This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.
The remote web server is affected by multiple vulnerabilities.
According to its banner, the version of Apache 2.4.x installed on the
remote host is prior to 2.4.16. It is, therefore, affected by the
following vulnerabilities :
- A flaw exists in the lua_websocket_read() function in
the 'mod_lua' module due to incorrect handling of
WebSocket PING frames. A remote attacker can exploit
this, by sending a crafted WebSocket PING frame after a
Lua script has called the wsupgrade() function, to crash
a child process, resulting in a denial of service
- A NULL pointer dereference flaw exists in the
read_request_line() function due to a failure to
initialize the protocol structure member. A remote
attacker can exploit this flaw, on installations that
enable the INCLUDES filter and has an ErrorDocument 400
directive specifying a local URI, by sending a request
that lacks a method, to cause a denial of service
- A flaw exists in the chunked transfer coding
implementation due to a failure to properly parse chunk
headers. A remote attacker can exploit this to conduct
HTTP request smuggling attacks. (CVE-2015-3183)
- A flaw exists in the ap_some_auth_required() function
due to a failure to consider that a Require directive
may be associated with an authorization setting rather
than an authentication setting. A remote attacker can
exploit this, if a module that relies on the 2.2 API
behavior exists, to bypass intended access restrictions.
- A flaw exists in the RC4 algorithm due to an initial
double-byte bias in the keystream generation. An
attacker can exploit this, via Bayesian analysis that
combines an a priori plaintext distribution with
keystream distribution statistics, to conduct a
plaintext recovery of the ciphertext. Note that RC4
cipher suites are prohibited per RFC 7465. This issue
was fixed in Apache version 2.4.13; however, 2.4.13,
2.4.14, and 2.4.15 were never publicly released.
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.
See also :
Upgrade to Apache version 2.4.16 or later. Alternatively, ensure that
the affected modules are not in use.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true