Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : apache2 vulnerabilities (USN-1368-1)

Ubuntu Security Notice (C) 2012-2013 Canonical, Inc. / NASL script (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

It was discovered that the Apache HTTP Server incorrectly handled the
SetEnvIf .htaccess file directive. An attacker having write access to
a .htaccess file may exploit this to possibly execute arbitrary code.
(CVE-2011-3607)

Prutha Parikh discovered that the mod_proxy module did not properly
interact with the RewriteRule and ProxyPassMatch pattern matches in
the configuration of a reverse proxy. This could allow remote
attackers to contact internal webservers behind the proxy that were
not intended for external exposure. (CVE-2011-4317)

Rainer Canavan discovered that the mod_log_config module incorrectly
handled a certain format string when used with a threaded MPM. A
remote attacker could exploit this to cause a denial of service via a
specially- crafted cookie. This issue only affected Ubuntu 11.04 and
11.10. (CVE-2012-0021)

It was discovered that the Apache HTTP Server incorrectly handled
certain type fields within a scoreboard shared memory segment. A local
attacker could exploit this to to cause a denial of service.
(CVE-2012-0031)

Norman Hippert discovered that the Apache HTTP Server incorrecly
handled header information when returning a Bad Request (400) error
page. A remote attacker could exploit this to obtain the values of
certain HTTPOnly cookies. (CVE-2012-0053).

Solution :

Update the affected apache2.2-common package.

Risk factor :

Medium / CVSS Base Score : 4.6
(CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 4.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 57999 ()

Bugtraq ID: 50494
50802
51407
51705
51706

CVE ID: CVE-2011-3607
CVE-2011-4317
CVE-2012-0021
CVE-2012-0031
CVE-2012-0053