Test ID:	1.3.6.1.4.1.25623.1.1.12.2021.4994.2
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-4994-2)
Summary:	The remote host is missing an update for the 'apache2' package(s) announced via the USN-4994-2 advisory.
Description:	Summary: The remote host is missing an update for the 'apache2' package(s) announced via the USN-4994-2 advisory. Vulnerability Insight: USN-4994-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Antonio Morales discovered that the Apache mod_auth_digest module incorrectly handled certain Digest nonces. A remote attacker could possibly use this issue to cause Apache to crash, resulting in a denial of service. (CVE-2020-35452) Antonio Morales discovered that the Apache mod_session module incorrectly handled certain Cookie headers. A remote attacker could possibly use this issue to cause Apache to crash, resulting in a denial of service. (CVE-2021-26690) Christophe Jaillet discovered that the Apache mod_session module incorrectly handled certain SessionHeader values. A remote attacker could use this issue to cause Apache to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-26691) Christoph Anton Mitterer discovered that the new MergeSlashes configuration option resulted in unexpected behaviour in certain situations. (CVE-2021-30641) Affected Software/OS: 'apache2' package(s) on Ubuntu 14.04, Ubuntu 16.04. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2020-35452 https://security.netapp.com/advisory/ntap-20210702-0001/ Debian Security Information: DSA-4937 (Google Search) https://www.debian.org/security/2021/dsa-4937 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/ https://security.gentoo.org/glsa/202107-38 http://httpd.apache.org/security/vulnerabilities_24.html https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E https://www.oracle.com/security-alerts/cpuoct2021.html https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html https://lists.apache.org/thread.html/rccb1b8225583a48c6360edc7a93cc97ae8b0215791e455dc607e7602@%3Cannounce.httpd.apache.org%3E https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E http://www.openwall.com/lists/oss-security/2021/06/10/5 Common Vulnerability Exposure (CVE) ID: CVE-2021-26690 https://lists.apache.org/thread.html/rae406c1d19c0dfd3103c96923dadac2af1cd0bad6905ab1ede153865@%3Cannounce.httpd.apache.org%3E http://www.openwall.com/lists/oss-security/2021/06/10/6 Common Vulnerability Exposure (CVE) ID: CVE-2021-26691 https://www.oracle.com/security-alerts/cpujan2022.html https://lists.apache.org/thread.html/r50cae1b71f1e7421069036b213c26da7d8f47dd59874e3bd956959fe@%3Cannounce.httpd.apache.org%3E http://www.openwall.com/lists/oss-security/2021/06/10/7 Common Vulnerability Exposure (CVE) ID: CVE-2021-30641 https://lists.apache.org/thread.html/r2b4773944d83d2799de9fbaeee7fe0f3fd72669467787e02f434cb10@%3Cannounce.httpd.apache.org%3E http://www.openwall.com/lists/oss-security/2021/06/10/8
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.