According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in     mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team     could create one, though some particular compiler and/or compilation option might make it possible, with     limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow     (CVE-2020-35452)

  - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can     cause a NULL pointer dereference and crash, leading to a possible Denial Of Service (CVE-2021-26690)

  - In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server     could cause a heap overflow (CVE-2021-26691)

  - Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP     Server 2.4.48 and earlier. (CVE-2021-34798)

  - ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules     pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache     HTTP Server 2.4.48 and earlier. (CVE-2021-39275)

  - A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the     remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. (CVE-2021-40438)

  - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser     (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the     vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and     earlier. (CVE-2021-44790)

  - A carefully crafted request body can cause a read to a random memory area which could cause the process to     crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)

  - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered     discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)

  - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems     an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server     2.4.52 and earlier. (CVE-2022-22721)

  - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of     Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This     issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.
    (CVE-2022-26377)

  - The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an     attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with     mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use     the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against     current headers to resolve the issue. (CVE-2022-28614)

  - Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in     ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the     server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may     hypothetically be affected. (CVE-2022-28615)

  - In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0)     may cause a denial of service due to no default limit on possible input size. (CVE-2022-29404)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has httpd packages installed that are affected by multiple vulnerabilities:

  - In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server     could cause a heap overflow (CVE-2021-26691)

  - Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP     Server 2.4.48 and earlier. (CVE-2021-34798)

  - ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules     pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache     HTTP Server 2.4.48 and earlier. (CVE-2021-39275)

  - A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the     remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. (CVE-2021-40438)

  - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser     (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the     vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and     earlier. (CVE-2021-44790)

  - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered     discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Apache httpd installed on the remote host is equal to or greater than 2.4.7 and prior to 2.4.52.
It is, therefore, affected by a flaw related to acting as a forward proxy.

A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery).

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5212-1 advisory.

    It was discovered that the Apache HTTP Server incorrectly handled certain forward proxy requests. A remote     attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly     perform a Server Side Request Forgery attack. (CVE-2021-44224)

    It was discovered that the Apache HTTP Server Lua module incorrectly handled memory in the multipart     parser. A remote attacker could use this issue to cause the server to crash, resulting in a denial of     service, or possibly execute arbitrary code. (CVE-2021-44790)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0065-1 advisory.

  - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL     pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for     requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This     issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)

  - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser     (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the     vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and     earlier. (CVE-2021-44790)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0143 advisory.

    The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

    Security Fix(es):

    * httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)

    * httpd: mod_session: Heap overflow via a crafted SessionHeader value (CVE-2021-26691)

    * httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)

    * httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:0143-1 advisory.

  - httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)

  - httpd: mod_session: Heap overflow via a crafted SessionHeader value (CVE-2021-26691)

  - httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)

  - httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser     (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the     vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and     earlier. (CVE-2021-44790)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1138 advisory.

    The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

    Security Fix(es):

    * httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)

    * httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling     (CVE-2022-22720)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has httpd packages installed that are affected by multiple vulnerabilities:

  - In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server     could cause a heap overflow (CVE-2021-26691)

  - Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP     Server 2.4.48 and earlier. (CVE-2021-34798)

  - ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules     pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache     HTTP Server 2.4.48 and earlier. (CVE-2021-39275)

  - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser     (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the     vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and     earlier. (CVE-2021-44790)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Apache httpd installed on the remote host is prior to 2.4.52. It is, therefore, affected by a flaw related to mod_lua when handling multipart content. A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-072 advisory.

    There's a null pointer dereference and server-side request forgery flaw in httpd's mod_proxy module, when     it is configured to be used as a forward proxy. A crafted packet could be sent on the adjacent network to     the forward proxy that could cause a crash, or potentially SSRF via misdirected Unix Domain Socket     requests. In the worst case, this could cause a denial of service or compromise to confidentiality of     data. (CVE-2021-44224)

    A buffer overflow flaw in httpd's lua module could allow an out-of-bounds write. An attacker who is able     to submit a crafted request to an httpd instance that is using the lua module may be able to cause an     impact to confidentiality, integrity, and/or availability. (CVE-2021-44790)

    A flaw was found in the mod_lua module of httpd. A crafted request body can cause a read to a random     memory area due to an uninitialized value in functions called by the parsebody function. The highest treat     of this vulnerability is availability. (CVE-2022-22719)

    A flaw was found in httpd. The inbound connection is not closed when it fails to discard the request body,     which may expose the server to HTTP request smuggling. (CVE-2022-22720)

    A flaw was found in httpd, where it incorrectly limits the value of the LimitXMLRequestBody option. This     issue can lead to an integer overflow and later causes an out-of-bounds write. (CVE-2022-22721)

    An out-of-bounds read/write vulnerability was found in the mod_sed module of httpd. This flaw allows an     attacker to overwrite the memory of an httpd instance that is using mod_sed with data provided by the     attacker. (CVE-2022-23943)

    An HTTP request smuggling vulnerability was found in the mod_proxy_ajp module of httpd. This flaw allows     an attacker to smuggle requests to the AJP server, where it forwards requests. (CVE-2022-26377)

    An out-of-bounds read vulnerability was found in the mod_isapi module of httpd. The issue occurs when     httpd is configured to process requests with the mod_isapi module. (CVE-2022-28330)

    An out-of-bounds read vulnerability was found in httpd. A very large input to the ap_rputs and ap_rwrite     functions can lead to an integer overflow and result in an out-of-bounds read. (CVE-2022-28614)

    An out-of-bounds read vulnerability was found in httpd. A very large input to the ap_strcmp_match function     can lead to an integer overflow and result in an out-of-bounds read. (CVE-2022-28615)

    A flaw was found in the mod_lua module of httpd. A malicious request to a Lua script that calls     parsebody(0) can lead to a denial of service due to no default limit on the possible input size.
    (CVE-2022-29404)

    A flaw was found in the mod_sed module of httpd. A very large input to the mod_sed module can result in a     denial of service due to excessively large memory allocations. (CVE-2022-30522)

    A flaw was found in the mod_lua module of httpd. The data returned by the wsread function may point past     the end of the storage allocated for the buffer, resulting in information disclosure. (CVE-2022-30556)

    A flaw was found in the mod_proxy module of httpd. The server may remove the X-Forwarded-* headers from a     request based on the client-side Connection header hop-by-hop mechanism. (CVE-2022-31813)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:0258 advisory.

  - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser     (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the     vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and     earlier. (CVE-2021-44790)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
170842	EulerOS Virtualization 3.0.2.2 : httpd (EulerOS-SA-2023-1260)	Nessus	Huawei Local Security Checks	1/30/2023	1/16/2024	critical
174053	NewStart CGSL CORE 5.05 / MAIN 5.05 : httpd Multiple Vulnerabilities (NS-SA-2023-0011)	Nessus	NewStart CGSL Local Security Checks	4/11/2023	4/11/2023	critical
156255	Apache 2.4.x >= 2.4.7 / < 2.4.52 Forward Proxy DoS / SSRF	Nessus	Web Servers	12/23/2021	11/22/2023	critical
156544	Ubuntu 18.04 LTS / 20.04 LTS : Apache HTTP Server vulnerabilities (USN-5212-1)	Nessus	Ubuntu Local Security Checks	1/6/2022	8/27/2024	critical
156701	SUSE SLES12 Security Update : apache2 (SUSE-SU-2022:0065-1)	Nessus	SuSE Local Security Checks	1/13/2022	7/14/2023	critical
156774	RHEL 7 : httpd (RHSA-2022:0143)	Nessus	Red Hat Local Security Checks	1/17/2022	11/7/2024	critical
156803	Scientific Linux Security Update : httpd on SL7.x x86_64 (2022:0143)	Nessus	Scientific Linux Local Security Checks	1/18/2022	11/20/2023	critical
159102	EulerOS 2.0 SP5 : httpd (EulerOS-SA-2022-1326)	Nessus	Huawei Local Security Checks	3/21/2022	11/3/2023	critical
159469	RHEL 7 : httpd (RHSA-2022:1138)	Nessus	Red Hat Local Security Checks	4/2/2022	11/7/2024	critical
160800	NewStart CGSL CORE 5.04 / MAIN 5.04 : httpd Multiple Vulnerabilities (NS-SA-2022-0021)	Nessus	NewStart CGSL Local Security Checks	5/9/2022	10/30/2023	critical
161454	Apache 2.4.x < 2.4.52 mod_lua Buffer Overflow	Nessus	Web Servers	5/24/2022	10/26/2023	critical
173084	Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2023-072)	Nessus	Amazon Linux Local Security Checks	3/21/2023	12/11/2024	critical
185035	Rocky Linux 8 : httpd:2.4 (RLSA-2022:0258)	Nessus	Rocky Linux Local Security Checks	11/7/2023	11/7/2023	critical

Detections

Analytics

Plugins Search

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical