The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6506-1 advisory.

    David Shoon discovered that the Apache HTTP Server mod_macro module incorrectly handled certain memory     operations. A remote attacker could possibly use this issue to cause the server to crash, resulting in a     denial of service. (CVE-2023-31122)

    Prof. Sven Dietrich, Isa Jafarov, Prof. Heejo Lee, and Choongin Lee discovered that the Apache HTTP Server     incorrectly handled certain HTTP/2 connections. A remote attacker could possibly use this issue to cause     the server to consume resources, leading to a denial of service. This issue only affected Ubuntu 23.04,     and Ubuntu 23.10. (CVE-2023-43622)

    Will Dormann and David Warren discovered that the Apache HTTP Server incorrectly handled memory when     handling HTTP/2 connections. A remote attacker could possibly use this issue to cause the server to     consume resources, leading to a denial of service. (CVE-2023-45802)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Apache HTTP Server vulnerabilities (USN-6506-1)

high Nessus Plugin ID 186191

Version 1.2

Version 1.1

Version 1.0

Version 1.2 Aug 28, 2024, 7:43 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Plugin Feed: 202408281943
Version 1.1 Apr 11, 2024, 4:12 PM IAVM reference Plugin Feed: 202404111612
Version 1.0 Nov 23, 2023, 12:21 AM New Plugin Feed: 202311230021