The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1547 advisory.

    The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

    Security Fix(es):

    * httpd: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is running 6.0.0 or earlier and is therefore affected by multiple vulnerabilities in Apache prior to version 2.4.56 and PHP prior to version 8.1.16:

    - Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request       Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule       or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target       data and is then re-inserted into the proxied request-target using variable substitution. (CVE-2023-25690)

    - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP       form upload can cause high resource consumption and excessive number of log entries. This can cause denial       of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662)

    - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function       allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting,       this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to       unauthorized data access or modification. (CVE-2023-0568)

The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2023:1673 advisory.

  - Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request     Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of     RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied     request-target (URL) data and is then re-inserted into the proxied request-target using variable     substitution. For example, something like: RewriteEngine on RewriteRule ^/here/(.*)     http://example.com:8080/elsewhere?$1; [P] ProxyPassReverse /here/ http://example.com:8080/ Request     splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended     URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version     2.4.56 of Apache HTTP Server. (CVE-2023-25690)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Oracle HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the Jul 2023 CPU advisory.

  - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Thirdparty   (LibExpat)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows   unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks   of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash   (complete DOS) of Oracle HTTP Server. (CVE-2022-43680)

  - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (cURL))   . The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows   unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks   of this vulnerability can result in unauthorized creation, deletion or modification access to critical data   or all Oracle HTTP Server accessible data as well as unauthorized access to critical data or complete access   to all Oracle HTTP Server accessible data. (CVE-2023-23914)

  - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (Apache    HTTP Server)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability   allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful   attacks of this vulnerability can result in takeover of Oracle HTTP Server. (CVE-2023-25690)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool     (heap) memory location beyond the header value sent. This could cause the process to crash. This issue     affects Apache HTTP Server 2.4.54 and earlier. (CVE-2006-20001)

  - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of     Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This     issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.
    (CVE-2022-36760)

  - Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated     early, resulting in some headers being incorporated into the response body. If the later headers have any     security purpose, they will not be interpreted by the client. (CVE-2022-37436)

  - Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request     Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of     RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied     request-target (URL) data and is then re-inserted into the proxied request-target using variable     substitution. For example, something like: RewriteEngine on RewriteRule '^/here/(.*)'     'http://example.com:8080/elsewhere?$1'; [P] ProxyPassReverse /here/ http://example.com:8080/ Request     splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended     URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version     2.4.56 of Apache HTTP Server. (CVE-2023-25690)

  - HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache     HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can     truncate/split the response forwarded to the client. (CVE-2023-27522)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool     (heap) memory location beyond the header value sent. This could cause the process to crash. This issue     affects Apache HTTP Server 2.4.54 and earlier. (CVE-2006-20001)

  - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of     Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This     issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.
    (CVE-2022-36760)

  - Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request     Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of     RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied     request-target (URL) data and is then re-inserted into the proxied request-target using variable     substitution. For example, something like: RewriteEngine on RewriteRule '^/here/(.*)'     'http://example.com:8080/elsewhere?$1'; [P] ProxyPassReverse /here/ http://example.com:8080/ Request     splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended     URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version     2.4.56 of Apache HTTP Server. (CVE-2023-25690)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The 12.4.0.0 version of Enterprise Manager Ops Center installed on the remote host is affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory:

  - Vulnerability in the Oracle Enterprise Manager Ops Center product of Oracle Enterprise Manager     (component: Networking (Apache HTTP Server)). The supported version that is affected is 12.4.0.0.
    Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to     compromise Oracle Enterprise Manager Ops Center. Successful attacks of this vulnerability can     result in takeover of Oracle Enterprise Manager Ops Center. (CVE-2023-25690)

  - Vulnerability in the Oracle Enterprise Manager Ops Center product of Oracle Enterprise Manager     (component: Networking (Apache HTTP Server)). The supported version that is affected is 12.4.0.0.
    Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to     smuggle requests to the AJP server the HTTP server forwards requests to. (CVE-2022-36760)

  - Vulnerability in the Oracle Enterprise Manager Ops Center product of Oracle Enterprise Manager     (component: Networking (Apache HTTP Server)). The supported version that is affected is 12.4.0.0.
    Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to     create a denial of service condition in Oracle Enterprise Manager Ops Center. (CVE-2006-20001)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool     (heap) memory location beyond the header value sent. This could cause the process to crash. This issue     affects Apache HTTP Server 2.4.54 and earlier. (CVE-2006-20001)

  - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of     Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This     issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.
    (CVE-2022-36760)

  - Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request     Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of     RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied     request-target (URL) data and is then re-inserted into the proxied request-target using variable     substitution. For example, something like: RewriteEngine on RewriteRule '^/here/(.*)'     'http://example.com:8080/elsewhere?$1'; [P] ProxyPassReverse /here/ http://example.com:8080/ Request     splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended     URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version     2.4.56 of Apache HTTP Server. (CVE-2023-25690)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool     (heap) memory location beyond the header value sent. This could cause the process to crash. This issue     affects Apache HTTP Server 2.4.54 and earlier. (CVE-2006-20001)

  - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap     memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and     prior versions. (CVE-2022-23943)

  - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of     Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This     issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.
    (CVE-2022-36760)

  - Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated     early, resulting in some headers being incorporated into the response body. If the later headers have any     security purpose, they will not be interpreted by the client. (CVE-2022-37436)

  - Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request     Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of     RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied     request-target (URL) data and is then re-inserted into the proxied request-target using variable     substitution. For example, something like: RewriteEngine on RewriteRule '^/here/(.*)'     'http://example.com:8080/elsewhere?$1'; [P] ProxyPassReverse /here/ http://example.com:8080/ Request     splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended     URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version     2.4.56 of Apache HTTP Server. (CVE-2023-25690)

  - HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache     HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can     truncate/split the response forwarded to the client. (CVE-2023-27522)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update of the httpd package has been released.

The version of httpd installed on the remote host is prior to 2.4.56. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-067-01 advisory.

  - Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request     Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of     RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied     request-target (URL) data and is then re-inserted into the proxied request-target using variable     substitution. For example, something like: RewriteEngine on RewriteRule ^/here/(.*)     http://example.com:8080/elsewhere?$1; [P] ProxyPassReverse /here/ http://example.com:8080/ Request     splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended     URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version     2.4.56 of Apache HTTP Server. (CVE-2023-25690)

  - HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache     HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can     truncate/split the response forwarded to the client. (CVE-2023-27522)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-7df48f618b advisory.

    - new version 2.4.56
    - security update for CVE-2023-27522 and CVE-2023-25690

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request     Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of     RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied     request-target (URL) data and is then re-inserted into the proxied request-target using variable     substitution. For example, something like: RewriteEngine on RewriteRule '^/here/(.*)'     'http://example.com:8080/elsewhere?$1'; [P] ProxyPassReverse /here/ http://example.com:8080/ Request     splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended     URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version     2.4.56 of Apache HTTP Server. (CVE-2023-25690)

  - HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache     HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can     truncate/split the response forwarded to the client. (CVE-2023-27522)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Published	Updated	Severity
173796	RHEL 8 : httpd:2.4 (RHSA-2023:1547)	Nessus	Red Hat Local Security Checks	4/3/2023	11/7/2024	critical
173301	Tenable SecurityCenter < 6.1.0 Multiple Vulnerabilities (TNS-2023-16)	Nessus	Misc.	3/23/2023	5/10/2024	critical
174012	CentOS 8 : httpd:2.4 (CESA-2023:1673)	Nessus	CentOS Local Security Checks	4/7/2023	2/8/2024	critical
178623	Oracle HTTP Server (Jul 2023 CPU)	Nessus	Web Servers	7/20/2023	1/18/2024	critical
175493	EulerOS 2.0 SP9 : httpd (EulerOS-SA-2023-1872)	Nessus	Huawei Local Security Checks	5/13/2023	5/24/2023	critical
177016	EulerOS 2.0 SP5 : httpd (EulerOS-SA-2023-2148)	Nessus	Huawei Local Security Checks	6/9/2023	6/9/2023	critical
178483	Oracle Enterprise Manager Ops Center (Jul 2023 CPU)	Nessus	Misc.	7/19/2023	1/18/2024	critical
178897	EulerOS Virtualization 3.0.6.6 : httpd (EulerOS-SA-2023-2425)	Nessus	Huawei Local Security Checks	7/26/2023	7/26/2023	critical
176841	EulerOS Virtualization 2.11.1 : httpd (EulerOS-SA-2023-2071)	Nessus	Huawei Local Security Checks	6/7/2023	6/7/2023	critical
203314	Photon OS 4.0: Httpd PHSA-2023-4.0-0370	Nessus	PhotonOS Local Security Checks	7/23/2024	7/23/2024	critical
172358	Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current httpd Multiple Vulnerabilities (SSA:2023-067-01)	Nessus	Slackware Local Security Checks	3/9/2023	10/21/2023	critical
173403	Fedora 36 : httpd (2023-7df48f618b)	Nessus	Fedora Local Security Checks	3/24/2023	11/14/2024	critical
175324	EulerOS 2.0 SP10 : httpd (EulerOS-SA-2023-1823)	Nessus	Huawei Local Security Checks	5/9/2023	9/29/2023	critical
177045	EulerOS 2.0 SP8 : httpd (EulerOS-SA-2023-2191)	Nessus	Huawei Local Security Checks	6/9/2023	9/29/2023	critical

Detections

Analytics

Plugins Search

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical