Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2005-773.NASL
HistorySep 17, 2005 - 12:00 a.m.

RHEL 2.1 : mod_ssl (RHSA-2005:773)

2005-09-1700:00:00
This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.002

Percentile

59.6%

JSON

An updated mod_ssl package for Apache that corrects a security issue is now available.

This update has been rated as having important security impact by the Red Hat Security Response Team.

The mod_ssl module provides strong cryptography for the Apache Web server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols.

A flaw was discovered in mod_ssl’s handling of the ‘SSLVerifyClient’ directive. This flaw occurs if a virtual host is configured using ‘SSLVerifyClient optional’ and a directive ‘SSLVerifyClient required’ is set for a specific location. For servers configured in this fashion, an attacker may be able to access resources that should otherwise be protected, by not supplying a client certificate when connecting. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2700 to this issue.

Users of mod_ssl should upgrade to this updated package, which contains a backported patch to correct this issue.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2005:773. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(19714);
  script_version("1.23");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2005-2700");
  script_xref(name:"RHSA", value:"2005:773");

  script_name(english:"RHEL 2.1 : mod_ssl (RHSA-2005:773)");
  script_summary(english:"Checks the rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An updated mod_ssl package for Apache that corrects a security issue
is now available.

This update has been rated as having important security impact by the
Red Hat Security Response Team.

The mod_ssl module provides strong cryptography for the Apache Web
server via the Secure Sockets Layer (SSL) and Transport Layer Security
(TLS) protocols.

A flaw was discovered in mod_ssl's handling of the 'SSLVerifyClient'
directive. This flaw occurs if a virtual host is configured using
'SSLVerifyClient optional' and a directive 'SSLVerifyClient required'
is set for a specific location. For servers configured in this
fashion, an attacker may be able to access resources that should
otherwise be protected, by not supplying a client certificate when
connecting. The Common Vulnerabilities and Exposures project assigned
the name CVE-2005-2700 to this issue.

Users of mod_ssl should upgrade to this updated package, which
contains a backported patch to correct this issue."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2005-2700"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2005:773"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected mod_ssl package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_ssl");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2005/09/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2005/09/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/09/17");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2005:773";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mod_ssl-2.8.12-8")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mod_ssl");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxmod_sslp-cpe:/a:redhat:enterprise_linux:mod_ssl
redhatenterprise_linux2.1cpe:/o:redhat:enterprise_linux:2.1

Related

redhat 2
openvas 31
cve 1
ubuntucve 1
f5 4
nvd 1
centos 2
nessus 14
osv 2
securityvulns 1
slackware 2
debian 4
cvelist 1
cert 1
debiancve 1
httpd 1
gentoo 1
suse 3
ubuntu 1
redhat
redhat
(RHSA-2005:773) mod_ssl security update
2005-09-15 00:00:00
(RHSA-2005:608) httpd security update
2005-09-06 00:00:00
openvas
openvas
HP-UX Update for Apache HPSBUX01232
2009-05-05 00:00:00
Slackware Advisory SSA:2005-251-02 mod_ssl
2012-09-11 00:00:00
Debian: Security Advisory (DSA-807-1)
2008-01-17 00:00:00
cve
cve
CVE-2005-2700
2005-09-06 23:03:00
ubuntucve
ubuntucve
CVE-2005-2700
2005-09-06 00:00:00
f5
f5
SOL5857 - Client certificate check vulnerability in Apache - CVE-2005-2700
2007-05-16 00:00:00
K5278 : Apache mod_ssl SSLVerifyClient bypass - CAN-2005-2700
2013-03-28 00:00:00
SOL5278 - Apache mod_ssl SSLVerifyClient bypass - CAN-2005-2700
2007-05-16 00:00:00
nvd
nvd
CVE-2005-2700
2005-09-06 23:03:00
centos
centos
mod_ssl security update
2005-09-16 00:34:35
httpd, mod_ssl security update
2005-09-06 15:58:02
nessus
nessus
Slackware 10.0 / 10.1 / 8.1 / 9.0 / 9.1 / current : mod_ssl (SSA:2005-251-02)
2005-10-05 00:00:00
Debian DSA-807-1 : libapache-mod-ssl - acl restriction bypass
2005-09-13 00:00:00
GLSA-200509-12 : Apache, mod_ssl: Multiple vulnerabilities
2005-10-05 00:00:00
osv
osv
libapache-mod-ssl - acl restriction bypass
2005-09-12 00:00:00
apache2 - several
2005-09-08 00:00:00
securityvulns
securityvulns
mod_ssl &quot;SSLVerifyClient&quot; Security Bypass Security Issue
2005-09-05 00:00:00
slackware
slackware
mod_ssl
2005-09-08 15:54:45
slackware-current security updates
2005-09-08 15:55:02
debian
debian
[SECURITY] [DSA 807-1] New mod_ssl packages fix acl restriction bypass
2005-09-12 14:21:07
[SECURITY] [DSA 807-1] New mod_ssl packages fix acl restriction bypass
2005-09-12 14:21:07
[SECURITY] [DSA 805-1] New Apache2 packages fix several vulnerabilities
2005-09-08 18:07:44
cvelist
cvelist
CVE-2005-2700
2005-09-06 04:00:00
cert
cert
mod_ssl fails to properly enforce client certificates authentication
2005-09-09 00:00:00
debiancve
debiancve
CVE-2005-2700
2005-09-06 23:03:00
httpd
httpd
Apache Httpd < 2.0.55 : SSLVerifyClient bypass
2005-08-30 00:00:00
gentoo
gentoo
Apache, mod_ssl: Multiple vulnerabilities
2005-09-19 00:00:00
suse
suse
cryptographic problems in apache2
2006-09-08 14:34:17
local command execution, authentication bypass, in apache2
2005-09-16 12:34:21
local command execution, authentication bypass, in apache2
2005-09-12 13:00:50
ubuntu
ubuntu
Apache 2 vulnerabilities
2005-09-07 00:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.002

Percentile

59.6%

JSON
Related for REDHAT-RHSA-2005-773.NASL
redhat2openvas31cve1ubuntucve1f54nvd1centos2nessus14osv2securityvulns1slackware2debian4cvelist1cert1debiancve1httpd1gentoo1suse3ubuntu1