The remote host is affected by the vulnerability described in GLSA-200409-33 (Apache: Exposure of protected directories)

    A bug in the way Apache handles the Satisfy directive, which is used to     require that certain conditions (client host, client authentication, etc)     be met before access to a certain directory is granted, could allow the     exposure of protected directories to unauthorized clients.
  Impact :

    Directories containing protected data could be exposed to all visitors to     the webserver.
  Workaround :

    There is no known workaround at this time.

The remote host is running Apache web server 2.0.51. It is reported that this version of Apache is vulnerable to an access control bypass attack. This issue occurs when using the 'Satisfy' directive. An attacker may gain unauthorized access to restricted resources if access control relies on this directive.

- Tue Sep 21 2004 Joe Orton <jorton at redhat.com>     2.0.51-2.7

  - ap_rgetline_core fix from Rici Lake

  - Tue Sep 21 2004 Joe Orton <jorton at redhat.com>     2.0.51-2.6

  - fix 2.0.51 regression in Satisfy merging (CVE-2004-0811)

  - Thu Sep 16 2004 Joe Orton <jorton at redhat.com>     2.0.51-2.5

  - mod_ssl: prevent SIGHUP-triggers-SIGSEGV after upgrade     from 2.0.50

    - revert mod_ldap/mod_auth_ldap changes likewise

  - Wed Sep 15 2004 Joe Orton <jorton at redhat.com>     2.0.51-2.1

  - update to 2.0.51, including security fixes for :

    - core: CVE-2004-0747

    - mod_dav_fs: CVE-2004-0809

    - mod_ssl: CVE-2004-0751, CVE-2004-0748

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

リモートホストは Apache Web サーバー 2.0.51 を実行しています。報告されているところによれば、Apache のこのバージョンは、アクセスコントロールバイパス攻撃に脆弱です。「Satisfy」ディレクティブを使用すると、この問題が発生します。アクセスコントロールがこのディレクティブに依存する場合、攻撃者は、制限されたリソースに対して認証されずにアクセスできることがあります。

遠端主機正在執行 Apache Web 伺服器 2.0.51。報告指出此 Apache 版本容易遭受存取控制旁路攻擊。此問題在使用「Satisfy」指示詞時發生。如果存取控制依賴於此指示詞，則攻擊者可能未經授權地存取限制的資源。

远程主机正在运行 Apache Web 服务器 2.0.51。有报告称此 Apache 版本容易遭受访问控制绕过攻击。此问题会在使用“Satisfy”指令时发生。如果访问控制依赖此指令，攻击者可能会获得对受限制资源未经授权的访问。

The remote host is running Apache Web Server 2.0.51. It is reported that this version of Apache is vulnerable to an access control bypass attack. This issue occurs when using the 'Satisfy' directive. An attacker may gain unauthorized access to restricted resources if access control relies on this directive.

The remote host is running a vulnerable version of Apache. It is reported that versions prior 2.0.51 are prone to a local buffer overflow when processing ${ENVVAR} constructs in .htaccess and httpd.conf files. An attacker with interactive access to the computer may use this flaw to execute arbitrary code in the context of the web server.

The remote host is running a vulnerable version of Apache. It is reported that versions prior 2.0.51 are prone to a remote denial of service issue. An attacker may issue a specific sequence of DAV LOCK commands to crash the process. If Apache is configured to use threads, it may completely crash the Apache process.

The remote host appears to be running a version of Apache 2.x that is older than 2.0.51. It is reported that these versions of Apache are prone to a denial of service issue related to mod_ssl. An attacker may force a SSL connection to be aborted and therefore cause the Apache server to enter in an infinite loop, consuming CPU resources. 

ID	名前	製品	ファミリー	公開日	更新日	深刻度
14811	GLSA-200409-33 : Apache: Exposure of protected directories	Nessus	Gentoo Local Security Checks	2004/9/24	2021/1/6	high
14803	Apache <= 2.0.51 Satisfy Directive Access Control Bypass	Nessus	Web Servers	2004/9/23	2018/6/29	high
14807	Fedora Core 2 : httpd-2.0.51-2.7 (2004-313)	Nessus	Fedora Local Security Checks	2004/9/24	2021/1/11	high
14803	Apache <= 2.0.51 の Satisfy ディレクティブのアクセスコントロールのバイパス	Nessus	Web Servers	2004/9/23	2018/6/29	high
14803	Apache <= 2.0.51 Satisfy 指示詞存取控制旁路	Nessus	Web Servers	2004/9/23	2018/6/29	high
14803	Apache <= 2.0.51 Satisfy 指令访问控制绕过	Nessus	Web Servers	2004/9/23	2018/6/29	high
2309	Apache < 2.0.52-dev 'Satisfy' Directive Access Control Bypass	Nessus Network Monitor	Web Servers	2004/9/23	2019/3/6	high
2290	Apache < 2.0.51 ${ENVVAR} Local Overflow	Nessus Network Monitor	Web Servers	2004/9/15	2019/3/6	medium
2291	Apache < 2.0.51 mod_dav DAV LOCK Command Remote DoS	Nessus Network Monitor	Web Servers	2004/9/15	2019/3/6	medium
2254	Apache < 2.0.51 Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	2004/9/3	2019/3/6	high
800562	Apache < 2.0.51 ${ENVVAR} Local Overflow	Log Correlation Engine	Web Servers			medium
800565	Apache < 2.0.51 mod_dav DAV LOCK Command Remote DoS	Log Correlation Engine	Web Servers			medium
800564	Apache < 2.0.51 Multiple Vulnerabilities	Log Correlation Engine	Web Servers			medium
800586	Apache < 2.0.52-dev 'Satisfy' Directive Access Control Bypass	Log Correlation Engine	Web Servers			medium

検出

プラグインの検索

high

high

high

high

high

high

high

medium

medium

high

medium

medium

medium

medium