Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : apache2 vulnerabilities (USN-1368-1)

Ubuntu Security Notice (C) 2012-2016 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

It was discovered that the Apache HTTP Server incorrectly handled the
SetEnvIf .htaccess file directive. An attacker having write access to
a .htaccess file may exploit this to possibly execute arbitrary code.
(CVE-2011-3607)

Prutha Parikh discovered that the mod_proxy module did not properly
interact with the RewriteRule and ProxyPassMatch pattern matches in
the configuration of a reverse proxy. This could allow remote
attackers to contact internal webservers behind the proxy that were
not intended for external exposure. (CVE-2011-4317)

Rainer Canavan discovered that the mod_log_config module incorrectly
handled a certain format string when used with a threaded MPM. A
remote attacker could exploit this to cause a denial of service via a
specially- crafted cookie. This issue only affected Ubuntu 11.04 and
11.10. (CVE-2012-0021)

It was discovered that the Apache HTTP Server incorrectly handled
certain type fields within a scoreboard shared memory segment. A local
attacker could exploit this to to cause a denial of service.
(CVE-2012-0031)

Norman Hippert discovered that the Apache HTTP Server incorrecly
handled header information when returning a Bad Request (400) error
page. A remote attacker could exploit this to obtain the values of
certain HTTPOnly cookies. (CVE-2012-0053).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected apache2.2-common package.

Risk factor :

Medium / CVSS Base Score : 4.6
(CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 4.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 57999 ()

Bugtraq ID: 50494
50802
51407
51705
51706

CVE ID: CVE-2011-3607
CVE-2011-4317
CVE-2012-0021
CVE-2012-0031
CVE-2012-0053