Site - https://lists.mozilla.org Vulnerability - Multiple Vulnerabilities. Current version found - Apache/2.2.15 (Red Hat) Server at lists.mozilla.org Port 443 Version can be found here - https://lists.mozilla.org/ORxvcglX41 Vulnerability 1) envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl. Risk level - High Imapcts - Confidentiality Impact - Complete (There is total information disclosure, resulting in all system files being revealed.) Integrity Impact - Complete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.) Availability Impact - Complete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.) Reference - http://www.cvedetails.com/cve/CVE-2012-0883/ Vulnerability 2) scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function. Risk level - High Impact - Confidentiality Impact - Partial (There is considerable informational disclosure.) Integrity Impact - Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.) Availability Impact -Partial (There is reduced performance or interruptions in resource availability.) Refrence - http://www.cvedetails.com/cve/CVE-2012-0031/ Vulnerability 3) The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086. Risk level - Critically high. Availability Impact - Complete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.) (1 public exploit) (1 Metasploit modules) available. Reference - http://www.cvedetails.com/cve/CVE-2011-3192/ Vulnerability 4) Vulnerability description A denial of service vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache HTTPD server: http://seclists.org/fulldisclosure/2011/Aug/175 An attack tool is circulating in the wild. Active use of this tools has been observed. The attack can be done remotely and with a modest number of requests can cause very significant memory and CPU usage on the server. Affected Apache versions (1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19). Reference - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192 The list of vulnerabilities and their impact can be found here : http://www.apache.org/dist/httpd/Announcement2.2.html http://www.cvedetails.com/vulnerability-list.php?vendor_id=45&product_id=66&version_id=109442&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&month=0&cweid=0&order=1&trc=4&sha=27943c1f76fcf9691f0ce75b0eaba93357425f76 working exploit can be found here : http://www.exploit-db.com/exploits/17696/ These vulnerabilities affects webserver: Total Compromisation of all the users data Confidentiality, Integrity and Availability. How to fix this vulnerability Upgrade to the latest version of Apache HTTP Server (2.2.20 or later), available from the Apache HTTP Server Project Web site. Must be patched soon
Thank you for your report! Is your assessment based strictly on version number, or have you successfully exploited a vulnerability? I'm asking because the server is running RedHat. RedHat is well known for backpatching security fixes into older versions of software. In other words, finding vulnerabilities by CVE and version numbers with RedHat is an exercise in futility. I've checked the server and it's currently running the lastest patches available from RedHat, which includs fixes for: CVE-(2012-0883|2012-0031|2007-0086|2011-3192) If your finding is not based on version number alone, let me know. Otherwise I'll close this bug as resolved-invalid.