ID CVE-2014-0231
Summary The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.
References
Vulnerable Configurations
  • Apache Software Foundation Apache HTTP Server
    cpe:2.3:a:apache:http_server
  • Apache Software Foundation Apache HTTP Server 2.2.0
    cpe:2.3:a:apache:http_server:2.2.0
  • Apache Software Foundation Apache HTTP Server 2.2.2
    cpe:2.3:a:apache:http_server:2.2.2
  • Apache Software Foundation Apache HTTP Server 2.2.3
    cpe:2.3:a:apache:http_server:2.2.3
  • Apache Software Foundation Apache HTTP Server 2.2.4
    cpe:2.3:a:apache:http_server:2.2.4
  • Apache Software Foundation Apache HTTP Server 2.2.6
    cpe:2.3:a:apache:http_server:2.2.6
  • Apache Software Foundation Apache HTTP Server 2.2.8
    cpe:2.3:a:apache:http_server:2.2.8
  • Apache Software Foundation Apache HTTP Server 2.2.9
    cpe:2.3:a:apache:http_server:2.2.9
  • Apache Software Foundation Apache HTTP Server 2.2.10
    cpe:2.3:a:apache:http_server:2.2.10
  • Apache Software Foundation Apache HTTP Server 2.2.11
    cpe:2.3:a:apache:http_server:2.2.11
  • Apache Software Foundation Apache HTTP Server 2.2.12
    cpe:2.3:a:apache:http_server:2.2.12
  • Apache Software Foundation Apache HTTP Server 2.2.13
    cpe:2.3:a:apache:http_server:2.2.13
  • Apache Software Foundation Apache HTTP Server 2.2.14
    cpe:2.3:a:apache:http_server:2.2.14
  • Apache Software Foundation Apache HTTP Server 2.2.15
    cpe:2.3:a:apache:http_server:2.2.15
  • Apache Software Foundation Apache HTTP Server 2.2.16
    cpe:2.3:a:apache:http_server:2.2.16
  • Apache Software Foundation Apache HTTP Server 2.2.17
    cpe:2.3:a:apache:http_server:2.2.17
  • Apache Software Foundation Apache HTTP Server 2.2.18
    cpe:2.3:a:apache:http_server:2.2.18
  • Apache Software Foundation Apache HTTP Server 2.2.19
    cpe:2.3:a:apache:http_server:2.2.19
  • Apache Software Foundation Apache HTTP Server 2.2.20
    cpe:2.3:a:apache:http_server:2.2.20
  • Apache HTTP Server 2.2.21
    cpe:2.3:a:apache:http_server:2.2.21
  • Apache Software Foundation Apache HTTP Server 2.2.22
    cpe:2.3:a:apache:http_server:2.2.22
  • Apache Software Foundation Apache HTTP Server 2.2.23
    cpe:2.3:a:apache:http_server:2.2.23
  • Apache Software Foundation Apache HTTP Server 2.2.24
    cpe:2.3:a:apache:http_server:2.2.24
  • Apache Software Foundation Apache HTTP Server 2.2.25
    cpe:2.3:a:apache:http_server:2.2.25
  • Apache Software Foundation Apache HTTP Server 2.2.26
    cpe:2.3:a:apache:http_server:2.2.26
  • Apache Software Foundation Apache HTTP Server 2.2.27
    cpe:2.3:a:apache:http_server:2.2.27
  • Apache Software Foundation Apache HTTP Server 2.4.1
    cpe:2.3:a:apache:http_server:2.4.1
  • Apache Software Foundation Apache HTTP Server 2.4.2
    cpe:2.3:a:apache:http_server:2.4.2
  • Apache Software Foundation Apache HTTP Server 2.4.3
    cpe:2.3:a:apache:http_server:2.4.3
  • Apache Software Foundation Apache HTTP Server 2.4.4
    cpe:2.3:a:apache:http_server:2.4.4
  • Apache Software Foundation Apache HTTP Server 2.4.6
    cpe:2.3:a:apache:http_server:2.4.6
  • Apache Software Foundation Apache HTTP Server 2.4.7
    cpe:2.3:a:apache:http_server:2.4.7
  • Apache Software Foundation Apache HTTP Server 2.4.8
    cpe:2.3:a:apache:http_server:2.4.8
  • Apache Software Foundation Apache HTTP Server 2.4.9
    cpe:2.3:a:apache:http_server:2.4.9
CVSS
Base: 5.0 (as of 08-07-2016 - 11:50)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Misc.
    NASL id JUNIPER_NSM_JSA10685.NASL
    description The remote host is running a version of NSM (Network and Security Manager) Server that is prior to 2012.2R9. It is, therefore, affected by multiple vulnerabilities in the bundled version of Apache HTTP Server : - A flaw exists due to improper escaping of filenames in 406 and 300 HTTP responses. A remote attacker can exploit this, by uploading a file with a specially crafted name, to inject arbitrary HTTP headers or conduct cross-site scripting attacks. (CVE-2008-0456) - Multiple cross-site scripting vulnerabilities exist in the mod_negotiation module due to improper sanitization of input passed via filenames. An attacker can exploit this to execute arbitrary script code in a user's browser. (CVE-2012-2687) - Multiple cross-site scripting vulnerabilities exist in the mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules due to improper validation of input passed via the URL or hostnames. An attacker can exploit this to execute arbitrary script code in a user's browser. (CVE-2012-3499) - A cross-site scripting vulnerability exists in the mod_proxy_balancer module due to improper validation of input passed via the URL or hostnames. An attacker can exploit this to execute arbitrary script code in a user's browser. (CVE-2012-4558) - A flaw exists in the do_rewritelog() function due to improper sanitization of escape sequences written to log files. A remote attacker can exploit this, via a specially crafted HTTP request, to execute arbitrary commands. (CVE-2013-1862) - A denial of service vulnerability exists in mod_dav.c due to improper validation to determine if DAV is enabled for a URI. A remote attacker can exploit this, via a specially crafted MERGE request, to cause a segmentation fault, resulting in a denial of service condition. (CVE-2013-1896) - A denial of service vulnerability exists in the dav_xml_get_cdata() function due to improper removal of whitespace characters from CDATA sections. A remote attacker can exploit this, via a specially crafted DAV WRITE request, to cause a daemon crash, resulting in a denial of service condition. (CVE-2013-6438) - A flaw exists in log_cookie() function due to the logging of cookies with an unassigned value. A remote attacker can exploit this, via a specially crafted request, to cause a segmentation fault, resulting in a denial of service condition. (CVE-2014-0098) - A flaw exists in the deflate_in_filter() function when request body decompression is configured. A remote attacker can exploit this, via a specially crafted request, to exhaust available memory and CPU resources, resulting in a denial of service condition. (CVE-2014-0118) - A race condition exists in the mod_status module due to improper validation of user-supplied input when handling the scoreboard. A remote attacker can exploit this, via a crafted request, to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2014-0226) - A flaw exists in the mod_cgid module due to the lack of a timeout mechanism. A remote attacker can exploit this, via a request to a CGI script that does not read from its stdin file descriptor, to cause a denial of service condition. (CVE-2014-0231)
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 84877
    published 2015-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84877
    title Juniper NSM < 2012.2R9 Apache HTTP Server Multiple Vulnerabilities (JSA10685)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-093.NASL
    description Updated apache packages fix security vulnerabilities : Apache HTTPD before 2.4.9 was vulnerable to a denial of service in mod_dav when handling DAV_WRITE requests (CVE-2013-6438). Apache HTTPD before 2.4.9 was vulnerable to a denial of service when logging cookies (CVE-2014-0098). A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the apache user (CVE-2014-0226). A denial of service flaw was found in the mod_proxy httpd module. A remote attacker could send a specially crafted request to a server configured as a reverse proxy using a threaded Multi-Processing Modules (MPM) that would cause the httpd child process to crash (CVE-2014-0117). A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the DEFLATE input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system (CVE-2014-0118). A denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely (CVE-2014-0231). A NULL pointer dereference flaw was found in the way the mod_cache httpd module handled Content-Type headers. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP server was configured to proxy to a server with caching enabled (CVE-2014-3581). mod_lua.c in the mod_lua module in the Apache HTTP Server through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory (CVE-2014-8109). In the mod_lua module in the Apache HTTP Server through 2.4.10, a maliciously crafted websockets PING after a script calls r:wsupgrade() can cause a child process crash (CVE-2015-0228). A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header restrictions defined with mod_headers (CVE-2013-5704). Note: With this update, httpd has been modified to not merge HTTP Trailer headers with other HTTP request headers. A newly introduced configuration directive MergeTrailers can be used to re-enable the old method of processing Trailer headers, which also re-introduces the aforementioned flaw. This update also fixes the following bug : Prior to this update, the mod_proxy_wstunnel module failed to set up an SSL connection when configured to use a back end server using the wss: URL scheme, causing proxied connections to fail. In these updated packages, SSL is used when proxying to wss: back end servers (rhbz#1141950).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 82346
    published 2015-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82346
    title Mandriva Linux Security Advisory : apache (MDVSA-2015:093)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2015-004.NASL
    description The remote host is running a version of Mac OS X 10.8.5 or 10.9.5 that is missing Security Update 2015-004. It is, therefore, affected multiple vulnerabilities in the following components : - Apache - ATS - Certificate Trust Policy - CoreAnimation - FontParser - Graphics Driver - ImageIO - IOHIDFamily - Kernel - LaunchServices - Open Directory Client - OpenLDAP - OpenSSL - PHP - QuickLook - SceneKit - Security - Code SIgning - UniformTypeIdentifiers Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 82700
    published 2015-04-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82700
    title Mac OS X Multiple Vulnerabilities (Security Update 2015-004) (FREAK)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-503.NASL
    description This apache2 update fixes the following security issues : - fix for crash in mod_proxy processing specially crafted requests with reverse proxy configurations that results in a crash and a DoS condition for the server. CVE-2014-0117 - new config option CGIDScriptTimeout set to 60s in new file conf.d/cgid-timeout.conf, preventing worker processes hanging forever if a cgi launched from them has stopped reading input from the server (DoS). CVE-2014-0231 - Fix for a NULL pointer dereference in mod_cache that causes a crash in caching forwarding configurations, resulting in a DoS condition. CVE-2013-4352 - fix for crash in parsing cookie content, resulting in a DoS against the server CVE-2014-0098 - fix for mod_status race condition in scoreboard handling and consecutive heap overflow and information disclosure if access to mod_status is granted to a potential attacker. CVE-2014-0226 - fix for improper handling of whitespace characters from CDATA sections to mod_dav, leading to a crash and a DoS condition of the apache server process CVE-2013-6438
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 77292
    published 2014-08-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77292
    title openSUSE Security Update : apache2 (openSUSE-SU-2014:1044-1)
  • NASL family Misc.
    NASL id JUNIPER_NSM_JSA10685_CRED.NASL
    description The remote host is running a version of NSM (Network and Security Manager) Server that is prior to 2012.2R9. It is, therefore, affected by multiple vulnerabilities in the bundled version of Apache HTTP Server : - A flaw exists due to improper escaping of filenames in 406 and 300 HTTP responses. A remote attacker can exploit this, by uploading a file with a specially crafted name, to inject arbitrary HTTP headers or conduct cross-site scripting attacks. (CVE-2008-0456) - Multiple cross-site scripting vulnerabilities exist in the mod_negotiation module due to improper sanitization of input passed via filenames. An attacker can exploit this to execute arbitrary script code in a user's browser. (CVE-2012-2687) - Multiple cross-site scripting vulnerabilities exist in the mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules due to improper validation of input passed via the URL or hostnames. An attacker can exploit this to execute arbitrary script code in a user's browser. (CVE-2012-3499) - A cross-site scripting vulnerability exists in the mod_proxy_balancer module due to improper validation of input passed via the URL or hostnames. An attacker can exploit this to execute arbitrary script code in a user's browser. (CVE-2012-4558) - A flaw exists in the do_rewritelog() function due to improper sanitization of escape sequences written to log files. A remote attacker can exploit this, via a specially crafted HTTP request, to execute arbitrary commands. (CVE-2013-1862) - A denial of service vulnerability exists in mod_dav.c due to improper validation to determine if DAV is enabled for a URI. A remote attacker can exploit this, via a specially crafted MERGE request, to cause a segmentation fault, resulting in a denial of service condition. (CVE-2013-1896) - A denial of service vulnerability exists in the dav_xml_get_cdata() function due to improper removal of whitespace characters from CDATA sections. A remote attacker can exploit this, via a specially crafted DAV WRITE request, to cause a daemon crash, resulting in a denial of service condition. (CVE-2013-6438) - A flaw exists in log_cookie() function due to the logging of cookies with an unassigned value. A remote attacker can exploit this, via a specially crafted request, to cause a segmentation fault, resulting in a denial of service condition. (CVE-2014-0098) - A flaw exists in the deflate_in_filter() function when request body decompression is configured. A remote attacker can exploit this, via a specially crafted request, to exhaust available memory and CPU resources, resulting in a denial of service condition. (CVE-2014-0118) - A race condition exists in the mod_status module due to improper validation of user-supplied input when handling the scoreboard. A remote attacker can exploit this, via a crafted request, to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2014-0226) - A flaw exists in the mod_cgid module due to the lack of a timeout mechanism. A remote attacker can exploit this, via a request to a CGI script that does not read from its stdin file descriptor, to cause a denial of service condition. (CVE-2014-0231)
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 84878
    published 2015-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84878
    title Juniper NSM < 2012.2R9 Apache HTTP Server Multiple Vulnerabilities (JSA10685) (credentialed check)
  • NASL family Misc.
    NASL id ORACLE_SECURE_GLOBAL_DESKTOP_JAN_2015_CPU.NASL
    description The remote host has a version of Oracle Secure Global Desktop that is version 4.63, 4.71, 5.0 or 5.1. It is, therefore, affected by multiple vulnerabilities in the following components : - Apache HTTP Server - Client - Gateway JARP module - Gateway Reverse Proxy - OpenSSL - Print Servlet (only in 5.0 / 5.1) - SGD SSL Daemon (ttassl) - Web Server
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 80912
    published 2015-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80912
    title Oracle Secure Global Desktop Multiple Vulnerabilities (January 2015 CPU) (POODLE)
  • NASL family Web Servers
    NASL id WEBSPHERE_8_5_5_4.NASL
    description The IBM WebSphere Application Server running on the remote host is version 8.5 prior to Fix Pack 8.5.5.4. It is, therefore, affected by the following vulnerabilities : - Multiple errors exist related to the included IBM HTTP server that can allow remote code execution or denial of service. (CVE-2013-5704, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231 / PI22070) - An unspecified error exists related to HTTP headers that can allow information disclosure. (CVE-2014-3021 / PI08268) - An error exists related to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A man-in-the-middle attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. This is also known as the 'POODLE' issue. (CVE-2014-3566 / PI28435, PI28436, PI28437) - An unspecified input validation errors exist related to the administrative console that can allow cross-site scripting and cross-site request forgery attacks. (CVE-2014-4770, CVE-2014-4816 / PI23055) - An unspecified error exists that can allow OpenID and OpenID Connect cookies to be spoofed, allowing information disclosure. (CVE-2014-6164 / PI23430) - An error exists related to the Communications Enabled Applications (CEA) service that can allow XML External Entity Injection (XXE) attacks leading to information disclosure. This only occurs if CEA is enabled. By default this is disabled. (CVE-2014-6166 / PI25310) - An input validation error exists related to session input using URL rewriting that can allow cross-site scripting attacks. (CVE-2014-6167 / PI23819) - An error exists related to the administrative console that can allow 'click-jacking' attacks. (CVE-2014-6174 / PI27152) - An error exists related to deployment descriptor security constraints and ServletSecurity annotations on a servlet that can allow privilege escalation. Note that this issue only affects the 'Liberty Profile'. (CVE-2014-8890 / PI29911)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 80398
    published 2015-01-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80398
    title IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.4 Multiple Vulnerabilities (POODLE)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-0921.NASL
    description Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the 'apache' user. (CVE-2014-0226) A NULL pointer dereference flaw was found in the mod_cache httpd module. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP Server was used as a forward proxy with caching. (CVE-2013-4352) A denial of service flaw was found in the mod_proxy httpd module. A remote attacker could send a specially crafted request to a server configured as a reverse proxy using a threaded Multi-Processing Modules (MPM) that would cause the httpd child process to crash. (CVE-2014-0117) A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the 'DEFLATE' input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system. (CVE-2014-0118) A denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely. (CVE-2014-0231) All httpd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 76905
    published 2014-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76905
    title RHEL 7 : httpd (RHSA-2014:0921)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-770.NASL
    description This apache version update fixes various security and non security issues. - Updated to the 2.2.29 - Changes between 2.2.22 and 2.2.29: http://www.apache.org/dist/httpd/CHANGES_2.2 - The following patches are no longer needed and were removed : - httpd-2.2.x-bnc798733-SNI_ignorecase.diff - httpd-2.2.x-bnc806458-mod_imagemap-xss.diff - httpd-2.2.x-bnc806458-mod_info_ap_get_server_name-xss.diff - httpd-2.2.x-bnc806458-mod_proxy_ftp-xss.diff - httpd-2.2.x-bnc806458-util_ldap_cache_mgr-xss.diff - httpd-2.2.x-bnc807152-mod_balancer_handler_xss.diff - httpd-mod_deflate_head.patch - httpd-new_pcre.patch - httpd-2.2.22-SSLCompression_CRIME_mitigation.patch - httpd-2.2.19-linux3.patch - httpd-2.2.x-bnc829056-CVE-2013-1896-pr1482522-mod_dav.diff - httpd-2.2.x-bnc829057-CVE-2013-1862-mod_rewrite_terminal_escape_sequences.diff - httpd-2.2.x-bnc869105-CVE-2013-6438-mod_dav-dos.diff - httpd-2.2.x-bnc869106-CVE-2014-0098-log_cookie_c.diff - httpd-2.2.x-bnc887765-CVE-2014-0226-mod_status_race.diff - httpd-2.2.x-bnc887768-CVE-2014-0231_mod_cgid_DoS_via_no_stdin_read.diff - httpd-2.2.x-bnc777260-CVE-2012-2687-mod_negotiation_filename_xss.diff - httpd-2.2.x-CVE-2011-3368-server_protocl_c.diff - The following patches were updated for the current Apache version : - apache2-mod_ssl_npn.patch - httpd-2.0.54-envvars.dif - httpd-2.2.x-bnc690734.patch - ssl-mode-release-buffers.patch - bnc#871310 fixed in Apache httpd 2.2.29
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 80043
    published 2014-12-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80043
    title openSUSE Security Update : apache2 (openSUSE-SU-2014:1647-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-0921.NASL
    description Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the 'apache' user. (CVE-2014-0226) A NULL pointer dereference flaw was found in the mod_cache httpd module. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP Server was used as a forward proxy with caching. (CVE-2013-4352) A denial of service flaw was found in the mod_proxy httpd module. A remote attacker could send a specially crafted request to a server configured as a reverse proxy using a threaded Multi-Processing Modules (MPM) that would cause the httpd child process to crash. (CVE-2014-0117) A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the 'DEFLATE' input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system. (CVE-2014-0118) A denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely. (CVE-2014-0231) All httpd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 76716
    published 2014-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76716
    title CentOS 7 : httpd (CESA-2014:0921)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1087.NASL
    description Red Hat JBoss Web Server 2.1.0, which fixes multiple security issues and several bugs, is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.1, and includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.1.0 Release Notes, linked to in the References section, for information on the most significant of these changes. The following security issues are also fixed with this release : A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the 'apache' user. (CVE-2014-0226) A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the 'DEFLATE' input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system. (CVE-2014-0118) A denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely. (CVE-2014-0231) It was found that several application-provided XML files, such as web.xml, content.xml, *.tld, *.tagx, and *.jspx, resolved external entities, permitting XML External Entity (XXE) attacks. An attacker able to deploy malicious applications to Tomcat could use this flaw to circumvent security restrictions set by the JSM, and gain access to sensitive information on the system. Note that this flaw only affected deployments in which Tomcat is running applications from untrusted sources, such as in a shared hosting environment. (CVE-2013-4590) It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs), and tag plug-in configuration files. The injected XML parser(s) could then bypass the limits imposed on XML external entities and/or gain access to the XML files processed for other web applications deployed on the same Tomcat instance. (CVE-2014-0119) All users of Red Hat JBoss Web Server 2.0.1 on Red Hat Enterprise Linux 6 are advised to upgrade to Red Hat JBoss Web Server 2.1.0. The JBoss server process must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 77356
    published 2014-08-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77356
    title RHEL 6 : JBoss Web Server (RHSA-2014:1087)
  • NASL family Web Servers
    NASL id WEBSPHERE_8_0_0_10.NASL
    description The remote host is running IBM WebSphere Application Server version 8.0 prior to Fix Pack 10. It is, therefore, affected by the following vulnerabilities : - Multiple errors exist related to the included IBM HTTP server that can allow remote code execution or denial of service. (CVE-2013-5704, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231 / PI22070) - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076 / PI19700) - An unspecified error exists related to HTTP headers that can allow information disclosure. (CVE-2014-3021 / PI08268) - An unspecified error caused by improper account creation with the Virtual Member Manager SPI Admin Task 'addFileRegistryAccount' can allow remote attackers to bypass security restrictions. (CVE-2014-3070 / PI16765) - An information disclosure vulnerability exists due to a failure to restrict access to resources located within the web application. A remote attacker can exploit this to obtain configuration data and other sensitive information. (CVE-2014-3083 / PI17768, PI30579 ) - A man-in-the-middle (MitM) information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. MitM attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566 / PI28435, PI28436, PI28437) - An unspecified flaw in the Load Balancer for IPv4 Dispatcher component allows a remote attacker to cause a denial of service. (CVE-2014-4764 / PI21189) - An unspecified input validation error exists related to the administrative console that can allow cross-site scripting and cross-site request forgery attacks. (CVE-2014-4770, CVE-2014-4816 / PI23055) - An error exists related to the Communications Enabled Applications (CEA) service that can allow XML External Entity Injection (XXE) attacks leading to information disclosure. This only occurs if CEA is enabled, and by default this is disabled. (CVE-2014-6166 / PI25310) - An input validation error exists related to session input using URL rewriting that can allow cross-site scripting attacks. (CVE-2014-6167 / PI23819) - An error exists related to the administrative console that can allow click-jacking attacks. (CVE-2014-6174 / PI27152)
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 81401
    published 2015-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81401
    title IBM WebSphere Application Server 8.0 < Fix Pack 10 Multiple Vulnerabilities (POODLE)
  • NASL family Web Servers
    NASL id HPSMH_7_5.NASL
    description According to the web server's banner, the version of HP System Management Homepage (SMH) hosted on the remote web server is prior to 7.5.0. It is, therefore, affected by multiple vulnerabilities : - A flaw exists within the 'mod_deflate' module when handling highly compressed bodies. A remote attacker can exploit this, via a specially crafted request, to exhaust memory and CPU resources, resulting in a denial of service condition. (CVE-2014-0118) - The 'mod_status' module contains a race condition that can be triggered when handling the scoreboard. A remote attacker can exploit this to cause a denial of service, execute arbitrary code, or obtain sensitive credential information. (CVE-2014-0226) - The 'mod_cgid' module lacks a time out mechanism. A remote attacker can exploit this, via a specially crafted request, to cause child processes to linger indefinitely, filling up the scoreboard and resulting in a denial of service vulnerability. (CVE-2014-0231) - A flaw exists in WinNT MPM versions 2.4.1 to 2.4.9 when using the default AcceptFilter. An attacker can exploit this, via specially crafted requests. to create a memory leak, resulting in a denial of service condition. (CVE-2014-3523) - A NULL pointer dereference flaw exists when the SSLv3 option isn't enabled and an SSLv3 ClientHello is received. This allows a remote attacker, using an unexpected handshake, to crash the daemon, resulting in a denial of service. (CVE-2014-3569) - The BIGNUM squaring (BN_sqr) implementation does not properly calculate the square of a BIGNUM value. This allows remote attackers to defeat cryptographic protection mechanisms. (CVE-2014-3570) - A NULL pointer dereference flaw exists in the dtls1_get_record() function when handling DTLS messages. A remote attacker, using a specially crafted DTLS message, can cause a denial of service. (CVE-2014-3571) - A flaw exists with ECDH handshakes when using an ECDSA certificate without a ServerKeyExchange message. This allows a remote attacker to trigger a loss of forward secrecy from the ciphersuite. (CVE-2014-3572) - A use-after-free error exists in the 'process_nested_data' function within 'ext/standard/var_unserializer.re' due to improper handling of duplicate keys within the serialized properties of an object. A remote attacker, using a specially crafted call to the 'unserialize' method, can exploit this flaw to execute arbitrary code on the system. (CVE-2014-8142) - A flaw exists when accepting non-DER variations of certificate signature algorithms and signature encodings due to a lack of enforcement of matches between signed and unsigned portions. A remote attacker, by including crafted data within a certificate's unsigned portion, can bypass fingerprint-based certificate-blacklist protection mechanisms. (CVE-2014-8275) - An out-of-bounds read flaw in file 'cgi_main.c' exists when nmap is used to process an invalid file that begins with a hash character (#) but lacks a newline character. A remote attacker, using a specially crafted PHP file, can exploit this vulnerability to disclose memory contents, cause a denial of service, or possibly execute code. (CVE-2014-9427) - An out-of-bounds read error exists in the Fine Free File component that is bundled with PHP. A remote attacker can exploit this to cause a denial of service condition or the disclosure of sensitive information. (CVE-2014-9652) - A memory corruption issue exists in the Fine Free File component that is bundled with PHP. A remote attacker can exploit this to cause an unspecified impact. (CVE-2014-9653) - A heap buffer overflow condition exists in PHP in the enchant_broker_request_dict() function due to improper validation of user-supplied input. An attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2014-9705) - A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204) - A flaw exists when accepting DH certificates for client authentication without the CertificateVerify message. This allows a remote attacker to authenticate to the service without a private key. (CVE-2015-0205) - A memory leak occurs in dtls1_buffer_record() when handling a saturation of DTLS records containing the same number sequence but for the next epoch. This allows a remote attacker to cause a denial of service. (CVE-2015-0206) - A flaw exists in the DTLSv1_listen() function due to state being preserved in the SSL object from one invocation to the next. A remote attacker can exploit this, via crafted DTLS traffic, to cause a segmentation fault, resulting in a denial of service. (CVE-2015-0207) - A flaw exists in the rsa_item_verify() function due to improper implementation of ASN.1 signature verification. A remote attacker can exploit this, via an ASN.1 signature using the RSA PSS algorithm and invalid parameters, to cause a NULL pointer dereference, resulting in a denial of service. (CVE-2015-0208) - A use-after-free condition exists in the d2i_ECPrivateKey() function due to improper processing of malformed EC private key files during import. A remote attacker can exploit this to dereference or free already freed memory, resulting in a denial of service or other unspecified impact. (CVE-2015-0209) - A use-after-free memory error exists in the process_nested_data() function in 'var_unserializer.re' due to improper handling of duplicate numerical keys within the serialized properties of an object. A remote attacker, using a crafted unserialize method call, can exploit this vulnerability to execute arbitrary code. (CVE-2015-0231) - A flaw exists in the exif_process_unicode() function in 'exif.c' that allows freeing an uninitialized pointer. A remote attacker, using specially crafted EXIF data in a JPEG image, can exploit this to cause a denial of service or to execute arbitrary code. (CVE-2015-0232) - A use-after-free flaw exists in the function php_date_timezone_initialize_from_hash() within the 'ext/date/php_date.c' script. An attacker can exploit this to access sensitive information or crash applications linked to PHP. (CVE-2015-0273) - A flaw exists in the ssl3_client_hello() function due to improper validation of a PRNG seed before proceeding with a handshake, resulting in insufficient entropy and predictable output. This allows a man-in-the-middle attacker to defeat cryptographic protection mechanisms via a brute-force attack, resulting in the disclosure of sensitive information. (CVE-2015-0285) - An invalid read error exists in the ASN1_TYPE_cmp() function due to improperly performed boolean-type comparisons. A remote attacker can exploit this, via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature, to cause an invalid read operation, resulting in a denial of service. (CVE-2015-0286) - A flaw exists in the ASN1_item_ex_d2i() function due to a failure to reinitialize 'CHOICE' and 'ADB' data structures when reusing a structure in ASN.1 parsing. This allows a remote attacker to cause an invalid write operation and memory corruption, resulting in a denial of service. (CVE-2015-0287) - A NULL pointer dereference flaw exists in the X509_to_X509_REQ() function due to improper processing of certificate keys. This allows a remote attacker, via a crafted X.509 certificate, to cause a denial of service. (CVE-2015-0288) - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing outer ContentInfo. This allows a remote attacker, using an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, to cause a denial of service. (CVE-2015-0289) - A flaw exists with the 'multiblock' feature in the ssl3_write_bytes() function due to improper handling of certain non-blocking I/O cases. This allows a remote attacker to cause failed connections or a segmentation fault, resulting in a denial of service. (CVE-2015-0290) - A NULL pointer dereference flaw exists when handling clients attempting to renegotiate using an invalid signature algorithm extension. A remote attacker can exploit this to cause a denial of service. (CVE-2015-0291) - An integer underflow condition exists in the EVP_DecodeUpdate() function due to improper validation of base64 encoded input when decoding. This allows a remote attacker, using maliciously crafted base64 data, to cause a segmentation fault or memory corruption, resulting in a denial of service or possibly the execution of arbitrary code. (CVE-2015-0292) - A flaw exists in servers that both support SSLv2 and enable export cipher suites due to improper implementation of SSLv2. A remote attacker can exploit this, via a crafted CLIENT-MASTER-KEY message, to cause a denial of service. (CVE-2015-0293) - A flaw exists in the ssl3_get_client_key_exchange() function when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled. This allows a remote attacker, via a ClientKeyExchange message with a length of zero, to cause a denial of service. (CVE-2015-1787) - A cross-site request forgery (XSRF) vulnerability exists due to the lack of a unique token when performing sensitive actions via HTTP requests. (CVE-2015-2134) - A use-after-free error exists in the function phar_rename_archive() in file 'phar_object.c'. A remote attacker, by attempting to rename a phar archive to an already existing file name, can exploit this to cause a denial of service. (CVE-2015-2301) - A use-after-free error exists related to function 'unserialize', which can allow a remote attacker to execute arbitrary code. Note that this issue is due to an incomplete fix for CVE-2014-8142. (CVE-2015-0231) - A filter bypass vulnerability exists due to a flaw in the move_uploaded_file() function in which pathnames are truncated when a NULL byte is encountered. This allows a remote attacker, via a crafted second argument, to bypass intended extension restrictions and create files with unexpected names. (CVE-2015-2348) - A user-after-free error exists in the process_nested_data() function. This allows a remote attacker, via a crafted unserialize call, to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2015-2787)
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 84923
    published 2015-07-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84923
    title HP System Management Homepage 7.3.x / 7.4.x < 7.5.0 Multiple Vulnerabilities (FREAK)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1088.NASL
    description Red Hat JBoss Web Server 2.1.0, which fixes multiple security issues and several bugs, is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.1, and includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.1.0 Release Notes, linked to in the References section, for information on the most significant of these changes. The following security issues are also fixed with this release : A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the 'apache' user. (CVE-2014-0226) A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the 'DEFLATE' input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system. (CVE-2014-0118) A denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely. (CVE-2014-0231) It was found that several application-provided XML files, such as web.xml, content.xml, *.tld, *.tagx, and *.jspx, resolved external entities, permitting XML External Entity (XXE) attacks. An attacker able to deploy malicious applications to Tomcat could use this flaw to circumvent security restrictions set by the JSM, and gain access to sensitive information on the system. Note that this flaw only affected deployments in which Tomcat is running applications from untrusted sources, such as in a shared hosting environment. (CVE-2013-4590) It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs), and tag plug-in configuration files. The injected XML parser(s) could then bypass the limits imposed on XML external entities and/or gain access to the XML files processed for other web applications deployed on the same Tomcat instance. (CVE-2014-0119) All users of Red Hat JBoss Web Server 2.0.1 on Red Hat Enterprise Linux 5 are advised to upgrade to Red Hat JBoss Web Server 2.1.0. The JBoss server process must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 77357
    published 2014-08-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77357
    title RHEL 5 : JBoss Web Server (RHSA-2014:1088)
  • NASL family Web Servers
    NASL id WEBSPHERE_7_0_0_35.NASL
    description The remote host is running a version of IBM WebSphere Application Server 7.0 prior to Fix Pack 35. It is, therefore, affected by the following vulnerabilities : - Multiple errors exist related to the included IBM HTTP server that could allow remote code execution or denial of service. (CVE-2013-5704, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231 / PI22070) - An error exists related to HTTP header handling that could allow the disclosure of sensitive information. (CVE-2014-3021 / PI08268) - An unspecified error exists that could allow the disclosure of sensitive information. (CVE-2014-3083 / PI17768) - An unspecified input-validation errors exist related to the 'Admin Console' that could allow cross-site scripting and cross-site request forgery attacks. (CVE-2014-4770, CVE-2014-4816 / PI23055)
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 78604
    published 2014-10-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78604
    title IBM WebSphere Application Server 7.0 < Fix Pack 35 Multiple Vulnerabilities
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2014-204-01.NASL
    description New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
    last seen 2019-02-21
    modified 2015-07-26
    plugin id 76712
    published 2014-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76712
    title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : httpd (SSA:2014-204-01)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1020.NASL
    description Updated Red Hat JBoss Enterprise Application Platform 6.3.0 packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the 'apache' user. (CVE-2014-0226) A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the 'DEFLATE' input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system. (CVE-2014-0118) A denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely. (CVE-2014-0231) A flaw was found in the WebSocket08FrameDecoder implementation that could allow a remote attacker to trigger an Out Of Memory Exception by issuing a series of TextWebSocketFrame and ContinuationWebSocketFrames. Depending on the server configuration, this could lead to a denial of service. (CVE-2014-0193) It was found that the isCallerInRole() method of the SimpleSecurityManager did not correctly check caller roles. A remote, authenticated attacker could use this flaw to circumvent the caller check in applications that use black list access control based on caller roles. (CVE-2014-3472) Red Hat would like to thank James Roper of Typesafe for reporting CVE-2014-0193, and CA Technologies for reporting CVE-2014-3472. This release of JBoss Enterprise Application Platform also includes bug fixes and enhancements. Documentation for these changes will be available shortly from the JBoss Enterprise Application Platform 6.3.0 Release Notes, linked to in the References. All users who require JBoss Enterprise Application Platform 6.3.0 on Red Hat Enterprise Linux 6 should install these new packages. The JBoss server process must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 77079
    published 2014-08-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77079
    title RHEL 6 : JBoss EAP (RHSA-2014:1020)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-0921.NASL
    description From Red Hat Security Advisory 2014:0921 : Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the 'apache' user. (CVE-2014-0226) A NULL pointer dereference flaw was found in the mod_cache httpd module. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP Server was used as a forward proxy with caching. (CVE-2013-4352) A denial of service flaw was found in the mod_proxy httpd module. A remote attacker could send a specially crafted request to a server configured as a reverse proxy using a threaded Multi-Processing Modules (MPM) that would cause the httpd child process to crash. (CVE-2014-0117) A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the 'DEFLATE' input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system. (CVE-2014-0118) A denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely. (CVE-2014-0231) All httpd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 76745
    published 2014-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76745
    title Oracle Linux 7 : httpd (ELSA-2014-0921)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_APACHE_20141014.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger a missing hostname value. (CVE-2013-4352) - The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header. (CVE-2014-0117) - The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size. (CVE-2014-0118) - Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c. (CVE-2014-0226) - The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor. (CVE-2014-0231)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 80589
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80589
    title Oracle Solaris Third-Party Patch Update : apache (multiple_denial_of_service_dos5)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-66.NASL
    description CVE-2014-0231: prevent denial of service in mod_cgid. CVE-2014-0226: prevent denial of service via race in mod_status. CVE-2014-0118: fix resource consumption via mod_deflate body decompression. CVE-2013-6438: prevent denial of service via mod_dav incorrect end of string NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-09
    plugin id 82211
    published 2015-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82211
    title Debian DLA-66-1 : apache2 security update
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2014-142.NASL
    description Updated apache package fixes security vulnerabilities : A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the apache user (CVE-2014-0226). A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the DEFLATE input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system (CVE-2014-0118). A denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely (CVE-2014-0231).
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 76923
    published 2014-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76923
    title Mandriva Linux Security Advisory : apache (MDVSA-2014:142)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-0920.NASL
    description Updated httpd packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the 'apache' user. (CVE-2014-0226) A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the 'DEFLATE' input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system. (CVE-2014-0118) A denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely. (CVE-2014-0231) All httpd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 76715
    published 2014-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76715
    title CentOS 5 / 6 : httpd (CESA-2014:0920)
  • NASL family Web Servers
    NASL id APACHE_2_4_10.NASL
    description According to its banner, the version of Apache 2.4.x running on the remote host is prior to 2.4.10. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the 'mod_proxy' module that may allow an attacker to send a specially crafted request to a server configured as a reverse proxy that may cause the child process to crash. This could potentially lead to a denial of service attack. (CVE-2014-0117) - A flaw exists in the 'mod_deflate' module when request body decompression is configured. This could allow a remote attacker to cause the server to consume significant resources. (CVE-2014-0118) - A flaw exists in the 'mod_status' module when a publicly accessible server status page is in place. This could allow an attacker to send a specially crafted request designed to cause a heap buffer overflow. (CVE-2014-0226) - A flaw exists in the 'mod_cgid' module in which CGI scripts that did not consume standard input may be manipulated in order to cause child processes to hang. A remote attacker may be able to abuse this in order to cause a denial of service. (CVE-2014-0231) - A flaw exists in WinNT MPM versions 2.4.1 to 2.4.9 when using the default AcceptFilter. An attacker may be able to specially craft requests that create a memory leak in the application and may eventually lead to a denial of service attack. (CVE-2014-3523) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-09-17
    plugin id 76622
    published 2014-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76622
    title Apache 2.4.x < 2.4.10 Multiple Vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_4364E1F10F4411E4B09020CF30E32F6D.NASL
    description Apache HTTP SERVER PROJECT reports : mod_proxy: Fix crash in Connection header handling which allowed a denial of service attack against a reverse proxy with a threaded MPM. Fix a race condition in scoreboard handling, which could lead to a heap buffer overflow. mod_deflate: The DEFLATE input filter (inflates request bodies) now limits the length and compression ratio of inflated request bodies to avoid denial of sevice via highly compressed bodies. See directives DeflateInflateLimitRequestBody, DeflateInflateRatioLimit, and DeflateInflateRatioBurst. mod_cgid: Fix a denial of service against CGI scripts that do not consume stdin that could lead to lingering HTTPD child processes filling up the scoreboard and eventually hanging the server. By default, the client I/O timeout (Timeout directive) now applies to communication with scripts. The CGIDScriptTimeout directive can be used to set a different timeout for communication with scripts.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 76614
    published 2014-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76614
    title FreeBSD : apache24 -- several vulnerabilities (4364e1f1-0f44-11e4-b090-20cf30e32f6d)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_APACHE2-140721.NASL
    description This update for the Apache Web Server provides the following fixes : - Fixed a heap-based buffer overflow on apache module mod_status. (bnc#887765, CVE-2014-0226) - Properly remove whitespace characters from CDATA sections to avoid remote denial of service by crashing the Apache Server process. (bnc#869105, CVE-2013-6438) - Correction to parsing of cookie content; this can lead to a crash with a specially designed cookie sent to the server. (bnc#869106, CVE-2014-0098) - ECC support should not be missing. (bnc#859916) This update also introduces a new configuration parameter CGIDScriptTimeout, which defaults to the value of parameter Timeout. CGIDScriptTimeout is set to 60s if mod_cgid is loaded/active, via /etc/apache2/conf.d/cgid-timeout.conf. The new directive and its effect prevent request workers to be eaten until starvation if cgi programs do not send output back to the server within the timeout set by CGIDScriptTimeout. (bnc#887768, CVE-2014-0231)
    last seen 2019-02-21
    modified 2015-07-26
    plugin id 77048
    published 2014-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77048
    title SuSE 11.3 Security Update : Apache Web Server (SAT Patch Number 9542)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_10_3.NASL
    description The remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.3. It is, therefore, affected multiple vulnerabilities in the following components : - Admin Framework - Apache - ATS - Certificate Trust Policy - CFNetwork HTTPProtocol - CFNetwork Session - CFURL - CoreAnimation - FontParser - Graphics Driver - Hypervisor - ImageIO - IOHIDFamily - Kernel - LaunchServices - libnetcore - ntp - Open Directory Client - OpenLDAP - OpenSSL - PHP - QuickLook - SceneKit - ScreenSharing - Security - Code SIgning - UniformTypeIdentifiers - WebKit Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 82699
    published 2015-04-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82699
    title Mac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities (FREAK)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201504-03.NASL
    description The remote host is affected by the vulnerability described in GLSA-201504-03 (Apache: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Apache HTTP Server. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to execute arbitrary code or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 82733
    published 2015-04-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82733
    title GLSA-201504-03 : Apache: Multiple vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-8742.NASL
    description This update includes the latest stable release of the Apache HTTP Server, httpd 2.4.10. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 76852
    published 2014-07-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76852
    title Fedora 20 : httpd-2.4.10-1.fc20 (2014-8742)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2299-1.NASL
    description Marek Kroemeke discovered that the mod_proxy module incorrectly handled certain requests. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-0117) Giancarlo Pellegrino and Davide Balzarotti discovered that the mod_deflate module incorrectly handled body decompression. A remote attacker could use this issue to cause resource consumption, leading to a denial of service. (CVE-2014-0118) Marek Kroemeke and others discovered that the mod_status module incorrectly handled certain requests. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service, or possibly execute arbitrary code. (CVE-2014-0226) Rainer Jung discovered that the mod_cgid module incorrectly handled certain scripts. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service. (CVE-2014-0231). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 76757
    published 2014-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76757
    title Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : apache2 vulnerabilities (USN-2299-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20140723_HTTPD_ON_SL5_X.NASL
    description A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the 'apache' user. (CVE-2014-0226) A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the 'DEFLATE' input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system. (CVE-2014-0118) A denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely. (CVE-2014-0231) After installing the updated packages, the httpd daemon will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 76753
    published 2014-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76753
    title Scientific Linux Security Update : httpd on SL5.x, SL6.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-0920.NASL
    description Updated httpd packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the 'apache' user. (CVE-2014-0226) A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the 'DEFLATE' input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system. (CVE-2014-0118) A denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely. (CVE-2014-0231) All httpd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 76749
    published 2014-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76749
    title RHEL 5 / 6 : httpd (RHSA-2014:0920)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2014-389.NASL
    description A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the 'apache' user. (CVE-2014-0226) A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the 'DEFLATE' input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system. (CVE-2014-0118) A denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely. (CVE-2014-0231)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 78332
    published 2014-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78332
    title Amazon Linux AMI : httpd24 (ALAS-2014-389)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_F927E06C110911E4B09020CF30E32F6D.NASL
    description Apache HTTP SERVER PROJECT reports : mod_deflate: The DEFLATE input filter (inflates request bodies) now limits the length and compression ratio of inflated request bodies to avoid denial of service via highly compressed bodies. See directives DeflateInflateLimitRequestBody, DeflateInflateRatioLimit, and DeflateInflateRatioBurst. mod_cgid: Fix a denial of service against CGI scripts that do not consume stdin that could lead to lingering HTTPD child processes filling up the scoreboard and eventually hanging the server. By default, the client I/O timeout (Timeout directive) now applies to communication with scripts. The CGIDScriptTimeout directive can be used to set a different timeout for communication with scripts. Fix a race condition in scoreboard handling, which could lead to a heap buffer overflow. core: HTTP trailers could be used to replace HTTP headers late during request processing, potentially undoing or otherwise confusing modules that examined or modified request headers earlier. Adds 'MergeTrailers' directive to restore legacy behavior.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 76780
    published 2014-07-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76780
    title FreeBSD : apache22 -- several vulnerabilities (f927e06c-1109-11e4-b090-20cf30e32f6d)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1019.NASL
    description Updated Red Hat JBoss Enterprise Application Platform 6.3.0 packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the 'apache' user. (CVE-2014-0226) A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the 'DEFLATE' input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system. (CVE-2014-0118) A denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely. (CVE-2014-0231) A flaw was found in the WebSocket08FrameDecoder implementation that could allow a remote attacker to trigger an Out Of Memory Exception by issuing a series of TextWebSocketFrame and ContinuationWebSocketFrames. Depending on the server configuration, this could lead to a denial of service. (CVE-2014-0193) It was found that the isCallerInRole() method of the SimpleSecurityManager did not correctly check caller roles. A remote, authenticated attacker could use this flaw to circumvent the caller check in applications that use black list access control based on caller roles. (CVE-2014-3472) Red Hat would like to thank James Roper of Typesafe for reporting CVE-2014-0193, and CA Technologies for reporting CVE-2014-3472. This release of JBoss Enterprise Application Platform also includes bug fixes and enhancements. Documentation for these changes will be available shortly from the JBoss Enterprise Application Platform 6.3.0 Release Notes, linked to in the References. All users who require JBoss Enterprise Application Platform 6.3.0 on Red Hat Enterprise Linux 5 should install these new packages. The JBoss server process must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-13
    plugin id 77078
    published 2014-08-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77078
    title RHEL 5 : JBoss EAP (RHSA-2014:1019)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2989.NASL
    description Several security issues were found in the Apache HTTP server. - CVE-2014-0118 The DEFLATE input filter (inflates request bodies) in mod_deflate allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size. - CVE-2014-0226 A race condition was found in mod_status. An attacker able to access a public server status page on a server could send carefully crafted requests which could lead to a heap buffer overflow, causing denial of service, disclosure of sensitive information, or potentially the execution of arbitrary code. - CVE-2014-0231 A flaw was found in mod_cgid. If a server using mod_cgid hosted CGI scripts which did not consume standard input, a remote attacker could cause child processes to hang indefinitely, leading to denial of service.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 76844
    published 2014-07-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76844
    title Debian DSA-2989-1 : apache2 - security update
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-502.NASL
    description This apache2 update fixes the following security issues : - CRIME types of attack, based on size and timing analysis of compressed content, are now mitigated by the new SSLCompression directive, set to 'no' in /etc/apache2/ssl-global.conf - ssl-global.conf: SSLHonorCipherOrder set to on - SSLCipherSuite updates to vhosts.d/vhost-ssl.template and apache2-default-vhost-ssl.conf - new config option CGIDScriptTimeout set to 60s in new file conf.d/cgid-timeout.conf, preventing worker processes hanging forever if a cgi launched from them has stopped reading input from the server. (bnc#887768, CVE-2014-0231) - fix for mod_status race condition in scoreboard handling and consecutive heap overflow and information disclosure if access to mod_status is granted to a potential attacker. (bnc#887765, CVE-2014-0226) - fixed improperly handled whitespace characters in CDATA sections of requests to mod_dav can lead to a crash, resulting in a DoS against the server. (bnc#869105, CVE-2013-6438) - fix for crash in parsing cookie content, resulting in a DoS against the server. (bnc#869106, CVE-2014-0098)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 77291
    published 2014-08-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77291
    title openSUSE Security Update : apache2 (openSUSE-SU-2014:1045-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2014-1082-1.NASL
    description This apache2 update fixes the following security issues : - log_cookie mod_log_config.c remote denial of service (CVE-2014-0098, bnc#869106) - mod_dav denial of service (CVE-2013-6438, bnc#869105) - mod_cgid denial of service (CVE-2014-0231, bnc#887768) - mod_status heap-based buffer overflow (CVE-2014-0226, bnc#887765) - mod_rewrite: escape logdata to avoid terminal escapes (CVE-2013-1862, bnc#829057) - mod_dav: segfault in merge request (CVE-2013-1896, bnc#829056) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 83632
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83632
    title SUSE SLES10 Security Update : apache2 (SUSE-SU-2014:1082-1)
  • NASL family Web Servers
    NASL id APACHE_2_2_29.NASL
    description According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.28. It is, therefore, affected by the following vulnerabilities : - A flaw exists within the 'mod_headers' module which allows a remote attacker to inject arbitrary headers. This is done by placing a header in the trailer portion of data being sent using chunked transfer encoding. (CVE-2013-5704) - A flaw exists within the 'mod_deflate' module when handling highly compressed bodies. Using a specially crafted request, a remote attacker can exploit this to cause a denial of service by exhausting memory and CPU resources. (CVE-2014-0118) - The 'mod_status' module contains a race condition that can be triggered when handling the scoreboard. A remote attacker can exploit this to cause a denial of service, execute arbitrary code, or obtain sensitive credential information. (CVE-2014-0226) - The 'mod_cgid' module lacks a time out mechanism. Using a specially crafted request, a remote attacker can use this flaw to cause a denial of service by causing child processes to linger indefinitely, eventually filling up the scoreboard. (CVE-2014-0231) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 77531
    published 2014-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77531
    title Apache 2.2.x < 2.2.28 Multiple Vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-9057.NASL
    description This update includes the latest stable release of the Apache HTTP Server, httpd 2.4.10, fixing a number of security issues. http://www.apache.org/dist/httpd/Announcement2.4.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 77207
    published 2014-08-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77207
    title Fedora 19 : httpd-2.4.10-1.fc19 (2014-9057)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2014-388.NASL
    description A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the 'apache' user. (CVE-2014-0226) A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the 'DEFLATE' input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system. (CVE-2014-0118) A denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely. (CVE-2014-0231)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 78331
    published 2014-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78331
    title Amazon Linux AMI : httpd (ALAS-2014-388)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-0920.NASL
    description From Red Hat Security Advisory 2014:0920 : Updated httpd packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the 'apache' user. (CVE-2014-0226) A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the 'DEFLATE' input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system. (CVE-2014-0118) A denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely. (CVE-2014-0231) All httpd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 76744
    published 2014-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76744
    title Oracle Linux 5 / 6 : httpd (ELSA-2014-0920)
redhat via4
advisories
  • bugzilla
    id 1120603
    title CVE-2014-0226 httpd: mod_status heap-based buffer overflow
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhsa:tst:20070055001
      • OR
        • AND
          • comment httpd is earlier than 0:2.2.3-87.el5_10
            oval oval:com.redhat.rhsa:tst:20140920002
          • comment httpd is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070556003
        • AND
          • comment httpd-devel is earlier than 0:2.2.3-87.el5_10
            oval oval:com.redhat.rhsa:tst:20140920004
          • comment httpd-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070556005
        • AND
          • comment httpd-manual is earlier than 0:2.2.3-87.el5_10
            oval oval:com.redhat.rhsa:tst:20140920006
          • comment httpd-manual is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070556009
        • AND
          • comment mod_ssl is earlier than 1:2.2.3-87.el5_10
            oval oval:com.redhat.rhsa:tst:20140920008
          • comment mod_ssl is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070556007
    • AND
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhsa:tst:20100842001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhsa:tst:20100842002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhsa:tst:20100842003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhsa:tst:20100842004
      • OR
        • AND
          • comment httpd is earlier than 0:2.2.15-31.el6_5
            oval oval:com.redhat.rhsa:tst:20140920014
          • comment httpd is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111245017
        • AND
          • comment httpd-devel is earlier than 0:2.2.15-31.el6_5
            oval oval:com.redhat.rhsa:tst:20140920018
          • comment httpd-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111245019
        • AND
          • comment httpd-manual is earlier than 0:2.2.15-31.el6_5
            oval oval:com.redhat.rhsa:tst:20140920016
          • comment httpd-manual is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111245025
        • AND
          • comment httpd-tools is earlier than 0:2.2.15-31.el6_5
            oval oval:com.redhat.rhsa:tst:20140920020
          • comment httpd-tools is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111245023
        • AND
          • comment mod_ssl is earlier than 1:2.2.15-31.el6_5
            oval oval:com.redhat.rhsa:tst:20140920022
          • comment mod_ssl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111245021
    rhsa
    id RHSA-2014:0920
    released 2014-07-23
    severity Important
    title RHSA-2014:0920: httpd security update (Important)
  • bugzilla
    id 1120604
    title CVE-2013-4352 httpd: mod_cache NULL pointer dereference crash
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment httpd is earlier than 0:2.4.6-18.el7_0
          oval oval:com.redhat.rhsa:tst:20140921005
        • comment httpd is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111245017
      • AND
        • comment httpd-devel is earlier than 0:2.4.6-18.el7_0
          oval oval:com.redhat.rhsa:tst:20140921013
        • comment httpd-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111245019
      • AND
        • comment httpd-manual is earlier than 0:2.4.6-18.el7_0
          oval oval:com.redhat.rhsa:tst:20140921017
        • comment httpd-manual is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111245025
      • AND
        • comment httpd-tools is earlier than 0:2.4.6-18.el7_0
          oval oval:com.redhat.rhsa:tst:20140921011
        • comment httpd-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111245023
      • AND
        • comment mod_ldap is earlier than 0:2.4.6-18.el7_0
          oval oval:com.redhat.rhsa:tst:20140921009
        • comment mod_ldap is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140921010
      • AND
        • comment mod_proxy_html is earlier than 1:2.4.6-18.el7_0
          oval oval:com.redhat.rhsa:tst:20140921007
        • comment mod_proxy_html is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140921008
      • AND
        • comment mod_session is earlier than 0:2.4.6-18.el7_0
          oval oval:com.redhat.rhsa:tst:20140921015
        • comment mod_session is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140921016
      • AND
        • comment mod_ssl is earlier than 1:2.4.6-18.el7_0
          oval oval:com.redhat.rhsa:tst:20140921019
        • comment mod_ssl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111245021
    rhsa
    id RHSA-2014:0921
    released 2014-07-23
    severity Important
    title RHSA-2014:0921: httpd security update (Important)
  • rhsa
    id RHSA-2014:1019
  • rhsa
    id RHSA-2014:1020
  • rhsa
    id RHSA-2014:1021
rpms
  • httpd-0:2.2.3-87.el5_10
  • httpd-devel-0:2.2.3-87.el5_10
  • httpd-manual-0:2.2.3-87.el5_10
  • mod_ssl-1:2.2.3-87.el5_10
  • httpd-0:2.2.15-31.el6_5
  • httpd-devel-0:2.2.15-31.el6_5
  • httpd-manual-0:2.2.15-31.el6_5
  • httpd-tools-0:2.2.15-31.el6_5
  • mod_ssl-1:2.2.15-31.el6_5
  • httpd-0:2.4.6-18.el7_0
  • httpd-devel-0:2.4.6-18.el7_0
  • httpd-manual-0:2.4.6-18.el7_0
  • httpd-tools-0:2.4.6-18.el7_0
  • mod_ldap-0:2.4.6-18.el7_0
  • mod_proxy_html-1:2.4.6-18.el7_0
  • mod_session-0:2.4.6-18.el7_0
  • mod_ssl-1:2.4.6-18.el7_0
refmap via4
apple APPLE-SA-2015-04-08-2
bid 68742
confirm
debian DSA-2989
gentoo GLSA-201504-03
hp
  • HPSBMU03380
  • HPSBMU03409
  • HPSBUX03337
  • HPSBUX03512
  • SSRT102066
  • SSRT102254
mandriva MDVSA-2014:142
misc http://packetstormsecurity.com/files/130769/RSA-Digital-Certificate-Solution-XSS-Denial-Of-Service.html
secunia 60536
Last major update 06-01-2017 - 21:59
Published 20-07-2014 - 07:12
Last modified 30-10-2018 - 12:25
Back to Top