Apache < 2.0.46 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 1443

Synopsis

The remote host is vulnerable to a Denial of Service (DoS) attack.

Description

The remote server is running a version of Apache 2.x which is older than 2.0.45.
This version is vulnerable to various flaw :
- There is a denial of service attack which may allow the attacker to disable this server remotely.
- The httpd process leaks file descriptors to child processes such as CGI scripts. An attacker who has the ability to execute arbitrary CGI scripts on this server (include PHP code) would be able to write arbitrary data in the files pointed to (in particular the log files).

Solution

Upgrade to Apache 2.0.46

See Also

https://archive.apache.org/dist/httpd/CHANGES_2.0

Plugin Details

Severity: High

ID: 1443

Family: Web Servers

Published: 8/20/2004

Updated: 3/6/2019

Nessus ID: 11507

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apache:http_server

Reference Information

CVE: CVE-2003-0083, CVE-2003-0132

BID: 7255, 7254