Apache < 1.3.31 mod_access IP Address Netmask Rule Bypass

High Nessus Plugin ID 14177

Synopsis

The remote web server is affected by an access control bypass vulnerability.

Description

The remote host is running a version of Apache web server prior to 1.3.31. It is, therefore, affected by an access control bypass vulnerability due to a failure, on big-endian 64-bit platforms, to properly match 'allow' or 'deny' rules that contain an IP address but lack a corresponding netmask.

Nessus has determined the vulnerability exists only by looking at the Server header returned by the web server running on the target. If the target is not a big-endian 64-bit platform, consider this a false positive.

Solution

Upgrade to Apache web server version 1.3.31 or later.

See Also

http://www.apacheweek.com/features/security-13

http://marc.info/?l=apache-cvs&m=107869603013722

https://bz.apache.org/bugzilla/show_bug.cgi?id=23850

Plugin Details

Severity: High

ID: 14177

File Name: apache_access_wo_netmask.nasl

Version: 1.30

Type: remote

Family: Web Servers

Published: 2004/07/31

Updated: 2018/11/15

Dependencies: 48204, 12634

Configuration: Enable paranoid mode

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apache:http_server

Required KB Items: installed_sw/Apache, Settings/ParanoidReport

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2004/03/08

Reference Information

CVE: CVE-2003-0993

BID: 9829

GLSA: GLSA 200405-22

MDKSA: MDKSA-2004:046

SSA: SSA:2004-133-01

Secunia: 11088, 11681, 11719, 12246