Executive Summary

Summary
Title HP Business Availability Center (BAC) Running Apache, Remote Execution of Arbitrary Commands, Denial of Service (DoS)
Informations
Name HPSBMU02753 SSRT100782 First vendor Publication 2012-04-02
Vendor HP Last vendor Modification 2012-04-02
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Potential security vulnerabilities have been identified with HP Business Availability Center (BAC) running Apache. The vulnerabilities could be remotely exploited to allow execution of arbitrary commands or to create a Denial of Service (DoS).

Original Source

Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03236227

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10981
 
Oval ID: oval:org.mitre.oval:def:10981
Title: The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
Description: The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3094
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11683
 
Oval ID: oval:org.mitre.oval:def:11683
Title: Apache 'mod_cache' and 'mod_dav' Request Handling Denial of Service Vulnerability
Description: The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1452
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Apache
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12341
 
Oval ID: oval:org.mitre.oval:def:12341
Title: HP-UX Apache-based Web Server, Local Information Disclosure, Increase of Privilege, Remote Denial of Service (DoS)
Description: The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
Family: unix Class: vulnerability
Reference(s): CVE-2010-1452
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13296
 
Oval ID: oval:org.mitre.oval:def:13296
Title: USN-860-1 -- apache2 vulnerabilities
Description: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user�s session. The flaw is with TLS renegotiation and potentially affects any software that supports this feature. Attacks against the HTTPS protocol are known, with the severity of the issue depending on the safeguards used in the web application. Until the TLS protocol and underlying libraries are adjusted to defend against this vulnerability, a partial, temporary workaround has been applied to Apache that disables client initiated TLS renegotiation. This update does not protect against server initiated TLS renegotiation when using SSLVerifyClient and SSLCipherSuite on a per Directory or Location basis. Users can defend againt server inititiated TLS renegotiation attacks by adjusting their Apache configuration to use SSLVerifyClient and SSLCipherSuite only on the server or virtual host level. It was discovered that mod_proxy_ftp in Apache did not properly sanitize its input when processing replies to EPASV and PASV commands. An attacker could use this to cause a denial of service in the Apache child process. Another flaw was discovered in mod_proxy_ftp. If Apache is configured as a reverse proxy, an attacker could send a crafted HTTP header to bypass intended access controls and send arbitrary commands to the FTP server
Family: unix Class: patch
Reference(s): USN-860-1
CVE-2009-3555
CVE-2009-3094
CVE-2009-3095
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 8.10
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): apache2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8087
 
Oval ID: oval:org.mitre.oval:def:8087
Title: Apache mod_proxy_ftp Module Insufficient Input Validation Denial Of Service Vulnerability
Description: The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3094
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Apache
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8662
 
Oval ID: oval:org.mitre.oval:def:8662
Title: Apache mod_proxy_ftp Module Insufficient Input Validation Access Restriction Bypass Vulnerability
Description: The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3095
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Apache
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9363
 
Oval ID: oval:org.mitre.oval:def:9363
Title: The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
Description: The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3095
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 5
Application 177

OpenVAS Exploits

Date Description
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-25 (apache)
File : nvt/glsa_201206_25.nasl
2011-09-21 Name : Debian Security Advisory DSA 2298-1 (apache2)
File : nvt/deb_2298_1.nasl
2011-09-21 Name : Debian Security Advisory DSA 2298-2 (apache2)
File : nvt/deb_2298_2.nasl
2011-08-26 Name : Mac OS X v10.6.6 Multiple Vulnerabilities (2011-001)
File : nvt/secpod_macosx_su11-001.nasl
2011-08-09 Name : CentOS Update for httpd CESA-2009:1580 centos4 i386
File : nvt/gb_CESA-2009_1580_httpd_centos4_i386.nasl
2011-08-09 Name : CentOS Update for httpd CESA-2009:1579 centos5 i386
File : nvt/gb_CESA-2009_1579_httpd_centos5_i386.nasl
2011-08-09 Name : CentOS Update for httpd CESA-2009:1579 centos3 i386
File : nvt/gb_CESA-2009_1579_httpd_centos3_i386.nasl
2011-01-04 Name : HP-UX Update for Apache-based Web Server HPSBUX02612
File : nvt/gb_hp_ux_HPSBUX02612.nasl
2010-12-02 Name : Ubuntu Update for apache2 vulnerabilities USN-1021-1
File : nvt/gb_ubuntu_USN_1021_1.nasl
2010-09-07 Name : RedHat Update for httpd RHSA-2010:0659-01
File : nvt/gb_RHSA-2010_0659-01_httpd.nasl
2010-08-21 Name : FreeBSD Ports: apache
File : nvt/freebsd_apache17.nasl
2010-08-20 Name : Mandriva Update for apache MDVSA-2010:153 (apache)
File : nvt/gb_mandriva_MDVSA_2010_153.nasl
2010-08-20 Name : Mandriva Update for apache MDVSA-2010:152 (apache)
File : nvt/gb_mandriva_MDVSA_2010_152.nasl
2010-08-16 Name : Fedora Update for httpd FEDORA-2010-12478
File : nvt/gb_fedora_2010_12478_httpd_fc13.nasl
2010-07-27 Name : Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
File : nvt/gb_apache_41963.nasl
2010-06-07 Name : HP-UX Update for Apache-based Web Server HPSBUX02531
File : nvt/gb_hp_ux_HPSBUX02531.nasl
2010-05-12 Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002
File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl
2010-03-02 Name : Fedora Update for httpd FEDORA-2009-12747
File : nvt/gb_fedora_2009_12747_httpd_fc11.nasl
2009-12-30 Name : Fedora Core 12 FEDORA-2009-12606 (httpd)
File : nvt/fcore_2009_12606.nasl
2009-12-14 Name : Fedora Core 10 FEDORA-2009-12604 (httpd)
File : nvt/fcore_2009_12604.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:323 (apache)
File : nvt/mdksa_2009_323.nasl
2009-11-17 Name : RedHat Security Advisory RHSA-2009:1579
File : nvt/RHSA_2009_1579.nasl
2009-11-17 Name : CentOS Security Advisory CESA-2009:1579 (httpd)
File : nvt/ovcesa2009_1579.nasl
2009-11-17 Name : CentOS Security Advisory CESA-2009:1580 (httpd)
File : nvt/ovcesa2009_1580.nasl
2009-11-17 Name : RedHat Security Advisory RHSA-2009:1580
File : nvt/RHSA_2009_1580.nasl
2009-10-27 Name : SLES10: Security update for Apache 2
File : nvt/sles10_apache21.nasl
2009-10-27 Name : SLES11: Security update for Apache 2
File : nvt/sles11_apache2.nasl
2009-10-27 Name : SLES9: Security update for Apache 2
File : nvt/sles9p5060942.nasl
2009-10-27 Name : SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
File : nvt/suse_sa_2009_050.nasl
2009-09-28 Name : Mandrake Security Advisory MDVSA-2009:240 (apache)
File : nvt/mdksa_2009_240.nasl
2009-09-28 Name : RedHat Security Advisory RHSA-2009:1461
File : nvt/RHSA_2009_1461.nasl
2009-09-16 Name : Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
File : nvt/secpod_apache_mod_proxy_ftp_cmd_inj_vuln.nasl
2009-09-16 Name : Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
File : nvt/secpod_apache_mod_proxy_ftp_dos_vuln.nasl
0000-00-00 Name : Slackware Advisory SSA:2010-240-02 httpd
File : nvt/esoft_slk_ssa_2010_240_02.nasl
0000-00-00 Name : Slackware Advisory SSA:2010-024-01 httpd
File : nvt/esoft_slk_ssa_2010_024_01.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
66745 Apache HTTP Server Multiple Modules Pathless Request Remote DoS

58879 Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollse...

57882 Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Comm...

57851 Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS

Apache mod_proxy_ftp module contains a flaw that may allow a Remote denial of service. The issue is triggered when NULL-pointer dereference occurs, and will result in loss of availability for Apache child process via a malformed EPSV response.

Nessus® Vulnerability Scanner

Date Description
2017-10-31 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-2907-1.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1579.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1580.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0659.nasl - Type : ACT_GATHER_INFO
2013-06-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1579.nasl - Type : ACT_GATHER_INFO
2013-06-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1580.nasl - Type : ACT_GATHER_INFO
2013-06-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0659.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100830_httpd_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091111_httpd_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-06-25 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201206-25.nasl - Type : ACT_GATHER_INFO
2012-04-20 Name : The remote web server is affected by multiple vulnerabilities.
File : hpsmh_7_0_0_24.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_apache2-110831.nasl - Type : ACT_GATHER_INFO
2011-08-30 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2298.nasl - Type : ACT_GATHER_INFO
2011-03-22 Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_10_6_7.nasl - Type : ACT_GATHER_INFO
2011-03-22 Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_SecUpd2011-001.nasl - Type : ACT_GATHER_INFO
2010-11-28 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1021-1.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : The remote web server is affected by multiple vulnerabilities.
File : apache_2_0_64.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_apache2-6572.nasl - Type : ACT_GATHER_INFO
2010-08-31 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0659.nasl - Type : ACT_GATHER_INFO
2010-08-29 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2010-240-02.nasl - Type : ACT_GATHER_INFO
2010-08-17 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-152.nasl - Type : ACT_GATHER_INFO
2010-08-17 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-153.nasl - Type : ACT_GATHER_INFO
2010-08-14 Name : The remote Fedora host is missing a security update.
File : fedora_2010-12478.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote web server is affected by multiple vulnerabilities.
File : apache_2_2_16.nasl - Type : ACT_GATHER_INFO
2010-07-26 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_28a7310f985511df8d36001aa0166822.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2009-12747.nasl - Type : ACT_GATHER_INFO
2010-03-29 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_6_3.nasl - Type : ACT_GATHER_INFO
2010-03-29 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2010-002.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1934.nasl - Type : ACT_GATHER_INFO
2010-01-25 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2010-024-01.nasl - Type : ACT_GATHER_INFO
2009-12-18 Name : The remote Fedora host is missing a security update.
File : fedora_2009-12606.nasl - Type : ACT_GATHER_INFO
2009-12-10 Name : The remote Fedora host is missing a security update.
File : fedora_2009-12604.nasl - Type : ACT_GATHER_INFO
2009-12-08 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-323.nasl - Type : ACT_GATHER_INFO
2009-11-19 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-860-1.nasl - Type : ACT_GATHER_INFO
2009-11-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1580.nasl - Type : ACT_GATHER_INFO
2009-11-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1579.nasl - Type : ACT_GATHER_INFO
2009-10-30 Name : The remote openSUSE host is missing a security update.
File : suse_apache2-6576.nasl - Type : ACT_GATHER_INFO
2009-10-26 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12526.nasl - Type : ACT_GATHER_INFO
2009-10-26 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_apache2-091020.nasl - Type : ACT_GATHER_INFO
2009-10-26 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_apache2-091020.nasl - Type : ACT_GATHER_INFO
2009-10-26 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_apache2-091020.nasl - Type : ACT_GATHER_INFO
2009-10-26 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_apache2-6571.nasl - Type : ACT_GATHER_INFO
2009-10-07 Name : The remote web server is affected by multiple vulnerabilities.
File : apache_2_2_14.nasl - Type : ACT_GATHER_INFO
2009-09-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-240.nasl - Type : ACT_GATHER_INFO