Oracle Solaris Third-Party Patch Update : apache (cve_2013_1896_denial_of)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Synopsis :

The remote Solaris system is missing a security patch for third-party

Description :

The remote Solaris system is missing necessary patches to address
security updates :

- Multiple cross-site scripting (XSS) vulnerabilities in
the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x
before 2.4.4 allow remote attackers to inject arbitrary
web script or HTML via vectors involving hostnames and
URIs in the (1) mod_imagemap, (2) mod_info, (3)
mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.

- mod_rewrite.c in the mod_rewrite module in the Apache
HTTP Server 2.2.x before 2.2.25 writes data to a log
file without sanitizing non-printable characters, which
might allow remote attackers to execute arbitrary
commands via an HTTP request containing an escape
sequence for a terminal emulator. (CVE-2013-1862)

- mod_dav.c in the Apache HTTP Server before 2.2.25 does
not properly determine whether DAV is enabled for a URI,
which allows remote attackers to cause a denial of
service (segmentation fault) via a MERGE request in
which the URI is configured for handling by the
mod_dav_svn module, but a certain href attribute in XML
data refers to a non-DAV URI. (CVE-2013-1896)

See also :

Solution :

Upgrade to Solaris

Risk factor :

Medium / CVSS Base Score : 5.1

Family: Solaris Local Security Checks

Nessus Plugin ID: 80585 ()

Bugtraq ID:

CVE ID: CVE-2012-3499

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now