[Openvas-plugins] apache_server_status.nasl

[Sebastien Aucouturier]

Hi team,
i want to proposed the following change for plugin 
apache_server_status.

patch 1:
  We got servers returning 403 forbidden access and setting filename 
'/server_status' in data body, when plugin access the file.
  This make the plugin to declare the vulnerability when it should not.

  We introduce some change : Plugin now check http server code return,
  And set the vulnerability, only when http code 200 is return.

patch 2:
  This patch proposal is description break-up for openvas6.0-beta5 
feature.

Can you give feedback about, and accept the change for next nvt update 
?

--
"Le saviez-vous ? la technologie d'ITrust va sécuriser le cloud 
français"

    | Sébastien AUCOUTURIER | Responsable R&D
    | ITrust | 55 L'Occitane 31670 LABEGE
    | Email: s.aucoutur...@itrust.fr
    | Fixe Sdt. 05.67.34.67.80
    | IT Security Services & SaaS Editor--- apache_server_status.nasl	2013-01-07 16:07:44.000000000 +0100
+++ /rewrite/plugins/apache_server_status.nasl	2013-07-24 08:31:20.557438068 +0200
@@ -4,9 +4,11 @@
 #
 # Authors:
 # Vincent Renardias <vinc...@strongholdnet.com>
+# Mercier Daniel <dmerc...@itrust.fr>
 #
 # Copyright:
 # Copyright (C) 2001 StrongHoldNet
+#               2013 ITrust, http://www.itrust.fr
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2,
@@ -75,8 +77,7 @@
 {
   buffer = http_get(item:"/server-status", port:port);
   data = http_keepalive_send_recv(port:port, data:buffer);
-  if( str >< data )
-  {
-   security_warning(port);
-  }
+  if(ereg(pattern:"^HTTP/[0-9]\.[0-9] 200 ", string:data)) security_warning(port);
+  exit (0);
 }
+
--- /rewrite/plugins/apache_server_status.nasl  2013-07-24 08:31:20.557438068 
+0200
+++ /rewrite/plugins/apache_server_status.nasl.6.0      2013-07-24 
09:16:49.415826276 +0200
@@ -23,13 +23,60 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 #
+include("revisions-lib.inc");
 
 if(description)
 {
+tag_summary =
+  "Leak of information in Apache.";
+
+tag_detection =
+  "Check if /server-status page exist.";
+
+tag_impact =
+  "Requesting the URI /server-status gives information about
+the currently running Apache.";
+
+tag_affected =
+  "All Apache version.";
+
+tag_solution = 
+"If you don't use this feature, comment the appropriate section in
+your httpd.conf file. If you really need it, limit its access to
+the administrator's machine.";
+
+desc = "
+  Summary:
+  " + tag_summary + "
+
+  Vulnerability Detection:
+  " + tag_detection + "
+
+  Vulnerability Insight:
+  " + tag_insight + "
+
+  Impact:
+  " + tag_impact + "
+
+  Affected Software/OS:
+  " + tag_affected + "
+
+  Solution:
+  " + tag_solution;
+
+ if (revcomp(a: OPENVAS_VERSION, b: "6.0+beta5") >= 0){                        
                                                          
+   script_tag(name : "summary" , value : tag_summary);                         
                                                          
+   script_tag(name : "vuldetect" , value : tag_detection);                     
                                                          
+   script_tag(name : "solution" , value : tag_solution);                       
                                                          
+   script_tag(name : "insight" , value : tag_insight);                         
                                                          
+   script_tag(name : "affected" , value : tag_affected);                       
                                                          
+   script_tag(name : "impact" , value : tag_impact);                           
                                                          
+ }
+
  script_id(10677);
  script_version("$Revision: 14994 $");
  script_tag(name:"last_modification", value:"$Date: 2012-12-31 12:37:58 +0100 
(Mon, 31 Dec 2012) $");
- script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 
Nov 2005)");
+ script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 
Nov 2005)"); 
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_tag(name:"risk_factor", value:"Medium");
@@ -37,15 +84,6 @@
  
  script_name(name);
  
- desc = "
-Requesting the URI /server-status gives information about
-the currently running Apache.
-
-Solution : 
-If you don't use this feature, comment the appropriate section in
-your httpd.conf file. If you really need it, limit its access to
-the administrator's machine.";
-
  script_description(desc);
  
  summary = "Makes a request like http://www.example.com/server-status";;
@@ -71,7 +109,6 @@
 include("http_keepalive.inc");
 
 port = get_http_port(default:80);
-str = "Apache Server Status";
 
 if(get_port_state(port))
 {
_______________________________________________
Openvas-plugins mailing list
Openvas-plugins@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins