The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of HPE Business Availability Center

vulnerability note CVE-2009-2699

Apache httpd: denial of service under Solaris

Synthesis of the vulnerability

An attacker can open several sessions when Apache httpd is installed under Solaris, in order to stop it.
Impacted products: Apache httpd, HPE BAC, OpenSolaris.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 06/10/2009.
Identifiers: 47645, BID-36596, c03236227, CVE-2009-2699, HPSBMU02753, SSRT100782, VIGILANCE-VUL-9074.

Description of the vulnerability

The port_getn() function is used to obtain information on events related to a port (multiplexed queue)

Under Solaris, this function can return the ETIME error, when a concurrent access occurs. However, the poll/unix/port.c file of Apache APR does not handle this error, which creates a deadlock.

An attacker can therefore open several parallel sessions when Apache httpd is installed under Solaris, in order to stop it.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2009-3095

Apache httpd: sending FTP commands via mod_proxy_ftp

Synthesis of the vulnerability

An authenticated attacker can use mod_proxy_ftp to send FTP commands to a remote FTP server.
Impacted products: Apache httpd, Debian, Fedora, HPE BAC, HP-UX, Mandriva Linux, Mandriva NF, NLD, OES, OpenSolaris, openSUSE, Solaris, RHEL, Slackware, SLES, TurboLinux.
Severity: 1/4.
Consequences: user access/rights.
Provenance: user account.
Creation date: 22/09/2009.
Identifiers: c02160663, c03236227, CVE-2009-3095, DSA-1934-1, FEDORA-2009-12606, FEDORA-2009-12747, HPSBMU02753, HPSBUX02531, MDVSA-2009:240, MDVSA-2009:323, RHSA-2009:1461-01, RHSA-2009:1579-02, RHSA-2009:1580-02, RHSA-2010:0011-01, RHSA-2010:0602-02, SSA:2010-024-01, SSRT100108, SSRT100782, SUSE-SA:2009:050, TLSA-2009-30, VIGILANCE-VUL-9038.

Description of the vulnerability

The Apache server contains a "mod_proxy_ftp" module which can be used to manage FTP requests in proxy mode ("ProxyRequests On" in the configuration file).

To authenticate on a remote FTP server, the proxy user can:
 - add "user:pass" in the url, or
 - add an Authorization header containing "Basic base64(user:pass)"
The proxy_ftp_handler() function of the modules/proxy/mod_proxy_ftp.c file extracts the login and the password. However, it does not check if the password coming from the Authorization header contains line feeds.

An attacker can for example use:
  Authorization: Basic base64(user:pass\r\ncwd /)
in order to change the current directory.

An authenticated attacker can thus use mod_proxy_ftp to send FTP commands to a remote FTP server.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2009-3094

Apache httpd: denial of service via mod_proxy_ftp

Synthesis of the vulnerability

A malicious FTP server can stop the mod_proxy_ftp module of Apache httpd.
Impacted products: Apache httpd, Debian, Fedora, HPE BAC, HP-UX, Mandriva Linux, Mandriva NF, NLD, OES, OpenSolaris, openSUSE, Solaris, RHEL, Slackware, SLES, TurboLinux.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet server.
Creation date: 03/09/2009.
Identifiers: BID-36260, c02160663, c03236227, CVE-2009-3094, DSA-1934-1, FEDORA-2009-12606, FEDORA-2009-12747, HPSBMU02753, HPSBUX02531, MDVSA-2009:240, MDVSA-2009:323, RHSA-2009:1461-01, RHSA-2009:1579-02, RHSA-2009:1580-02, RHSA-2010:0011-01, RHSA-2010:0602-02, SSA:2010-024-01, SSRT100108, SSRT100782, SUSE-SA:2009:050, TLSA-2009-30, VIGILANCE-VUL-8994.

Description of the vulnerability

The Apache server contains a "mod_proxy_ftp" module which can be used to manage FTP requests in proxy mode ("ProxyRequests On" in the configuration file).

The PASV and EPSV (RFC 2428) commands ask the FTP server the reserve a port to transfer data in passive mode. The server then answers:
  PASV : 227 Entering Passive Mode. IP1,IP2,IP3,IP4,port1,port2
  EPSV : 229 Entering Extended Passive Mode (|||port|)
The proxy has to parse these lines in order to extract the port number.

However, if the FTP server only returns the code 227 or 229 (not followed by a space), the ap_proxy_ftp_handler() function of the modules/proxy/[mod_]proxy_ftp.c file dereferences a NULL pointer.

A malicious FTP server can therefore invite the victim to connect (via an image on a web page for example), in order to stop the mod_proxy_ftp module of Apache httpd.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2008-2939

Apache: XSS via mod_proxy_ftp

Synthesis of the vulnerability

An attacker can use a mod_proxy_ftp vulnerability, in order to execute HTML code and scripts.
Impacted products: Apache httpd, HPE BAC, HP-UX, Mandriva Linux, Mandriva NF, NLD, OES, openSUSE, Solaris, RHEL, SLES, TurboLinux.
Severity: 2/4.
Consequences: client access/rights.
Provenance: internet client.
Creation date: 06/08/2008.
Revision date: 07/08/2008.
Identifiers: 247666, 6725791, 6737160, 682868, 682871, BID-30560, c01650939, c01800059, c01905287, CERTA-2008-AVI-436, CVE-2008-2939, HPSBMA02442, HPSBUX02401, HPSBUX02465, MDVSA-2008:194, MDVSA-2008:195, MDVSA-2009:124, MDVSA-2009:124-1, MDVSA-2009:323, RHSA-2008:0966-02, RHSA-2008:0967-01, RHSA-2010:0602-02, SSRT090005, SSRT090108, SSRT090192, SUSE-SR:2008:024, TLSA-2008-34, VIGILANCE-VUL-8001, VU#663763.

Description of the vulnerability

The Apache server contains a "mod_proxy_ftp" module which can be used to manage FTP requests in proxy mode ("ProxyRequests On" in the configuration file).

This module does not correctly sanitize URLs before returning them to the user.

An attacker can send an URL containing wildcard like "*" to exploit the vulnerability and next execute HTML code and scripts on the server.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2008-2364

Apache httpd: denial of service of mod_proxy

Synthesis of the vulnerability

A malicious web server can return several interim responses in order to consume the memory of the mod_proxy module.
Impacted products: Apache httpd, Fedora, HPE BAC, HP-UX, Mandriva Linux, Mandriva NF, openSUSE, Solaris, RHEL, SLES, TurboLinux.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet server.
Creation date: 11/06/2008.
Identifiers: 247666, 6725791, 6737160, BID-29653, c01539432, c01650939, c01800059, c01905287, CERTA-2009-AVI-455, CVE-2008-2364, FEDORA-2008-6314, FEDORA-2008-6393, HPSBMA02442, HPSBUX02365, HPSBUX02401, HPSBUX02465, MDVSA-2008:195, MDVSA-2008:237, RHSA-2008:0966-02, RHSA-2008:0967-01, RHSA-2010:0602-02, SSRT080118, SSRT090005, SSRT090108, SSRT090192, SUSE-SR:2009:006, SUSE-SR:2009:007, TLSA-2008-24, VIGILANCE-VUL-7889.

Description of the vulnerability

The mod_proxy module permits to use Apache httpd as a proxy server.

The ap_proxy_http_process_response() function handles answers provided by web servers. However, if a server returns several intermediary answers (code 100) the proxy stores them with no limit, which progressively saturates its memory.

A malicious web server can therefore return several interim responses in order to progressively consume the memory of the mod_proxy module.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2007-6420 CVE-2007-6421 CVE-2007-6422

Apache httpd 2.2: vulnerabilities of mod_proxy_balancer

Synthesis of the vulnerability

An attacker can use five vulnerabilities of mod_proxy_balancer module in order to create a denial of service or a Cross Site Scripting.
Impacted products: Apache httpd, Fedora, HPE BAC, HP-UX, Mandriva Linux, NLD, OES, openSUSE, RHEL, Slackware, SLES, TurboLinux.
Severity: 3/4.
Consequences: client access/rights, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 07/01/2008.
Revisions dates: 11/01/2008, 21/01/2008.
Identifiers: BID-27236, c01650939, c01800059, CVE-2007-6420, CVE-2007-6421, CVE-2007-6422, CVE-2007-6423, FEDORA-2008-1695, FEDORA-2008-1711, HPSBMA02442, HPSBUX02401, MDVSA-2008:016, RHSA-2008:0008-01, RHSA-2008:0009-01, RHSA-2008:0966-02, SSA:2008-045-01, SSRT090005, SSRT090108, SUSE-SA:2008:021, SUSE-SR:2008:024, TLSA-2008-24, TLSA-2008-5, VIGILANCE-VUL-7474.

Description of the vulnerability

The mod_proxy_balancer modules of Apache httpd 2.2 provides a load balancer for proxies. It has five vulnerabilities.

An attacker can execute privileged commands via CSRF (Cross-Site Request Forgery). [severity:2/4; CVE-2007-6420]

The module does not filter "route" and "redirect" parameters, which leads to a Cross Site Scripting. [severity:2/4; CVE-2007-6421]

Parameters of the url are not correctly filtered, which leads to a Cross Site Scripting. [severity:2/4; CVE-2007-6421]

When an invalid balancer name is given as parameter, a NULL pointer is dereferenced, which creates a denial of service in threaded MPM. [severity:2/4; CVE-2007-6422]

When url is too long, a memory corruption occurs. [severity:3/4; CVE-2007-6423]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2008-0005

Apache httpd: Cross Site Scripting of modules

Synthesis of the vulnerability

The mod_dav, mod_info, mod_ldap, mod_proxy_balancer and mod_proxy_ftp modules can be used for Cross Site Scripting attacks via UTF-7.
Impacted products: Apache httpd, Fedora, HPE BAC, HP-UX, Mandriva Linux, Mandriva NF, NLD, OES, openSUSE, RHEL, Slackware, SLES, TurboLinux, VMware ACE.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 11/01/2008.
Identifiers: BID-27234, c01756421, c01800059, c01905287, CERTA-2010-AVI-211, CVE-2008-0005, FEDORA-2008-1695, FEDORA-2008-1711, HPSBMA02442, HPSBUX02431, HPSBUX02465, MDVSA-2008:014, MDVSA-2008:015, MDVSA-2008:016, RHSA-2008:0004-01, RHSA-2008:0005-01, RHSA-2008:0006-01, RHSA-2008:0007-01, RHSA-2008:0008-01, RHSA-2008:0009-01, RHSA-2010:0602-02, SSA:2008-045-01, SSRT090085, SSRT090108, SSRT090192, SUSE-SA:2008:021, TLSA-2008-5, VIGILANCE-VUL-7486, VMSA-2009-0010, VMSA-2009-0012.

Description of the vulnerability

The VIGILANCE-VUL-7168 bulletin describes a Cross Site Scripting vulnerability in mod_autoindex. Several other modules are affected by the same vulnerability type exploited via the UTF-7 character encoding.

The mod_dav module is vulnerable. [severity:2/4]

The mod_info module is vulnerable. [severity:2/4]

The mod_ldap module is vulnerable. [severity:2/4]

The mod_proxy_balancer module is vulnerable. [severity:2/4]

The mod_proxy_ftp module is vulnerable. [severity:2/4; BID-27234, CERTA-2010-AVI-211, CVE-2008-0005]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2007-6388

Apache httpd: Cross Site Scripting of mod_status

Synthesis of the vulnerability

An attacker can use a Cross Site Scripting on Apache httpd servers where mod_status is installed.
Impacted products: Apache httpd, Fedora, HPE BAC, HPE NMC, OpenView, OpenView NNM, HP-UX, WebSphere AS Traditional, Mandriva Linux, Mandriva NF, NLD, OES, openSUSE, Solaris, Trusted Solaris, RHEL, Slackware, SLES, TurboLinux, VMware ACE.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 07/01/2008.
Identifiers: 233623, 6644748, 6644749, BID-27237, c01607570, c01800059, CVE-2007-6388, emr_na-c01364714-1, FEDORA-2008-1695, FEDORA-2008-1711, HPSBMA02388, HPSBMA02442, HPSBUX02313, MDVSA-2008:014, MDVSA-2008:015, MDVSA-2008:016, PK62966, RHSA-2008:0004-01, RHSA-2008:0005-01, RHSA-2008:0006-01, RHSA-2008:0007-01, RHSA-2008:0008-01, RHSA-2008:0009-01, RHSA-2008:0261-01, RHSA-2008:0263-01, RHSA-2008:0523-02, RHSA-2008:0524-01, RHSA-2010:0602-02, SSA:2008-045-01, SSA:2008-045-02, SSA:2008-210-02, SSRT080015, SSRT080059, SSRT090108, SUSE-SA:2008:021, TLSA-2008-5, VIGILANCE-VUL-7473, VMSA-2009-0010, VMSA-2009-0012.

Description of the vulnerability

The mod_status module displays information about a running Apache httpd server. This module is generally not enabled.

This module does not check if the "refresh" parameter is an integer before displaying it.

An attacker can therefore create a Cross Site Scripting attack via httpd servers with mod_status enabled.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2007-5000

Apache httpd: Cross Site Scripting of mod_imap/mod_imagemap

Synthesis of the vulnerability

An attacker can use a special url in order to generate a Cross Site Scripting in mod_imap or mod_imagemap.
Impacted products: Apache httpd, Fedora, HPE BAC, HPE NMC, OpenView, OpenView NNM, HP-UX, Mandriva Linux, Mandriva NF, NLD, OES, openSUSE, Solaris, Trusted Solaris, RHEL, Slackware, SLES, TurboLinux, VMware ACE.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 13/12/2007.
Identifiers: 233623, 6644748, 6644749, BID-26838, c01607570, c01800059, CERTA-2007-AVI-560, CERTA-2008-AVI-011, CERTA-2008-AVI-012, CERTA-2008-AVI-204, CVE-2007-5000, emr_na-c01345501-1, FEDORA-2008-1695, FEDORA-2008-1711, HPSBMA02388, HPSBMA02442, HPSBUX02308, MDVSA-2008:014, MDVSA-2008:015, MDVSA-2008:016, RHSA-2008:0004-01, RHSA-2008:0005-01, RHSA-2008:0006-01, RHSA-2008:0007-01, RHSA-2008:0008-01, RHSA-2008:0009-01, RHSA-2008:0261-01, RHSA-2008:0263-01, RHSA-2008:0523-02, RHSA-2008:0524-01, RHSA-2010:0602-02, SSA:2008-045-01, SSA:2008-045-02, SSA:2008-210-02, SSRT080010, SSRT080059, SSRT090108, SUSE-SA:2008:021, TLSA-2007-56, VIGILANCE-VUL-7412, VMSA-2009-0010, VMSA-2009-0012.

Description of the vulnerability

The mod_imap module was renamed mod_imagemap since Apache 2.2. This module creates clickable images on a web site.

The ImapMenu enables the display of a navigation menu.

The menu_header() function displays the header of the HTML page containing the menu. This function does not filter the current url before displaying it in the "<head>" or on the top of the page if the menu is formatted.

An attacker can therefore use a special url in order to generate a Cross Site Scripting in mod_imap or mod_imagemap.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.