Executive Summary
Summary | |
---|---|
Title | Apache 2 vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-160-1 | First vendor Publication | 2005-08-04 |
Vendor | Ubuntu | Last vendor Modification | 2005-08-04 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: apache2-mpm-perchild apache2-mpm-prefork apache2-mpm-threadpool apache2-mpm-worker The problem can be corrected by upgrading the affected package to version 2.0.50-12ubuntu4.3 (for Ubuntu 4.10), or 2.0.53-5ubuntu5.2 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Marc Stern discovered a buffer overflow in the SSL module's certificate revocation list (CRL) handler. If Apache is configured to use a malicious CRL, this could possibly lead to a server crash or arbitrary code execution with the privileges of the Apache web server. (CAN-2005-1268) Watchfire discovered that Apache insufficiently verified the "Transfer-Encoding" and "Content-Length" headers when acting as an HTTP proxy. By sending a specially crafted HTTP request, a remote attacker who is authorized to use the proxy could exploit this to bypass web application firewalls, poison the HTTP proxy cache, and conduct cross-site scripting attacks against other proxy users. (CAN-2005-2088) |
Original Source
Url : http://www.ubuntu.com/usn/USN-160-1 |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-33 | HTTP Request Smuggling |
CAPEC-105 | HTTP Request Splitting |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-444 | Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') |
50 % | CWE-193 | Off-by-one Error |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11452 | |||
Oval ID: | oval:org.mitre.oval:def:11452 | ||
Title: | The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | ||
Description: | The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2088 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1237 | |||
Oval ID: | oval:org.mitre.oval:def:1237 | ||
Title: | Webproxy HTTP Request Smuggling (B.11.04) | ||
Description: | The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2088 | Version: | 5 |
Platform(s): | HP-UX 11 | Product(s): | Apache |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1346 | |||
Oval ID: | oval:org.mitre.oval:def:1346 | ||
Title: | Apache mod_ssl CRL off-by-one DoS | ||
Description: | Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-1268 | Version: | 1 |
Platform(s): | HP-UX 11 | Product(s): | Apache |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1526 | |||
Oval ID: | oval:org.mitre.oval:def:1526 | ||
Title: | VirusVault HTTP Request Smuggling | ||
Description: | The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2088 | Version: | 2 |
Platform(s): | HP-UX 11 | Product(s): | Apache |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1629 | |||
Oval ID: | oval:org.mitre.oval:def:1629 | ||
Title: | Webproxy HTTP Request Smuggling | ||
Description: | The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2088 | Version: | 2 |
Platform(s): | HP-UX 11 | Product(s): | Apache |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1714 | |||
Oval ID: | oval:org.mitre.oval:def:1714 | ||
Title: | VirusVault Off-by-One Error in mod_ssl CRL | ||
Description: | Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-1268 | Version: | 2 |
Platform(s): | HP-UX 11 | Product(s): | Apache |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1747 | |||
Oval ID: | oval:org.mitre.oval:def:1747 | ||
Title: | Webproxy Off-by-One Error in mod_ssl CRL | ||
Description: | Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-1268 | Version: | 2 |
Platform(s): | HP-UX 11 | Product(s): | Apache |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:840 | |||
Oval ID: | oval:org.mitre.oval:def:840 | ||
Title: | Apache HTTP Request Smuggling | ||
Description: | The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2088 | Version: | 1 |
Platform(s): | HP-UX 11 | Product(s): | Apache |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9589 | |||
Oval ID: | oval:org.mitre.oval:def:9589 | ||
Title: | Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte. | ||
Description: | Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-1268 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-02-03 | Name : Solaris Update for Apache 1.3 122912-19 File : nvt/gb_solaris_122912_19.nasl |
2010-02-03 | Name : Solaris Update for Apache 1.3 122911-19 File : nvt/gb_solaris_122911_19.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-13 | Name : Solaris Update for Apache 1.3 122912-17 File : nvt/gb_solaris_122912_17.nasl |
2009-10-13 | Name : Solaris Update for Apache 1.3 122911-17 File : nvt/gb_solaris_122911_17.nasl |
2009-10-10 | Name : SLES9: Security update for apache and mod_ssl File : nvt/sles9p5018822.nasl |
2009-10-10 | Name : SLES9: Security update for Apache 2 oes/CORE File : nvt/sles9p5014064.nasl |
2009-09-23 | Name : Solaris Update for Apache 1.3 122911-16 File : nvt/gb_solaris_122911_16.nasl |
2009-09-23 | Name : Solaris Update for Apache 1.3 122912-16 File : nvt/gb_solaris_122912_16.nasl |
2009-06-03 | Name : Solaris Update for Apache 1.3 122911-15 File : nvt/gb_solaris_122911_15.nasl |
2009-06-03 | Name : Solaris Update for Apache 116974-07 File : nvt/gb_solaris_116974_07.nasl |
2009-06-03 | Name : Solaris Update for Apache 1.3 122912-15 File : nvt/gb_solaris_122912_15.nasl |
2009-06-03 | Name : Solaris Update for Apache 116973-07 File : nvt/gb_solaris_116973_07.nasl |
2009-06-03 | Name : Solaris Update for Apache Security 114145-11 File : nvt/gb_solaris_114145_11.nasl |
2009-06-03 | Name : Solaris Update for Apache Security 113146-12 File : nvt/gb_solaris_113146_12.nasl |
2008-09-04 | Name : FreeBSD Ports: apache File : nvt/freebsd_apache9.nasl |
2008-09-04 | Name : FreeBSD Ports: apache File : nvt/freebsd_apache8.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 803-1 (apache) File : nvt/deb_803_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 805-1 (apache2) File : nvt/deb_805_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
18286 | Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow Apache HTTP Server contains a flaw that may allow a remote attacker to gain privileges. The issue is due to the mod_ssl extension module not properly validating Certificate Revocation Lists (CRL). By sending a crafted CRL, an attacker can exploit an off-by-one error in mod_ssl to cause a buffer overflow. This may allow the attacker to crash the web server or potentially execute arbitrary code. |
17738 | Apache HTTP Server HTTP Request Smuggling |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Content-Length request offset smuggling attempt RuleID : 16218 - Revision : 10 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2008-03-26 | Name : The remote version of Apache is affected by multiple vulnerabilities. File : apache_2_0_55.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-582.nasl - Type : ACT_GATHER_INFO |
2006-05-13 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_e936d612253f11dabc01000e0c2e438a.nasl - Type : ACT_GATHER_INFO |
2006-03-21 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_34163.nasl - Type : ACT_GATHER_INFO |
2006-03-21 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_34204.nasl - Type : ACT_GATHER_INFO |
2006-03-21 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_34203.nasl - Type : ACT_GATHER_INFO |
2006-03-21 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_34171.nasl - Type : ACT_GATHER_INFO |
2006-03-21 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_34170.nasl - Type : ACT_GATHER_INFO |
2006-03-21 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_34169.nasl - Type : ACT_GATHER_INFO |
2006-03-21 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_34123.nasl - Type : ACT_GATHER_INFO |
2006-03-21 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_34121.nasl - Type : ACT_GATHER_INFO |
2006-03-21 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_34120.nasl - Type : ACT_GATHER_INFO |
2006-03-21 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_34119.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-160-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-160-2.nasl - Type : ACT_GATHER_INFO |
2005-11-30 | Name : The remote operating system is missing a vendor-supplied patch. File : macosx_SecUpd2005-009.nasl - Type : ACT_GATHER_INFO |
2005-11-07 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2005-310-04.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-129.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-130.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_046.nasl - Type : ACT_GATHER_INFO |
2005-09-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-805.nasl - Type : ACT_GATHER_INFO |
2005-09-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-803.nasl - Type : ACT_GATHER_INFO |
2005-08-03 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-639.nasl - Type : ACT_GATHER_INFO |
2005-08-03 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-638.nasl - Type : ACT_GATHER_INFO |
2005-08-01 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_651996e0fe0711d98329000e0c2e438a.nasl - Type : ACT_GATHER_INFO |
2005-07-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-582.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:00:53 |
|