Juniper NSM Servers < 2012.2R5 Multiple Vulnerabilities

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by multiple vulnerabilities.

Description :

According to the version of one or more Juniper NSM servers running on
the remote host, it is potentially affected by the following
vulnerabilities related to the included Apache Tomcat version :

- An error exists related to handling requests containing
several parameters that could allow denial of service
attacks. (CVE-2012-0022)

- An error exists related to handling partial HTTP
requests that could allow denial of service attacks.
(CVE-2012-5568)

- Errors exist related to handling DIGEST authentication
that could allow security mechanisms to be bypassed.
(CVE-2012-5885, CVE-2012-5886, CVE-2012-5887)

See also :

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10600
http://www.juniper.net/support/downloads/?p=nsm#sw

Solution :

Upgrade to NSM version 2012.2R5.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 71023 ()

Bugtraq ID: 51447
56403
56686

CVE ID: CVE-2012-0022
CVE-2012-5568
CVE-2012-5885
CVE-2012-5886
CVE-2012-5887

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial