This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
The remote web server is affected by multiple vulnerabilities.
According to its banner, the version of Apache 2.4.x running on the
remote host is a version prior to 2.4.8. It is, therefore, affected by
the following vulnerabilities :
- A flaw exists with the 'mod_dav' module that is caused
when tracking the length of CDATA that has leading white
space. A remote attacker with a specially crafted DAV
WRITE request can cause the service to stop responding.
- A flaw exists in 'mod_log_config' module that is caused
when logging a cookie that has an unassigned value. A
remote attacker with a specially crafted request can
cause the service to crash. (CVE-2014-0098)
Note that Nessus did not actually test for these issues, but instead
has relied on the version in the server's banner.
See also :
Upgrade to Apache version 2.4.9 or later. Alternatively, ensure that
the affected modules are not in use.
Note that the issues were addressed in 2.4.8, although that version
was not released.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true
Family: Web Servers
Nessus Plugin ID: 73081 ()
Bugtraq ID: 66303
CVE ID: CVE-2013-6438CVE-2014-0098
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.