Ubuntu Pastebin

Paste from shaun at Mon, 21 Dec 2015 22:32:03 +0000

Download as text 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
THREAT REFERENCE

Summary: 
vulnerable Apache version: 2.4.10

Risk: High (3)
Port: 80/tcp
Protocol: tcp
Threat ID: web_server_apache_version

Details: Multiple vulnerabilities fixed in Apache HTTP Server 2.4.16
07/20/15
CVE 2015-0228
CVE 2015-0253
CVE 2015-3183
CVE 2015-3185
Apache HTTP Server 2.4.16 fixed multiple vulnerabilities.
These vulnerabilities can be exploited to allow the system to crash or bypass certain security restrictions.
The vulnerabilities are as follows:
mod_lua: Crash in websockets PING handling.
Crash in ErrorDocument 400 handling.
HTTP request smuggling attack against chunked request parser.
ap_some_auth_required API unusable.
Multiple vulnerabilities fixed in Apache HTTP Server 2.4.12
04/29/15
CVE 2013-5704
CVE 2014-8109
Apache HTTP Server prior to 2.4.12 is prone to multiple vulnerabilities,
which can be exploited by malicious users, to bypass certain security restrictions.
The vulnerabilities exist due to flaws in mod_lua and core.
Apache HTTP Server mod_proxy_fcgi Response Handling Vulnerability
11/21/14
CVE 2014-3583
Apache HTTP Server before 2.4.12 is prone to a vulnerability,
which can be exploited to cause a DoS (Denial of Service).
The vulnerability exists due to an overflow condition in mod_proxy_fcgi.
when handling responses from FastCGI servers. The vulnerability can be exploited by
sending a crafted response from a malicious FastCGI server, which could lead to a 
crash when reading past the end of a heap memory. 
Apache HTTP Server NULL Pointer Dereference Vulnerability
10/08/14
CVE 2014-3581
Apache HTTP Server 2.4.10 and earlier is prone to a vulnerability,
which can be exploited to cause a DoS (Denial of Service).
The vulnerability exists because the application contains flaw in
the cache_merge_headers_out() function which is 
triggered when handling an empty 'Content-Type' header value. 
HTTP-Basic Authentication Bypass Vulnerability
08/14/09
Apache 2.2.2 and prior are prone to an authentication-bypass vulnerability 
because it fails to properly enforce access restrictions on certain requests to a site that requires authentication.
An attacker can exploit this issue to gain access to protected resources, 
which may allow the attacker to obtain sensitive information or launch further attacks.
Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
11/03/08
Apache 2.2.9 and prior is prone an unspecified security vulnerability.

Information From Target:
Service: http
Received: Server: Apache/2.4.10 (Ubuntu)
Download as text