Juniper NSM Servers < 2012.2R5 Multiple Vulnerabilities

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by multiple vulnerabilities.

Description :

According to the version of one or more Juniper NSM servers running on
the remote host, it is potentially affected by the following
vulnerabilities related to the included Apache Tomcat version :

- An error exists related to handling requests containing
several parameters that could allow denial of service
attacks. (CVE-2012-0022)

- An error exists related to handling partial HTTP
requests that could allow denial of service attacks.
(CVE-2012-5568)

- Errors exist related to handling DIGEST authentication
that could allow security mechanisms to be bypassed.
(CVE-2012-5885, CVE-2012-5886, CVE-2012-5887)

See also :

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10600
http://www.juniper.net/support/downloads/?p=nsm#sw

Solution :

Upgrade to NSM version 2012.2R5.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 71023 ()

Bugtraq ID: 51447
56403
56686

CVE ID: CVE-2012-0022
CVE-2012-5568
CVE-2012-5885
CVE-2012-5886
CVE-2012-5887