Executive Summary
Summary | |
---|---|
Title | httpd security update |
Informations | |||
---|---|---|---|
Name | RHSA-2005:582 | First vendor Publication | 2005-07-25 |
Vendor | RedHat | Last vendor Modification | 2005-07-25 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated Apache httpd packages to correct two security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The Apache HTTP Server is a powerful, full-featured, efficient, and freely-available Web server. Watchfire reported a flaw that occured when using the Apache server as an HTTP proxy. A remote attacker could send an HTTP request with both a "Transfer-Encoding: chunked" header and a "Content-Length" header. This caused Apache to incorrectly handle and forward the body of the request in a way that the receiving server processes it as a separate HTTP request. This could allow the bypass of Web application firewall protection or lead to cross-site scripting (XSS) attacks. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CAN-2005-2088 to this issue. Marc Stern reported an off-by-one overflow in the mod_ssl CRL verification callback. In order to exploit this issue the Apache server would need to be configured to use a malicious certificate revocation list (CRL). The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CAN-2005-1268 to this issue. Users of Apache httpd should update to these errata packages that contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 161893 - Bug 145666 is missing a ',' after REDIRECT_REMOTE_USER 162244 - CAN-2005-2088 httpd proxy request smuggling 163013 - CAN-2005-1268 mod_ssl off-by-one |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2005-582.html |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-33 | HTTP Request Smuggling |
CAPEC-105 | HTTP Request Splitting |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-444 | Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') |
50 % | CWE-193 | Off-by-one Error |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11452 | |||
Oval ID: | oval:org.mitre.oval:def:11452 | ||
Title: | The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | ||
Description: | The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2088 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1237 | |||
Oval ID: | oval:org.mitre.oval:def:1237 | ||
Title: | Webproxy HTTP Request Smuggling (B.11.04) | ||
Description: | The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2088 | Version: | 5 |
Platform(s): | HP-UX 11 | Product(s): | Apache |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1346 | |||
Oval ID: | oval:org.mitre.oval:def:1346 | ||
Title: | Apache mod_ssl CRL off-by-one DoS | ||
Description: | Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-1268 | Version: | 1 |
Platform(s): | HP-UX 11 | Product(s): | Apache |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1526 | |||
Oval ID: | oval:org.mitre.oval:def:1526 | ||
Title: | VirusVault HTTP Request Smuggling | ||
Description: | The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2088 | Version: | 2 |
Platform(s): | HP-UX 11 | Product(s): | Apache |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1629 | |||
Oval ID: | oval:org.mitre.oval:def:1629 | ||
Title: | Webproxy HTTP Request Smuggling | ||
Description: | The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2088 | Version: | 2 |
Platform(s): | HP-UX 11 | Product(s): | Apache |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1714 | |||
Oval ID: | oval:org.mitre.oval:def:1714 | ||
Title: | VirusVault Off-by-One Error in mod_ssl CRL | ||
Description: | Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-1268 | Version: | 2 |
Platform(s): | HP-UX 11 | Product(s): | Apache |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1747 | |||
Oval ID: | oval:org.mitre.oval:def:1747 | ||
Title: | Webproxy Off-by-One Error in mod_ssl CRL | ||
Description: | Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-1268 | Version: | 2 |
Platform(s): | HP-UX 11 | Product(s): | Apache |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:840 | |||
Oval ID: | oval:org.mitre.oval:def:840 | ||
Title: | Apache HTTP Request Smuggling | ||
Description: | The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2088 | Version: | 1 |
Platform(s): | HP-UX 11 | Product(s): | Apache |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9589 | |||
Oval ID: | oval:org.mitre.oval:def:9589 | ||
Title: | Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte. | ||
Description: | Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-1268 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-02-03 | Name : Solaris Update for Apache 1.3 122912-19 File : nvt/gb_solaris_122912_19.nasl |
2010-02-03 | Name : Solaris Update for Apache 1.3 122911-19 File : nvt/gb_solaris_122911_19.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-13 | Name : Solaris Update for Apache 1.3 122912-17 File : nvt/gb_solaris_122912_17.nasl |
2009-10-13 | Name : Solaris Update for Apache 1.3 122911-17 File : nvt/gb_solaris_122911_17.nasl |
2009-10-10 | Name : SLES9: Security update for apache and mod_ssl File : nvt/sles9p5018822.nasl |
2009-10-10 | Name : SLES9: Security update for Apache 2 oes/CORE File : nvt/sles9p5014064.nasl |
2009-09-23 | Name : Solaris Update for Apache 1.3 122911-16 File : nvt/gb_solaris_122911_16.nasl |
2009-09-23 | Name : Solaris Update for Apache 1.3 122912-16 File : nvt/gb_solaris_122912_16.nasl |
2009-06-03 | Name : Solaris Update for Apache 1.3 122911-15 File : nvt/gb_solaris_122911_15.nasl |
2009-06-03 | Name : Solaris Update for Apache 116974-07 File : nvt/gb_solaris_116974_07.nasl |
2009-06-03 | Name : Solaris Update for Apache 1.3 122912-15 File : nvt/gb_solaris_122912_15.nasl |
2009-06-03 | Name : Solaris Update for Apache 116973-07 File : nvt/gb_solaris_116973_07.nasl |
2009-06-03 | Name : Solaris Update for Apache Security 114145-11 File : nvt/gb_solaris_114145_11.nasl |
2009-06-03 | Name : Solaris Update for Apache Security 113146-12 File : nvt/gb_solaris_113146_12.nasl |
2008-09-04 | Name : FreeBSD Ports: apache File : nvt/freebsd_apache9.nasl |
2008-09-04 | Name : FreeBSD Ports: apache File : nvt/freebsd_apache8.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 803-1 (apache) File : nvt/deb_803_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 805-1 (apache2) File : nvt/deb_805_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
18286 | Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow Apache HTTP Server contains a flaw that may allow a remote attacker to gain privileges. The issue is due to the mod_ssl extension module not properly validating Certificate Revocation Lists (CRL). By sending a crafted CRL, an attacker can exploit an off-by-one error in mod_ssl to cause a buffer overflow. This may allow the attacker to crash the web server or potentially execute arbitrary code. |
17738 | Apache HTTP Server HTTP Request Smuggling |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Content-Length request offset smuggling attempt RuleID : 16218 - Revision : 10 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2008-03-26 | Name : The remote version of Apache is affected by multiple vulnerabilities. File : apache_2_0_55.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-582.nasl - Type : ACT_GATHER_INFO |
2006-05-13 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_e936d612253f11dabc01000e0c2e438a.nasl - Type : ACT_GATHER_INFO |
2006-03-21 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_34163.nasl - Type : ACT_GATHER_INFO |
2006-03-21 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_34204.nasl - Type : ACT_GATHER_INFO |
2006-03-21 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_34203.nasl - Type : ACT_GATHER_INFO |
2006-03-21 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_34171.nasl - Type : ACT_GATHER_INFO |
2006-03-21 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_34170.nasl - Type : ACT_GATHER_INFO |
2006-03-21 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_34169.nasl - Type : ACT_GATHER_INFO |
2006-03-21 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_34123.nasl - Type : ACT_GATHER_INFO |
2006-03-21 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_34121.nasl - Type : ACT_GATHER_INFO |
2006-03-21 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_34120.nasl - Type : ACT_GATHER_INFO |
2006-03-21 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_34119.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-160-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-160-2.nasl - Type : ACT_GATHER_INFO |
2005-11-30 | Name : The remote operating system is missing a vendor-supplied patch. File : macosx_SecUpd2005-009.nasl - Type : ACT_GATHER_INFO |
2005-11-07 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2005-310-04.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-129.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-130.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_046.nasl - Type : ACT_GATHER_INFO |
2005-09-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-805.nasl - Type : ACT_GATHER_INFO |
2005-09-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-803.nasl - Type : ACT_GATHER_INFO |
2005-08-03 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-639.nasl - Type : ACT_GATHER_INFO |
2005-08-03 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-638.nasl - Type : ACT_GATHER_INFO |
2005-08-01 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_651996e0fe0711d98329000e0c2e438a.nasl - Type : ACT_GATHER_INFO |
2005-07-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-582.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:49:31 |
|