Executive Summary

Summary
Title	HP-UX Running Apache, Remote Unauthorized Denial of Service (DoS)

Informations
Name	HPSBUX02273 SSRT071476	First vendor Publication	2007-10-10
Vendor	HP	Last vendor Modification	2007-10-16
Severity (Vendor)	N/A	Revision	2

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A potential security vulnerability has been identified with HP-UX Apache v2.0.59.00. The vulnerability could be exploited remotely to create an unauthorized Denial of Service (DoS).

Original Source

Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-125	Out-of-bounds Read

OVAL Definitions

 

Definition Id: oval:org.mitre.oval:def:10525
Oval ID:	oval:org.mitre.oval:def:10525
Title:	The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
Description:	The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-3847	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section httpd-devel is earlier than 0:2.0.46-70.ent AND mod_ssl is earlier than 0:2.0.46-70.ent AND httpd is earlier than 0:2.0.46-70.ent OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section httpd-suexec is earlier than 0:2.0.52-38.ent AND httpd-manual is earlier than 0:2.0.52-38.ent AND httpd-devel is earlier than 0:2.0.52-38.ent AND mod_ssl is earlier than 1:2.0.52-38.ent AND httpd is earlier than 0:2.0.52-38.ent OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section httpd-manual is earlier than 0:2.2.3-11.el5 AND httpd-devel is earlier than 0:2.2.3-11.el5 AND mod_ssl is earlier than 1:2.2.3-11.el5 AND httpd is earlier than 0:2.2.3-11.el5

 

Definition Id: oval:org.mitre.oval:def:11589
Oval ID:	oval:org.mitre.oval:def:11589
Title:	Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
Description:	Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-3304	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section httpd-devel is earlier than 0:2.0.46-68.ent AND mod_ssl is earlier than 1:2.0.46-68.ent AND httpd is earlier than 0:2.0.46-68.ent OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section httpd-suexec is earlier than 0:2.0.52-32.3.ent AND httpd-manual is earlier than 0:2.0.52-32.3.ent AND httpd-devel is earlier than 0:2.0.52-32.3.ent AND mod_ssl is earlier than 1:2.0.52-32.3.ent AND httpd is earlier than 0:2.0.52-32.3.ent OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section httpd-manual is earlier than 0:2.2.3-7.el5 AND httpd-devel is earlier than 0:2.2.3-7.el5 AND mod_ssl is earlier than 1:2.2.3-7.el5 AND httpd is earlier than 0:2.2.3-7.el5

 

Definition Id: oval:org.mitre.oval:def:22299
Oval ID:	oval:org.mitre.oval:def:22299
Title:	ELSA-2007:0746: httpd security, bug fix, and enhancement update (Moderate)
Description:	The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
Family:	unix	Class:	patch
Reference(s):	ELSA-2007:0746-04 CVE-2007-3847	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	httpd
Definition Synopsis:
Oracle Linux 5.x  rpm test httpd-manual is earlier than 0:2.2.3-11.el5 AND httpd-devel is earlier than 0:2.2.3-11.el5 AND mod_ssl is earlier than 0:2.2.3-11.el5 AND httpd is earlier than 0:2.2.3-11.el5

 

Definition Id: oval:org.mitre.oval:def:22543
Oval ID:	oval:org.mitre.oval:def:22543
Title:	ELSA-2007:0556: httpd security update (Moderate)
Description:	Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
Family:	unix	Class:	patch
Reference(s):	ELSA-2007:0556-01 CVE-2006-5752 CVE-2007-1863 CVE-2007-3304	Version:	17
Platform(s):	Oracle Linux 5	Product(s):	httpd
Definition Synopsis:
Oracle Linux 5.x  rpm test httpd-manual is earlier than 0:2.2.3-7.el5 AND httpd-devel is earlier than 0:2.2.3-7.el5 AND mod_ssl is earlier than 0:2.2.3-7.el5 AND httpd is earlier than 0:2.2.3-7.el5

CPE : Common Platform Enumeration

Type	Description	Count
Application	Apache Http Server cpe:2.3:a:apache:http_server:2.2.5:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.3:*:windows:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.2:*:windows:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.1.9:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.1.8:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.1.7:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.1.6:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.1.5:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.1.4:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.1.3:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.1.2:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.1.1:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.1.0:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.1:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.9:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.65:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.64:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.63:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.61:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.60:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.59:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.58:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.58:*:win32:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.57:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.56:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.55:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.54:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.53:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.46:*:win32:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.34:beta:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.34:beta:win32:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.34:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.33:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.32:beta:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.32:beta:win32:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.31:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.30:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.29:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.28:beta:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.28:beta:win32:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.27:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.26:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.25:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.24:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.23:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.22:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.21:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.20:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.19:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.18:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.17:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.16:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.15:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.14:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.13:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.12:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.11:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.0:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0:alpha9:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.99:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.4.0:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.9:*:win32:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.8:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.7:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.7:*:dev:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.68:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.65:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.6:*:win32:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.5:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.42:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.41:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.40:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.39:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.38:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.37:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.36:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.35:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.34:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.33:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.32:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.31:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.30:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.29:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.28:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.26:*:win32:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.25:*:win32:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.24:*:win32:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.23:*:win32:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.22:*:win32:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.20:*:win32:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.2:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.19:*:win32:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.18:*:win32:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.17:*:win32:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.16:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.16:*:win32:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.15:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.15:*:win32:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.14:*:win32:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.14:*:mac_os:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.13:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.13:*:win32:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.12:*:win32:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.11:*:win32:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.10:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.1.1:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.0:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.2.9:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.2.6:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.2.5:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.2.4:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.2.0:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.15.17:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.1.1:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.1:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.0.5:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.0.3:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.0.2:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.0:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:0.8.14:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:0.8.11:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:*:*:win32:*:*:*:*:* cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:*	170
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*	4
Os	Fedoraproject Fedora cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*	1
Os	Fedoraproject Fedora Core cpe:2.3:o:fedoraproject:fedora_core:6:*:*:*:*:*:*:*	1
Os	Redhat Enterprise Linux Desktop cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*	1
Os	Redhat Enterprise Linux Server cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*	1
Os	Redhat Enterprise Linux Workstation cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*	1

OpenVAS Exploits

Date	Description
2010-05-12	Name : Mac OS X 10.5.3 Update / Mac OS X Security Update 2008-003 File : nvt/macosx_upd_10_5_3_secupd_2008-003.nasl
2010-02-03	Name : Solaris Update for Apache 1.3 122912-19 File : nvt/gb_solaris_122912_19.nasl
2010-02-03	Name : Solaris Update for Apache 1.3 122911-19 File : nvt/gb_solaris_122911_19.nasl
2009-11-17	Name : Mac OS X Version File : nvt/macosx_version.nasl
2009-10-13	Name : Solaris Update for Apache 1.3 122912-17 File : nvt/gb_solaris_122912_17.nasl
2009-10-13	Name : Solaris Update for Apache 1.3 122911-17 File : nvt/gb_solaris_122911_17.nasl
2009-10-10	Name : SLES9: Security update for apache2 File : nvt/sles9p5012664.nasl
2009-09-23	Name : Solaris Update for Apache 1.3 122912-16 File : nvt/gb_solaris_122912_16.nasl
2009-09-23	Name : Solaris Update for Apache 1.3 122911-16 File : nvt/gb_solaris_122911_16.nasl
2009-06-03	Name : Solaris Update for Apache 116974-07 File : nvt/gb_solaris_116974_07.nasl
2009-06-03	Name : Solaris Update for Apache 1.3 122912-15 File : nvt/gb_solaris_122912_15.nasl
2009-06-03	Name : Solaris Update for Apache 1.3 122911-15 File : nvt/gb_solaris_122911_15.nasl
2009-06-03	Name : Solaris Update for Apache 2 120544-14 File : nvt/gb_solaris_120544_14.nasl
2009-06-03	Name : Solaris Update for Apache 2 120543-14 File : nvt/gb_solaris_120543_14.nasl
2009-06-03	Name : Solaris Update for Apache 116973-07 File : nvt/gb_solaris_116973_07.nasl
2009-06-03	Name : Solaris Update for Apache Security 113146-12 File : nvt/gb_solaris_113146_12.nasl
2009-06-03	Name : Solaris Update for Apache Security 114145-11 File : nvt/gb_solaris_114145_11.nasl
2009-05-05	Name : HP-UX Update for Apache HPSBUX02273 File : nvt/gb_hp_ux_HPSBUX02273.nasl
2009-04-09	Name : Mandriva Update for apache MDKSA-2007:235 (apache) File : nvt/gb_mandriva_MDKSA_2007_235.nasl
2009-04-09	Name : Mandriva Update for apache MDKSA-2007:140 (apache) File : nvt/gb_mandriva_MDKSA_2007_140.nasl
2009-03-23	Name : Ubuntu Update for apache2 vulnerabilities USN-575-1 File : nvt/gb_ubuntu_USN_575_1.nasl
2009-03-23	Name : Ubuntu Update for apache2 vulnerabilities USN-499-1 File : nvt/gb_ubuntu_USN_499_1.nasl
2009-03-06	Name : RedHat Update for httpd RHSA-2008:0005-01 File : nvt/gb_RHSA-2008_0005-01_httpd.nasl
2009-02-27	Name : Fedora Update for httpd FEDORA-2007-2214 File : nvt/gb_fedora_2007_2214_httpd_fc7.nasl
2009-02-27	Name : CentOS Update for httpd CESA-2008:0005 centos3 i386 File : nvt/gb_CESA-2008_0005_httpd_centos3_i386.nasl
2009-02-27	Name : CentOS Update for httpd CESA-2008:0005 centos3 x86_64 File : nvt/gb_CESA-2008_0005_httpd_centos3_x86_64.nasl
2009-02-27	Name : Fedora Update for httpd FEDORA-2007-0704 File : nvt/gb_fedora_2007_0704_httpd_fc7.nasl
2009-02-27	Name : Fedora Update for httpd FEDORA-2007-615 File : nvt/gb_fedora_2007_615_httpd_fc6.nasl
2009-02-27	Name : Fedora Update for httpd FEDORA-2007-617 File : nvt/gb_fedora_2007_617_httpd_fc5.nasl
2009-02-27	Name : Fedora Update for httpd FEDORA-2007-707 File : nvt/gb_fedora_2007_707_httpd_fc6.nasl
2009-02-16	Name : Fedora Update for httpd FEDORA-2008-1711 File : nvt/gb_fedora_2008_1711_httpd_fc7.nasl
2009-01-28	Name : SuSE Update for apache2 SUSE-SA:2007:061 File : nvt/gb_suse_2007_061.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200711-06 (apache) File : nvt/glsa_200711_06.nasl
2008-09-04	Name : FreeBSD Ports: apache File : nvt/freebsd_apache12.nasl
0000-00-00	Name : Slackware Advisory SSA:2008-045-02 apache File : nvt/esoft_slk_ssa_2008_045_02.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
38939	Apache HTTP Server Prefork MPM Module Array Modification Local DoS
37051	Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote...

Snort® IPS/IDS

Date	Description
2014-01-10	Apache http server mod_proxy http response crafted date handling denial of se... RuleID : 13311 - Revision : 7 - Type : WEB-MISC
2014-01-10	Apache http server mod_proxy http response crafted date handling denial of se... RuleID : 13310 - Revision : 7 - Type : WEB-MISC
2014-01-10	Apache http server mod_proxy http request crafted date handling denial of ser... RuleID : 13309 - Revision : 6 - Type : WEB-MISC

Nessus® Vulnerability Scanner

Date	Description
2013-08-11	Name : The remote web server may be affected by multiple vulnerabilities. File : oracle_http_server_cpu_jul_2013.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0556.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0662.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0005.nasl - Type : ACT_GATHER_INFO
2013-06-29	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0747.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0263.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0523.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070626_httpd_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070713_httpd_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071109_httpd_on_SL5.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071115_httpd_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080115_httpd_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2010-01-10	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0524.nasl - Type : ACT_GATHER_INFO
2010-01-10	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0261.nasl - Type : ACT_GATHER_INFO
2008-05-29	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_3.nasl - Type : ACT_GATHER_INFO
2008-05-29	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-003.nasl - Type : ACT_GATHER_INFO
2008-03-19	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-002.nasl - Type : ACT_GATHER_INFO
2008-03-07	Name : The remote web server may be affected by several issues. File : apache_1_3_41.nasl - Type : ACT_GATHER_INFO
2008-02-18	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-045-02.nasl - Type : ACT_GATHER_INFO
2008-02-05	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-575-1.nasl - Type : ACT_GATHER_INFO
2008-01-15	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0005.nasl - Type : ACT_GATHER_INFO
2008-01-15	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0005.nasl - Type : ACT_GATHER_INFO
2007-12-13	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-4669.nasl - Type : ACT_GATHER_INFO
2007-12-04	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-235.nasl - Type : ACT_GATHER_INFO
2007-11-20	Name : The remote openSUSE host is missing a security update. File : suse_apache2-4666.nasl - Type : ACT_GATHER_INFO
2007-11-16	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0747.nasl - Type : ACT_GATHER_INFO
2007-11-10	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-499-1.nasl - Type : ACT_GATHER_INFO
2007-11-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0746.nasl - Type : ACT_GATHER_INFO
2007-11-08	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200711-06.nasl - Type : ACT_GATHER_INFO
2007-11-06	Name : The remote Fedora host is missing a security update. File : fedora_2007-2214.nasl - Type : ACT_GATHER_INFO
2007-11-06	Name : The remote Fedora host is missing a security update. File : fedora_2007-0704.nasl - Type : ACT_GATHER_INFO
2007-09-25	Name : The remote Fedora Core host is missing a security update. File : fedora_2007-707.nasl - Type : ACT_GATHER_INFO
2007-09-14	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_c115271d602b11dc898c001921ab2fa4.nasl - Type : ACT_GATHER_INFO
2007-09-14	Name : The remote web server is affected by multiple vulnerabilities. File : apache_2_2_6.nasl - Type : ACT_GATHER_INFO
2007-07-18	Name : The remote Fedora Core host is missing a security update. File : fedora_2007-615.nasl - Type : ACT_GATHER_INFO
2007-07-18	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0662.nasl - Type : ACT_GATHER_INFO
2007-07-18	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0662.nasl - Type : ACT_GATHER_INFO
2007-07-05	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-140.nasl - Type : ACT_GATHER_INFO
2007-07-03	Name : The remote Fedora Core host is missing a security update. File : fedora_2007-617.nasl - Type : ACT_GATHER_INFO
2007-06-27	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0556.nasl - Type : ACT_GATHER_INFO
2007-06-27	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0556.nasl - Type : ACT_GATHER_INFO
2007-06-27	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0532.nasl - Type : ACT_GATHER_INFO