Executive Summary
Summary | |
---|---|
Title | Apache HTTP Server vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-3373-1 | First vendor Publication | 2017-07-31 |
Vendor | Ubuntu | Last vendor Modification | 2017-07-31 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 ESM Summary: Several security issues were fixed in Apache HTTP Server. Software Description: - apache2: Apache HTTP server Details: Emmanuel Dreyfus discovered that third-party modules using the ap_get_basic_auth_pw() function outside of the authentication phase may lead to authentication requirements being bypassed. This update adds a new ap_get_basic_auth_components() function for use by third-party modules. (CVE-2017-3167) Vasileios Panopoulos discovered that the Apache mod_ssl module may crash when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port. (CVE-2017-3169) Javier Jiménez discovered that the Apache HTTP Server incorrectly handled parsing certain requests. A remote attacker could possibly use this issue to cause the Apache HTTP Server to crash, resulting in a denial of service. (CVE-2017-7668) ChenQin and Hanno Böck discovered that the Apache mod_mime module incorrectly handled certain Content-Type response headers. A remote attacker could possibly use this issue to cause the Apache HTTP Server to crash, resulting in a denial of service. (CVE-2017-7679) David Dennerline and Régis Leroy discovered that the Apache HTTP Server incorrectly handled unusual whitespace when parsing requests, contrary to specifications. When being used in combination with a proxy or backend server, a remote attacker could possibly use this issue to perform an injection attack and pollute cache. This update may introduce compatibility issues with clients that do not strictly follow HTTP protocol specifications. A new configuration option "HttpProtocolOptions Unsafe" can be used to revert to the previous unsafe behaviour in problematic environments. (CVE-2016-8743) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM:  apache2.2-bin                   2.2.22-1ubuntu1.12 In general, a standard system update will make all the necessary changes. References:  https://www.ubuntu.com/usn/usn-3373-1  CVE-2016-8743, CVE-2017-3167, CVE-2017-3169, CVE-2017-7668,  CVE-2017-7679 |
Original Source
Url : http://www.ubuntu.com/usn/USN-3373-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
25 % | CWE-476 | NULL Pointer Dereference |
25 % | CWE-287 | Improper Authentication |
25 % | CWE-125 | Out-of-bounds Read |
25 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Snort® IPS/IDS
Date | Description |
---|---|
2017-08-17 | Apache httpd ap_find_token buffer overread attempt RuleID : 43587 - Revision : 5 - Type : SERVER-WEBAPP |
2017-08-15 | httpd mod_mime content-type buffer overflow attempt RuleID : 43547 - Revision : 2 - Type : SERVER-APACHE |
2014-01-10 | Apache mod_ssl non-SSL connection to SSL port denial of service attempt RuleID : 11263 - Revision : 8 - Type : SERVER-APACHE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2018-11-27 | Name : The remote Virtuozzo host is missing a security update. File : Virtuozzo_VZLSA-2017-2478.nasl - Type : ACT_GATHER_INFO |
2018-11-27 | Name : The remote Virtuozzo host is missing a security update. File : Virtuozzo_VZLSA-2017-1721.nasl - Type : ACT_GATHER_INFO |
2018-08-17 | Name : The remote PhotonOS host is missing multiple security updates. File : PhotonOS_PHSA-2017-0027.nasl - Type : ACT_GATHER_INFO |
2018-05-24 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL75429050.nasl - Type : ACT_GATHER_INFO |
2018-05-24 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL00373024.nasl - Type : ACT_GATHER_INFO |
2018-03-21 | Name : The remote device is affected by multiple vulnerabilities. File : juniper_space_jsa_10838.nasl - Type : ACT_GATHER_INFO |
2017-12-26 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL83043359.nasl - Type : ACT_GATHER_INFO |
2017-12-26 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL34125394.nasl - Type : ACT_GATHER_INFO |
2017-11-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-3195.nasl - Type : ACT_GATHER_INFO |
2017-11-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-3193.nasl - Type : ACT_GATHER_INFO |
2017-11-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-3194.nasl - Type : ACT_GATHER_INFO |
2017-11-03 | Name : The remote host is missing a macOS or Mac OS X security update that fixes mul... File : macosx_SecUpd2017-004.nasl - Type : ACT_GATHER_INFO |
2017-10-31 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2017-2907-1.nasl - Type : ACT_GATHER_INFO |
2017-10-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201710-32.nasl - Type : ACT_GATHER_INFO |
2017-10-19 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2017-2756-1.nasl - Type : ACT_GATHER_INFO |
2017-10-19 | Name : An application installed on the remote host is affected by an unspecified vul... File : oracle_secure_global_desktop_oct_2017_cpu.nasl - Type : ACT_GATHER_INFO |
2017-10-18 | Name : An application installed on the remote host is affected by multiple vulnerabi... File : virtualbox_5_1_30.nasl - Type : ACT_GATHER_INFO |
2017-10-05 | Name : The remote host is missing a vendor-supplied security patch. File : fireeye_os_ex_801.nasl - Type : ACT_GATHER_INFO |
2017-10-03 | Name : The remote host is missing a macOS update that fixes multiple security vulner... File : macos_10_13.nasl - Type : ACT_GATHER_INFO |
2017-09-28 | Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_6_1.nasl - Type : ACT_GATHER_INFO |
2017-09-15 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2017-892.nasl - Type : ACT_GATHER_INFO |
2017-09-14 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2017-2449-1.nasl - Type : ACT_GATHER_INFO |
2017-09-08 | Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2017-1178.nasl - Type : ACT_GATHER_INFO |
2017-09-08 | Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2017-1177.nasl - Type : ACT_GATHER_INFO |
2017-08-25 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2017-2479.nasl - Type : ACT_GATHER_INFO |
2017-08-22 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20170815_httpd_on_SL7_x.nasl - Type : ACT_GATHER_INFO |
2017-08-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-2478.nasl - Type : ACT_GATHER_INFO |
2017-08-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-2479.nasl - Type : ACT_GATHER_INFO |
2017-08-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2017-2478.nasl - Type : ACT_GATHER_INFO |
2017-08-16 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2017-2478.nasl - Type : ACT_GATHER_INFO |
2017-08-16 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2017-2479.nasl - Type : ACT_GATHER_INFO |
2017-08-16 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20170815_httpd_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2017-08-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2017-863.nasl - Type : ACT_GATHER_INFO |
2017-07-18 | Name : The remote Fedora host is missing a security update. File : fedora_2017-9ded7c5670.nasl - Type : ACT_GATHER_INFO |
2017-07-18 | Name : The remote web server is affected by multiple vulnerabilities. File : apache_2_2_34.nasl - Type : ACT_GATHER_INFO |
2017-07-17 | Name : The remote Fedora host is missing a security update. File : fedora_2017-81976b6a91.nasl - Type : ACT_GATHER_INFO |
2017-07-13 | Name : The remote Virtuozzo host is missing a security update. File : Virtuozzo_VZLSA-2017-0906.nasl - Type : ACT_GATHER_INFO |
2017-07-13 | Name : The remote Fedora host is missing a security update. File : fedora_2017-cf9599a306.nasl - Type : ACT_GATHER_INFO |
2017-07-13 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2017-1721.nasl - Type : ACT_GATHER_INFO |
2017-07-12 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20170711_httpd_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2017-07-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-1721.nasl - Type : ACT_GATHER_INFO |
2017-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2017-1721.nasl - Type : ACT_GATHER_INFO |
2017-07-07 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-786.nasl - Type : ACT_GATHER_INFO |
2017-07-03 | Name : The remote Debian host is missing a security update. File : debian_DLA-1009.nasl - Type : ACT_GATHER_INFO |
2017-06-30 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2017-180-03.nasl - Type : ACT_GATHER_INFO |
2017-06-29 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2017-1714-1.nasl - Type : ACT_GATHER_INFO |
2017-06-27 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-3340-1.nasl - Type : ACT_GATHER_INFO |
2017-06-26 | Name : The Tenable SecurityCenter application on the remote host contains a web serv... File : securitycenter_apache_2_4_25.nasl - Type : ACT_GATHER_INFO |
2017-06-23 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3896.nasl - Type : ACT_GATHER_INFO |
2017-06-23 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2017-851.nasl - Type : ACT_GATHER_INFO |
2017-06-22 | Name : The remote web server is affected by multiple vulnerabilities. File : apache_2_4_26.nasl - Type : ACT_GATHER_INFO |
2017-06-20 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_0c2db2aa558411e79a7db499baebfeaf.nasl - Type : ACT_GATHER_INFO |
2017-05-10 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-3279-1.nasl - Type : ACT_GATHER_INFO |
2017-05-03 | Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2017-1086.nasl - Type : ACT_GATHER_INFO |
2017-05-03 | Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2017-1085.nasl - Type : ACT_GATHER_INFO |
2017-05-02 | Name : An application installed on the remote host is affected by multiple vulnerabi... File : oracle_secure_global_desktop_apr_2017_cpu.nasl - Type : ACT_GATHER_INFO |
2017-04-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2017-0906.nasl - Type : ACT_GATHER_INFO |
2017-04-13 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20170412_httpd_on_SL7_x.nasl - Type : ACT_GATHER_INFO |
2017-04-13 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2017-0906.nasl - Type : ACT_GATHER_INFO |
2017-04-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-0906.nasl - Type : ACT_GATHER_INFO |
2017-04-03 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-417.nasl - Type : ACT_GATHER_INFO |
2017-04-03 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-416.nasl - Type : ACT_GATHER_INFO |
2017-03-31 | Name : The remote host is missing a macOS update that fixes multiple security vulner... File : macos_10_12_4.nasl - Type : ACT_GATHER_INFO |
2017-03-23 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2017-0801-1.nasl - Type : ACT_GATHER_INFO |
2017-03-23 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2017-0797-1.nasl - Type : ACT_GATHER_INFO |
2017-03-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2017-0729-1.nasl - Type : ACT_GATHER_INFO |
2017-03-14 | Name : An application installed on the remote host is affected by multiple vulnerabi... File : securitycenter_5_4_3_tns_2017_04.nasl - Type : ACT_GATHER_INFO |
2017-03-01 | Name : The remote Debian host is missing a security update. File : debian_DLA-841.nasl - Type : ACT_GATHER_INFO |
2017-02-27 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3796.nasl - Type : ACT_GATHER_INFO |
2017-01-20 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2017-785.nasl - Type : ACT_GATHER_INFO |
2017-01-16 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201701-36.nasl - Type : ACT_GATHER_INFO |
2017-01-12 | Name : The remote web server is affected by multiple vulnerabilities. File : apache_2_4_25.nasl - Type : ACT_GATHER_INFO |
2017-01-12 | Name : The remote web server is affected by multiple vulnerabilities. File : apache_2_2_32.nasl - Type : ACT_GATHER_INFO |
2016-12-27 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2016-358-01.nasl - Type : ACT_GATHER_INFO |
2016-12-27 | Name : The remote Fedora host is missing a security update. File : fedora_2016-8d9b62c784.nasl - Type : ACT_GATHER_INFO |
2016-12-27 | Name : The remote Fedora host is missing a security update. File : fedora_2016-d22f50d985.nasl - Type : ACT_GATHER_INFO |
2016-12-21 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_862d6ab3c75e11e69f9820cf30e32f6d.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2017-07-31 21:21:02 |
|