Apache < 2.0.55 Multiple Vulnerabilities

High Nessus Plugin ID 31656

Synopsis

The remote version of Apache is affected by multiple vulnerabilities.

Description

The remote host appears to be running a version of Apache that is prior to 2.0.55. It is, therefore affected by multiple vulnerabilities :

- A security issue exists where 'SSLVerifyClient' is not enforced in per-location context if 'SSLVerifyClient optional' is configured in the vhost configuration.
(CVE-2005-2700)

- A denial of service vulnerability exists when processing a large byte range request, as well as a flaw in the 'worker.c' module which could allow an attacker to force this service to consume excessive amounts of memory.
(CVE-2005-2970)

- When Apache is acting as a proxy, it is possible for a remote attacker to poison the web cache, bypass web application firewall protection, and conduct cross-site scripting attacks via an HTTP request with both a 'Transfer-Encoding: chunked' header and a 'Content-Length' header. (CVE-2005-2088)

- Multiple integer overflows exists in PCRE in quantifier parsing which could be triggered by a local user through use of a specially crafted regex in an .htaccess file.
(CVE-2005-2491)

- An issue exists where the byte range filter buffers responses into memory. (CVE-2005-2728)

- An off-by-one overflow exists in mod_ssl while printing CRL information at 'LogLevel debug' which could be triggered if configured to use a 'malicious CRL'.
(CVE-2005-1268)

Solution

Upgrade to version 2.0.55 or later.

See Also

http://www.nessus.org/u?e1cae996

Plugin Details

Severity: High

ID: 31656

File Name: apache_2_0_55.nasl

Version: 1.25

Type: remote

Family: Web Servers

Published: 2008/03/26

Updated: 2018/06/29

Dependencies: 48204

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apache:http_server

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2005/07/07

Reference Information

CVE: CVE-2005-1268, CVE-2005-2088, CVE-2005-2491, CVE-2005-2700, CVE-2005-2728, CVE-2005-2970

BID: 14106, 14366, 14620, 14660, 14721, 15762