RHEL 3 : httpd (RHSA-2004:463)

medium Nessus Plugin ID 14736

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

Updated httpd packages that include fixes for security issues are now available.

The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server.

Four issues have been discovered affecting releases of the Apache HTTP 2.0 Server, up to and including version 2.0.50 :

Testing using the Codenomicon HTTP Test Tool performed by the Apache Software Foundation security group and Red Hat uncovered an input validation issue in the IPv6 URI parsing routines in the apr-util library. If a remote attacker sent a request including a carefully crafted URI, an httpd child process could be made to crash. This issue is not believed to allow arbitrary code execution on Red Hat Enterprise Linux. This issue also does not represent a significant denial of service attack as requests will continue to be handled by other Apache child processes. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0786 to this issue.

The Swedish IT Incident Centre (SITIC) reported a buffer overflow in the expansion of environment variables during configuration file parsing. This issue could allow a local user to gain 'apache' privileges if an httpd process can be forced to parse a carefully crafted .htaccess file written by a local user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0747 to this issue.

An issue was discovered in the mod_ssl module which could be triggered if the server is configured to allow proxying to a remote SSL server.
A malicious remote SSL server could force an httpd child process to crash by sending a carefully crafted response header. This issue is not believed to allow execution of arbitrary code. This issue also does not represent a significant Denial of Service attack as requests will continue to be handled by other Apache child processes. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0751 to this issue.

An issue was discovered in the mod_dav module which could be triggered for a location where WebDAV authoring access has been configured. A malicious remote client which is authorized to use the LOCK method could force an httpd child process to crash by sending a particular sequence of LOCK requests. This issue does not allow execution of arbitrary code. This issue also does not represent a significant Denial of Service attack as requests will continue to be handled by other Apache child processes. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0809 to this issue.

Users of the Apache HTTP server should upgrade to these updated packages, which contain backported patches that address these issues.

Solution

Update the affected httpd, httpd-devel and / or mod_ssl packages.

See Also

https://access.redhat.com/security/cve/cve-2004-0747

https://access.redhat.com/security/cve/cve-2004-0751

https://access.redhat.com/security/cve/cve-2004-0786

https://access.redhat.com/security/cve/cve-2004-0809

https://access.redhat.com/errata/RHSA-2004:463

Plugin Details

Severity: Medium

ID: 14736

File Name: redhat-RHSA-2004-463.nasl

Version: 1.29

Type: local

Agent: unix

Published: 9/15/2004

Updated: 1/14/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:mod_ssl, cpe:/o:redhat:enterprise_linux:3, p-cpe:/a:redhat:enterprise_linux:httpd-devel, p-cpe:/a:redhat:enterprise_linux:httpd

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/15/2004

Vulnerability Publication Date: 9/16/2004

Reference Information

CVE: CVE-2004-0747, CVE-2004-0751, CVE-2004-0786, CVE-2004-0809

RHSA: 2004:463