Apache < 2.0.55 Multiple Vulnerabilities

This script is Copyright (C) 2008-2014 Tenable Network Security, Inc.


Synopsis :

The remote version of Apache is affected by multiple vulnerabilities.

Description :

The remote host appears to be running a version of Apache that is
older than 2.0.55. It is, therefore affected by multiple
vulnerabilities :

- A security issue exists where 'SSLVerifyClient' is not
enforced in per-location context if 'SSLVerifyClient
optional' is configured in the vhost configuration.
(CVE-2005-2700)

- A denial of service vulnerability exists when processing
a large byte range request, as well as a flaw in the
'worker.c' module which could allow an attacker to force
this service to consume excessive amounts of memory.
(CVE-2005-2970)

- When Apache is acting as a proxy, it is possible for a
remote attacker to poison the web cache, bypass web
application firewall protection, and conduct cross-site
scripting attacks via an HTTP request with both a
'Transfer-Encoding: chunked' header and a
'Content-Length' header. (CVE-2005-2088)

- Multiple integer overflows exists in PCRE in quantifier
parsing which could be triggered by a local user through
use of a specially crafted regex in an .htaccess file.
(CVE-2005-2491)

- An issue exists where the byte range filter buffers
responses into memory. (CVE-2005-2728)

- An off-by-one overflow exists in mod_ssl while printing
CRL information at 'LogLevel debug' which could be
triggered if configured to use a 'malicious CRL'.
(CVE-2005-1268)

See also :

http://www.nessus.org/u?e1cae996

Solution :

Upgrade to version 2.0.55 or newer.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 31656 (apache_2_0_55.nasl)

Bugtraq ID: 14106
14366
14620
14660
14721
15762

CVE ID: CVE-2005-1268
CVE-2005-2088
CVE-2005-2491
CVE-2005-2700
CVE-2005-2728
CVE-2005-2970