FreeBSD : apache -- multiple vulnerabilities (4b7dbfab-4c6b-11e1-bc16-0023ae8e59f0)

This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

CVE MITRE reports :

An exposure was found when using mod_proxy in reverse proxy mode. In
certain configurations using RewriteRule with proxy flag or
ProxyPassMatch, a remote attacker could cause the reverse proxy to
connect to an arbitrary server, possibly disclosing sensitive
information from internal web servers not directly accessible to
attacker.

Integer overflow in the ap_pregsub function in server/util.c in the
Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when
the mod_setenvif module is enabled, allows local users to gain
privileges via a .htaccess file with a crafted SetEnvIf directive, in
conjunction with a crafted HTTP request header, leading to a
heap-based buffer overflow.

An additional exposure was found when using mod_proxy in reverse proxy
mode. In certain configurations using RewriteRule with proxy flag or
ProxyPassMatch, a remote attacker could cause the reverse proxy to
connect to an arbitrary server, possibly disclosing sensitive
information from internal web servers not directly accessible to
attacker.

A flaw was found in mod_log_config. If the '%{cookiename}C' log format
string is in use, a remote attacker could send a specific cookie
causing a crash. This crash would only be a denial of service if using
a threaded MPM.

A flaw was found in the handling of the scoreboard. An unprivileged
child process could cause the parent process to crash at shutdown
rather than terminate cleanly.

A flaw was found in the default error response for status code 400.
This flaw could be used by an attacker to expose 'httpOnly' cookies
when no custom ErrorDocument is specified.

See also :

http://www.nessus.org/u?e41175a6

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 57786 ()

Bugtraq ID:

CVE ID: CVE-2011-3368
CVE-2011-3607
CVE-2011-4317
CVE-2012-0021
CVE-2012-0031
CVE-2012-0053

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now