Amazon Linux AMI : httpd24 Multiple Vulnerabilities (ALAS-2013-175)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Amazon Linux AMI host is missing a security update.

Description :

Multiple cross-site scripting (XSS) vulnerabilities in the
balancer_handler function in the manager interface in
mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache
HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow
remote attackers to inject arbitrary web script or HTML via a crafted
string. (CVE-2012-4558)

Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP
Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote
attackers to inject arbitrary web script or HTML via vectors involving
hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3)
mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
(CVE-2012-3499)

See also :

http://www.nessus.org/u?02e5aa27

Solution :

Run 'yum update httpd24' to update your system.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Family: Amazon Linux Local Security Checks

Nessus Plugin ID: 69734 ()

Bugtraq ID:

CVE ID: CVE-2012-3499
CVE-2012-4558