| |||||||||||||
| Test ID: | 1.3.6.1.4.1.25623.1.0.70737 |
| Category: | FreeBSD Local Security Checks |
| Title: | FreeBSD Ports: apache |
| Summary: | FreeBSD Ports: apache |
| Description: | The remote host is missing an update to the system as announced in the referenced advisory. The following package is affected: apache CVE-2011-3368 The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character. CVE-2011-3607 Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow. CVE-2011-4317 The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368. CVE-2012-0021 The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value. CVE-2012-0031 scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function. CVE-2012-0053 protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script. Solution: Update your system with the appropriate patches or software upgrades. |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2011-3368 http://www.exploit-db.com/exploits/17969 http://seclists.org/fulldisclosure/2011/Oct/232 http://seclists.org/fulldisclosure/2011/Oct/273 http://web.archiveorange.com/archive/v/ZyS0hzECD5zzb2NkvQlt http://www.contextis.com/research/blog/reverseproxybypass/ AIX APAR: SE49723 http://www-01.ibm.com/support/docview.wss?uid=nas2064c7e5f53452ff686257927003c8d42 AIX APAR: SE49724 http://www-01.ibm.com/support/docview.wss?uid=nas2b7c57b1f1035675186257927003c8d48 http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html HPdes Security Advisory: HPSBOV02822 http://marc.info/?l=bugtraq&m=134987041210674&w=2 HPdes Security Advisory: SSRT100966 http://www.mandriva.com/security/advisories?name=MDVSA-2011:144 http://www.redhat.com/support/errata/RHSA-2011-1391.html http://www.redhat.com/support/errata/RHSA-2011-1392.html SuSE Security Announcement: SUSE-SU-2011:1229 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html BugTraq ID: 49957 http://www.securityfocus.com/bid/49957 http://osvdb.org/76079 http://www.securitytracker.com/id?1026144 http://secunia.com/advisories/46288 http://secunia.com/advisories/46414 http://secunia.com/advisories/48551 XForce ISS Database: apache-modproxy-information-disclosure(70336) http://xforce.iss.net/xforce/xfdb/70336 Common Vulnerability Exposure (CVE) ID: CVE-2011-3607 http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0023.html http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/ http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/DemoExploit.html HPdes Security Advisory: HPSBMU02786 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 HPdes Security Advisory: SSRT100877 http://www.mandriva.com/security/advisories?name=MDVSA-2012:003 RedHat Security Advisories: RHSA-2012:0128 http://rhn.redhat.com/errata/RHSA-2012-0128.html BugTraq ID: 50494 http://www.securityfocus.com/bid/50494 http://www.osvdb.org/76744 http://securitytracker.com/id?1026267 http://secunia.com/advisories/45793 XForce ISS Database: apache-http-appregsub-bo(71093) http://xforce.iss.net/xforce/xfdb/71093 Common Vulnerability Exposure (CVE) ID: CVE-2011-4317 https://community.qualys.com/blogs/securitylabs/2011/11/23/apache-reverse-proxy-bypass-issue http://www.securitytracker.com/id?1026353 Common Vulnerability Exposure (CVE) ID: CVE-2012-0021 Common Vulnerability Exposure (CVE) ID: CVE-2012-0031 http://www.halfdog.net/Security/2011/ApacheScoreboardInvalidFreeOnShutdown/ SuSE Security Announcement: openSUSE-SU-2012:0314 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html BugTraq ID: 51407 http://www.securityfocus.com/bid/51407 http://secunia.com/advisories/47410 Common Vulnerability Exposure (CVE) ID: CVE-2012-0053 BugTraq ID: 51706 http://www.securityfocus.com/bid/51706 |
| Copyright | Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com |
| This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |
|
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois
© 1998-2013 E-Soft Inc. All rights reserved.