Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.

Missing sanity checks of FTP URLs allowed cross site scripting (XSS) attacks via the mod_proxy_ftp module (CVE-2008-2939).

Missing precautions allowed cross site request forgery (CSRF) via the mod_proxy_balancer interface (CVE-2007-6420).

A memory leak in the ssl module could crash apache (CVE-2008-1678)

It was discovered that Apache did not sanitize the method specifier header from an HTTP request when it is returned in an error message, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. This issue only affected Ubuntu 6.06 LTS and 7.10. (CVE-2007-6203)

It was discovered that Apache was vulnerable to a cross-site request forgery (CSRF) in the mod_proxy_balancer balancer manager. If an Apache administrator were tricked into clicking a link on a specially crafted web page, an attacker could trigger commands that could modify the balancer manager configuration. This issue only affected Ubuntu 7.10 and 8.04 LTS. (CVE-2007-6420)

It was discovered that Apache had a memory leak when using mod_ssl with compression. A remote attacker could exploit this to exhaust server memory, leading to a denial of service. This issue only affected Ubuntu 7.10. (CVE-2008-1678)

It was discovered that in certain conditions, Apache did not specify a default character set when returning certain error messages containing UTF-7 encoded data, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. This issue only affected Ubuntu 6.06 LTS and 7.10. (CVE-2008-2168)

It was discovered that when configured as a proxy server, Apache did not limit the number of forwarded interim responses. A malicious remote server could send a large number of interim responses and cause a denial of service via memory exhaustion. (CVE-2008-2364)

It was discovered that mod_proxy_ftp did not sanitize wildcard pathnames when they are returned in directory listings, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. (CVE-2008-2939).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Missing sanity checks of FTP URLs allowed cross-site scripting (XSS) attacks via the mod_prody_ftp module. (CVE-2008-2939)

Missing precautions allowed cross-site request forgery (CSRF) via the mod_proxy_balancer interface. (CVE-2007-6420)

Missing sanity checks of FTP URLs allowed cross site scripting (XSS) attacks via the mod_proxy_ftp module (CVE-2008-2939).

Missing precautions allowed cross site request forgery (CSRF) via the mod_proxy_balancer interface (CVE-2007-6420).

The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-007 applied. 

This security update contains fixes for the following products :

  - Apache
  - Certificates
  - ClamAV
  - ColorSync
  - CUPS
  - Finder
  - launchd
  - libxslt
  - MySQL Server
  - Networking
  - PHP
  - Postfix
  - PSNormalizer
  - QuickLook
  - rlogin
  - Script Editor
  - Single Sign-On
  - Tomcat
  - vim
  - Weblog

According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.9. It is, therefore, affected by multiple vulnerabilities :

  - Improper handling of excessive forwarded interim     responses may cause denial of service conditions in     mod_proxy_http. (CVE-2008-2364)

  - A cross-site request forgery vulnerability in the     balancer-manager interface of mod_proxy_balancer.
    (CVE-2007-6420)

Note that the remote web server may not actually be affected by these vulnerabilities. Nessus did not try to determine whether the affected modules are in use or to check for the issues themselves.

The remote host is affected by the vulnerability described in GLSA-200807-06 (Apache: Denial of Service)

    Multiple vulnerabilities have been discovered in Apache:
    Dustin Kirkland reported that the mod_ssl module can leak memory when     the client reports support for a compression algorithm (CVE-2008-1678).
    Ryujiro Shibuya reported that the ap_proxy_http_process_response()     function in the mod_proxy module does not limit the number of forwarded     interim responses (CVE-2008-2364).
    sp3x of SecurityReason reported a Cross-Site Request Forgery     vulnerability in the balancer-manager in the mod_proxy_balancer module     (CVE-2007-6420).
  Impact :

    A remote attacker could exploit these vulnerabilities by connecting to     an Apache httpd, by causing an Apache proxy server to connect to a     malicious server, or by enticing a balancer administrator to connect to     a specially crafted URL, resulting in a Denial of Service of the Apache     daemon.
  Workaround :

    There is no known workaround at this time.

Apache HTTP server project reports :

The following potential security flaws are addressed :

- CVE-2008-2364: mod_proxy_http: Better handling of excessive interim responses from origin server to prevent potential denial of service and high memory usage. Reported by Ryujiro Shibuya.

- CVE-2007-6420: mod_proxy_balancer: Prevent CSRF attacks against the balancer-manager interface

The version of Apache installed on the remote host is advertising a version older than 2.2.8.  Such versions may be affected by several issues, including :

 - A cross-site scripting issue involving mod_imagemap (CVE-2007-5000).

 - A cross-site scripting issue involving 413 error pages via a malformed HTTP method (PR 44014 / CVE-2007-6203).

 - A cross-site scripting issue in mod_status involving the refresh parameter (CVE-2007-6388).

 - A cross-site scripting issue in mod_proxy_balancer involving the worker route and worker redirect string of the balancer manager (CVE-2007-6421).

 - A denial of service issue in the balancer_handler function in mod_proxy_balancer can be triggered by an authenticated user when a threaded Multi-Processing Module is used (CVE-2007-6422).

 - A cross-site scripting issue using UTF-7 encoding in mod_proxy_ftp exists because it does not define a charset (CVE-2008-0005).

According to its banner, the version of Apache 2.2 installed on the remote host is older than 2.2.9.  Such versions may be affected by several issues, including :

  - Improper handling of excessive forwarded interim responses may cause denial of service conditions in mod_proxy_http (CVE-2008-2364).
  - A cross-site request forgery vulnerability in the balancer-manager interface of mod_proxy_balancer (CVE-2007-6420).
  - An issue exists in the handling of the 'Options' and 'AllowOverride' directives (CVE-2009-1195).

Note that the remote web server may not actually be affected by these vulnerabilities.  NNM cannot determine whether the affected modules are in use.

According to its banner, the version of Apache 2.2 installed on the remote host is older than 2.2.9.  Such versions may be affected by several issues, including :

  - Improper handling of excessive forwarded interim responses may cause denial of service conditions in mod_proxy_http (CVE-2008-2364).
  - A cross-site request forgery vulnerability in the balancer-manager interface of mod_proxy_balancer (CVE-2007-6420).
  - An issue exists in the handling of the 'Options' and 'AllowOverride' directives (CVE-2009-1195).

Note that the remote web server may not actually be affected by these vulnerabilities.

ID	Name	Product	Family	Severity
39910	openSUSE Security Update : apache2 (apache2-222)	Nessus	SuSE Local Security Checks	medium
36589	Ubuntu 6.06 LTS / 7.10 / 8.04 LTS : apache2 vulnerabilities (USN-731-1)	Nessus	Ubuntu Local Security Checks	medium
34779	SuSE 10 Security Update : Apache 2 (ZYPP Patch Number 5767)	Nessus	SuSE Local Security Checks	medium
34699	openSUSE 10 Security Update : apache2 (apache2-5648)	Nessus	SuSE Local Security Checks	medium
34698	SuSE 10 Security Update : Apache 2 (ZYPP Patch Number 5629)	Nessus	SuSE Local Security Checks	medium
34697	openSUSE 10 Security Update : apache2 (apache2-5628)	Nessus	SuSE Local Security Checks	medium
34374	Mac OS X Multiple Vulnerabilities (Security Update 2008-007)	Nessus	MacOS X Local Security Checks	critical
33477	Apache 2.2.x < 2.2.9 Multiple Vulnerabilities (DoS, XSS)	Nessus	Web Servers	medium
33473	GLSA-200807-06 : Apache: Denial of Service	Nessus	Gentoo Local Security Checks	medium
33242	FreeBSD : apache -- multiple vulnerabilities (c84dc9ad-41f7-11dd-a4f9-00163e000016)	Nessus	FreeBSD Local Security Checks	medium
4385	Apache < 2.2.8 Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	high
4579	Apache < 2.2.9 Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	high
800581	Apache < 2.2.8 Multiple Vulnerabilities	Log Correlation Engine	Web Servers	low
800558	Apache < 2.2.9 Multiple Vulnerabilities	Log Correlation Engine	Web Servers	medium

Detections

Analytics

CVE-2007-6420

high

Tenable Plugins

medium

medium

medium

medium

medium

medium

critical

medium

medium

medium

high

high

low

medium