This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
The remote web server is affected by multiple vulnerabilities.
According to its banner, the version of Apache 2.2.x running on the
remote host is a version prior to 2.2.27. It is, therefore,
potentially affected by the following vulnerabilities :
- A flaw exists with the 'mod_dav' module that is caused
when tracking the length of CDATA that has leading white
space. A remote attacker with a specially crafted DAV
WRITE request can cause the service to stop responding.
- A flaw exists in 'mod_log_config' module that is caused
when logging a cookie that has an unassigned value. A
remote attacker with a specially crafted request can
cause the service to crash. (CVE-2014-0098)
Note that Nessus did not actually test for these issues, but instead
has relied on the version in the server's banner.
See also :
Upgrade to Apache version 2.2.27 or later. Alternatively, ensure that
the affected modules are not in use.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true