The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5376 advisory.

  - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool     (heap) memory location beyond the header value sent. This could cause the process to crash. This issue     affects Apache HTTP Server 2.4.54 and earlier. (CVE-2006-20001)

  - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of     Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This     issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.
    (CVE-2022-36760)

  - Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated     early, resulting in some headers being incorporated into the response body. If the later headers have any     security purpose, they will not be interpreted by the client. (CVE-2022-37436)

  - Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request     Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of     RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied     request-target (URL) data and is then re-inserted into the proxied request-target using variable     substitution. For example, something like: RewriteEngine on RewriteRule ^/here/(.*)     http://example.com:8080/elsewhere?$1; [P] ProxyPassReverse /here/ http://example.com:8080/ Request     splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended     URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version     2.4.56 of Apache HTTP Server. (CVE-2023-25690)

  - HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache     HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can     truncate/split the response forwarded to the client. (CVE-2023-27522)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian DSA-5376-1 : apache2 - security update

critical Nessus Plugin ID 173387

Version 1.2

Version 1.1

Version 1.0

Version 1.2 Oct 21, 2023, 9:06 AM IAVM reference Plugin Feed: 202310210906
Version 1.1 May 24, 2023, 8:43 PM Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Plugin Feed: 202305242043
Version 1.0 Mar 24, 2023, 3:53 PM New Plugin Feed: 202303241553