Test ID:	1.3.6.1.4.1.25623.1.1.13.2021.259.01
Category:	Slackware Local Security Checks
Title:	Slackware: Security Advisory (SSA:2021-259-01)
Summary:	The remote host is missing an update for the 'httpd' package(s) announced via the SSA:2021-259-01 advisory.
Description:	Summary: The remote host is missing an update for the 'httpd' package(s) announced via the SSA:2021-259-01 advisory. Vulnerability Insight: New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/httpd-2.4.49-i586-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. mod_proxy: Server Side Request Forgery (SSRF) vulnerability [Yann Ylavic] core: ap_escape_quotes buffer overflow mod_proxy_uwsgi: Out of bound read vulnerability [Yann Ylavic] core: null pointer dereference on malformed request mod_http2: Request splitting vulnerability with mod_proxy [Stefan Eissing] For more information, see: [links moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'httpd' package(s) on Slackware 14.0, Slackware 14.1, Slackware 14.2, Slackware current. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-33193 Cisco Security Advisory: 20211124 Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ https://security.netapp.com/advisory/ntap-20210917-0004/ https://www.tenable.com/security/tns-2021-17 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSM6UWQICBJ2TU727RENU3HBKEAFLT6T/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EUVJVRJRBW5QVX4OY3NOHZDQ3B3YOTSG/ https://security.gentoo.org/glsa/202208-20 https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c.patch https://portswigger.net/research/http2 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujan2022.html https://lists.debian.org/debian-lts-announce/2023/03/msg00002.html https://lists.apache.org/thread.html/ree7519d71415ecdd170ff1889cab552d71758d2ba2904a17ded21a70@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re4162adc051c1a0a79e7a24093f3776373e8733abaff57253fef341d@%3Ccvs.httpd.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2021-34798 https://kc.mcafee.com/corporate/index?page=content&id=SB10379 https://security.netapp.com/advisory/ntap-20211008-0004/ Debian Security Information: DSA-4982 (Google Search) https://www.debian.org/security/2021/dsa-4982 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/ http://httpd.apache.org/security/vulnerabilities_24.html https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3Cusers.httpd.apache.org%3E https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3Cusers.httpd.apache.org%3E https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3Cusers.httpd.apache.org%3E https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3Cusers.httpd.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2021-36160 https://lists.debian.org/debian-lts-announce/2021/09/msg00016.html https://lists.debian.org/debian-lts-announce/2021/10/msg00016.html https://lists.apache.org/thread.html/r73260f6ba9fb52e43d860905fc90462ba5a814afda2d011f32bbd41c@%3Cbugs.httpd.apache.org%3E https://lists.apache.org/thread.html/ra1c05a392587bfe34383dffe1213edc425de8d4afc25b7cefab3e781@%3Cbugs.httpd.apache.org%3E https://lists.apache.org/thread.html/r7f2746e916ed370239bc1a1025e5ebbf345f79df9ea0ea39e44acfbb@%3Cbugs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37@%3Cbugs.httpd.apache.org%3E https://lists.apache.org/thread.html/r94a61a1517133a19dcf40016e87454ea86e355d06a0cec4c778530f3@%3Cbugs.httpd.apache.org%3E https://lists.apache.org/thread.html/ra87a69d0703d09dc52b86e32b08f8d7327af10acdd5f577a4e82596a@%3Cbugs.httpd.apache.org%3E https://lists.apache.org/thread.html/rb2341c8786d0f9924f5b666e82d8d170b4804f50a523d750551bef1a@%3Cbugs.httpd.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2021-39275 https://httpd.apache.org/security/vulnerabilities_24.html Common Vulnerability Exposure (CVE) ID: CVE-2021-40438 https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00@%3Cusers.httpd.apache.org%3E https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a@%3Cusers.httpd.apache.org%3E
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.