 May15
OID:    1.3.6.1.4.1.25623.1.0.805616
Threat: Medium (CVSS: 5.0)
Port:   80/tcp

Product detection result: cpe:/a:apache:http_server:1.3.37
Detected by: Apache Web Server Version Detection (OID: 1.3.6.1.4.1.25623.1.0.900498)

Summary:
This host is installed with Apache HTTP Server
  and is prone to denial of service  vulnerability.

Vulnerability Detection Result:
Installed version: 1.3.37
Fixed version:     2.4.13

Impact:
Successful exploitation will allow a remote
  attackers to cause a denial of service via some crafted dimension.
  Impact Level: Application

Solution:
Solution type: VendorFix
Upgrade to version 2.4.13 or
  later, For updates refer http://www.apache.org

Affected Software/OS:
Apache HTTP Server versions through
  2.4.12.

Vulnerability Insight:
Flaw is due to vulnerability in
  lua_websocket_read function in lua_request.c in the mod_lua module.

Vulnerability Detection Method:
Get the installed version with the help
  of detect NVT and check the version is vulnerable or not.
Details:
Apache HTTP Server Mod_Lua Denial of service Vulnerability -01 May15
(OID: 1.3.6.1.4.1.25623.1.0.805616)
Version used: $Revision: 3496 $

Product Detection Result:
Product:cpe:/a:apache:http_server:1.3.37

Method:Apache Web Server Version Detection
(OID: 1.3.6.1.4.1.25623.1.0.900498)

References:
CVE: CVE-2015-0228
BID: 73041
CERT: CB-K15/1360
, CB-K15/1188
, CB-K15/1051
, CB-K15/0273
, CB-K14/1592
, DFN-CERT-2015-1435
, DFN-CERT-2015-1252
, DFN-CERT-2015-1087
, DFN-CERT-2015-0285
, DFN-CERT-2014-1691

Other:
    https://bugs.mageia.org/show_bug.cgi?id=15428
    http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/CHANGES


Issue
-----
NVT:    Apache mod_proxy_ajp Information Disclosure Vulnerability
OID:    1.3.6.1.4.1.25623.1.0.900499
Threat: Medium (CVSS: 5.0)
Port:   80/tcp

Summary:
This host is running Apache Web Server and is prone to
  Information Disclosure Vulnerability.

Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.

Impact:
Successful exploitation will let the attacker craft a special HTTP POST
  request and gain sensitive information about the web server.
  Impact level: Application

Solution:
Upgrade to Apache HTTP Version 2.2.15 or later
  For further updates refer, http://httpd.apache.org/download.cgi

Affected Software/OS:
Apache HTTP Version 2.2.11
  Workaround:
  Update mod_proxy_ajp.c through SVN Repository (Revision 767089)
  http://www.apache.org/dist/httpd/patches/apply_to_2.2.11/PR46949.diff

Vulnerability Insight:
This flaw is due to an error in 'mod_proxy_ajp' when handling
  improperly malformed POST requests.

Vulnerability Detection Method:
Details:
Apache mod_proxy_ajp Information Disclosure Vulnerability
(OID: 1.3.6.1.4.1.25623.1.0.900499)
Version used: $Revision: 5055 $

References:
CVE: CVE-2009-1191
BID: 34663
CERT: DFN-CERT-2010-1647
, DFN-CERT-2009-1725
, DFN-CERT-2009-1225

Other:
    http://secunia.com/advisories/34827
    http://xforce.iss.net/xforce/xfdb/50059
    http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=766938&r2=767089