Lucene search
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.ALA_ALAS-2020-1370.NASLHistoryJun 04, 2020 - 12:00 a.m.
Amazon Linux AMI : httpd24 (ALAS-2020-1370)
2020-06-0400:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.5 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
65.7%
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.(CVE-2020-1927)
In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.(CVE-2020-1934)
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1370.
#
include('compat.inc');
if (description)
{
script_id(137093);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/08");
script_cve_id("CVE-2020-1927", "CVE-2020-1934");
script_xref(name:"ALAS", value:"2020-1370");
script_xref(name:"CEA-ID", value:"CEA-2021-0025");
script_name(english:"Amazon Linux AMI : httpd24 (ALAS-2020-1370)");
script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux AMI host is missing a security update.");
script_set_attribute(attribute:"description", value:
"In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with
mod_rewrite that were intended to be self-referential might be fooled
by encoded newlines and redirect instead to an an unexpected URL
within the request URL.(CVE-2020-1927)
In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use
uninitialized memory when proxying to a malicious FTP
server.(CVE-2020-1934)");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2020-1370.html");
script_set_attribute(attribute:"solution", value:
"Run 'yum update httpd24' to update your system.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-1927");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/01");
script_set_attribute(attribute:"patch_publication_date", value:"2020/06/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/04");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd24");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd24-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd24-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd24-manual");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd24-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mod24_ldap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mod24_md");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mod24_proxy_html");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mod24_session");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mod24_ssl");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Amazon Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (rpm_check(release:"ALA", reference:"httpd24-2.4.43-1.89.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"httpd24-debuginfo-2.4.43-1.89.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"httpd24-devel-2.4.43-1.89.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"httpd24-manual-2.4.43-1.89.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"httpd24-tools-2.4.43-1.89.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mod24_ldap-2.4.43-1.89.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mod24_md-2.4.43-1.89.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mod24_proxy_html-2.4.43-1.89.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mod24_session-2.4.43-1.89.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mod24_ssl-2.4.43-1.89.amzn1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd24 / httpd24-debuginfo / httpd24-devel / httpd24-manual / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| amazon | linux | httpd24 | p-cpe:/a:amazon:linux:httpd24 |
| amazon | linux | httpd24-debuginfo | p-cpe:/a:amazon:linux:httpd24-debuginfo |
| amazon | linux | httpd24-devel | p-cpe:/a:amazon:linux:httpd24-devel |
| amazon | linux | httpd24-manual | p-cpe:/a:amazon:linux:httpd24-manual |
| amazon | linux | httpd24-tools | p-cpe:/a:amazon:linux:httpd24-tools |
| amazon | linux | mod24_ldap | p-cpe:/a:amazon:linux:mod24_ldap |
| amazon | linux | mod24_md | p-cpe:/a:amazon:linux:mod24_md |
| amazon | linux | mod24_proxy_html | p-cpe:/a:amazon:linux:mod24_proxy_html |
| amazon | linux | mod24_session | p-cpe:/a:amazon:linux:mod24_session |
| amazon | linux | mod24_ssl | p-cpe:/a:amazon:linux:mod24_ssl |
Related
altlinux
altlinux
Security fix for the ALT Linux 8 package apache2 version 1:2.4.43-alt1
2020-04-09 00:00:00
Security fix for the ALT Linux 9 package apache2 version 1:2.4.43-alt1
2020-04-08 00:00:00
Security fix for the ALT Linux 10 package apache2 version 1:2.4.43-alt1
2020-04-06 00:00:00
openvas
openvas
Apache HTTP Server 2.4.0 < 2.4.42 Multiple Vulnerabilities - Windows
2020-04-03 00:00:00
Apache HTTP Server 2.4.0 < 2.4.42 Multiple Vulnerabilities - Linux
2020-04-03 00:00:00
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2020-1601)
2020-06-03 00:00:00
ibm
ibm
nessus
nessus
EulerOS Virtualization 3.0.6.0 : httpd (EulerOS-SA-2020-1749)
2020-07-01 00:00:00
Apache 2.4.x < 2.4.42 Multiple Vulnerabilities
2020-04-10 00:00:00
Photon OS 1.0: Httpd PHSA-2020-1.0-0290
2020-04-29 00:00:00
mageia
mageia
Updated apache packages fix security vulnerabilities
2020-04-15 13:12:14
photon
photon
Moderate Photon OS Security Update - PHSA-2020-0079
2020-04-10 00:00:00
Moderate Photon OS Security Update - PHSA-2020-3.0-0079
2020-04-10 00:00:00
kaspersky
kaspersky
KLA12367 Multiple vulnerabilities in Apache HTTP Server
2020-04-01 00:00:00
amazon
amazon
Low: httpd
2020-05-19 18:32:00
Low: httpd24
2020-05-22 20:57:00
freebsd
freebsd
Apache -- Multiple vulnerabilities
2020-04-01 00:00:00
suse
suse
Security update for apache2 (important)
2020-05-02 00:00:00
archlinux
archlinux
[ASA-202004-14] apache: multiple issues
2020-04-15 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: httpd-2.4.46-1.fc32
2020-08-31 15:50:53
[SECURITY] Fedora 31 Update: httpd-2.4.46-1.fc31
2020-09-03 16:27:14
osv
osv
CVE-2020-1934
2020-04-01 20:15:15
BIT-apache-2020-1934
2024-03-06 10:56:53
apache2 - security update
2020-08-31 00:00:00
redhatcve
redhatcve
CVE-2020-1934
2020-04-03 21:01:35
CVE-2020-1927
2020-04-03 20:31:36
prion
prion
Code injection
2020-04-01 20:15:00
Code injection
2020-04-02 00:15:00
cvelist
cvelist
CVE-2020-1934
2020-04-01 19:22:23
CVE-2020-1927
2020-04-01 23:08:43
cve
cve
CVE-2020-1934
2020-04-01 20:15:15
CVE-2020-1927
2020-04-02 00:15:13
alpinelinux
alpinelinux
CVE-2020-1934
2020-04-01 20:15:15
CVE-2020-1927
2020-04-02 00:15:13
f5
f5
Apache mod_proxy_ftp vulnerability CVE-2020-1934
2021-03-10 19:35:00
K23153696 : Apache HTTPD vulnerability CVE-2020-1927
2020-08-26 00:00:00
debian
debian
[SECURITY] [DSA 4757-1] apache2 security update
2020-08-31 15:10:58
[SECURITY] [DSA 4757-1] apache2 security update
2020-08-31 15:10:58
[SECURITY] [DLA 2706-1] apache2 security update
2021-07-09 08:50:21
veracode
veracode
Information Disclosure
2020-06-23 03:36:09
Open Redirection
2020-05-15 02:23:25
nvd
nvd
CVE-2020-1934
2020-04-01 20:15:15
CVE-2020-1927
2020-04-02 00:15:13
ubuntucve
ubuntucve
CVE-2020-1934
2020-04-01 00:00:00
CVE-2020-1927
2020-04-02 00:00:00
httpd
httpd
Apache Httpd < 2.4.42 : mod_proxy_ftp use of uninitialized value
2020-01-03 00:00:00
Apache Httpd < 2.4.42 : mod_rewrite CWE-601 open redirect
2019-12-05 00:00:00
hackerone
hackerone
debiancve
debiancve
CVE-2020-1934
2020-04-01 20:15:15
CVE-2020-1927
2020-04-02 00:15:13
ubuntu
ubuntu
Apache HTTP Server vulnerabilities
2020-08-13 00:00:00
oraclelinux
oraclelinux
httpd security, bug fix, and enhancement update
2020-10-06 00:00:00
httpd:2.4 security, bug fix, and enhancement update
2020-11-10 00:00:00
redhat
redhat
centos
centos
httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update
2020-10-20 18:13:33
attackerkb
attackerkb
CVE-2020-1934
2020-04-01 00:00:00
rocky
rocky
httpd:2.4 security, bug fix, and enhancement update
2020-11-03 12:33:02
almalinux
almalinux
Moderate: httpd:2.4 security, bug fix, and enhancement update
2020-11-03 12:33:02
symantec
symantec
Apache HTTP Server Vulnerabilities Jan 2019 - Apr 2020
2020-06-12 20:41:37
oracle
oracle
Oracle Critical Patch Update Advisory - July 2020
2020-07-14 00:00:00
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.5 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
65.7%
Related for ALA_ALAS-2020-1370.NASL