Juniper NSM < 2012.2R9 Apache HTTP Server Multiple Vulnerabilities (JSA10685)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by multiple vulnerabilities.

Description :

The remote host is running a version of NSM (Network and Security
Manager) Server that is prior to 2012.2R9. It is, therefore, affected
by multiple vulnerabilities in the bundled version of Apache HTTP
Server :

- A flaw exists due to improper escaping of filenames in
406 and 300 HTTP responses. A remote attacker can
exploit this, by uploading a file with a specially
crafted name, to inject arbitrary HTTP headers or
conduct cross-site scripting attacks. (CVE-2008-0456)

- Multiple cross-site scripting vulnerabilities exist in
the mod_negotiation module due to improper sanitization
of input passed via filenames. An attacker can exploit
this to execute arbitrary script code in a user's
browser. (CVE-2012-2687)

- Multiple cross-site scripting vulnerabilities exist in
the mod_info, mod_status, mod_imagemap, mod_ldap, and
mod_proxy_ftp modules due to improper validation of
input passed via the URL or hostnames. An attacker can
exploit this to execute arbitrary script code in a
user's browser. (CVE-2012-3499)

- A cross-site scripting vulnerability exists in the
mod_proxy_balancer module due to improper validation of
input passed via the URL or hostnames. An attacker can
exploit this to execute arbitrary script code in a
user's browser. (CVE-2012-4558)

- A flaw exists in the do_rewritelog() function due to
improper sanitization of escape sequences written to log
files. A remote attacker can exploit this, via a
specially crafted HTTP request, to execute arbitrary
commands. (CVE-2013-1862)

- A denial of service vulnerability exists in mod_dav.c
due to improper validation to determine if DAV is
enabled for a URI. A remote attacker can exploit this,
via a specially crafted MERGE request, to cause a
segmentation fault, resulting in a denial of service
condition. (CVE-2013-1896)

- A denial of service vulnerability exists in the
dav_xml_get_cdata() function
due to improper removal of whitespace characters from
CDATA sections. A remote attacker can exploit this,
via a specially crafted DAV WRITE request, to cause a
daemon crash, resulting in a denial of service
condition. (CVE-2013-6438)

- A flaw exists in log_cookie() function due to the
logging of cookies with an unassigned value. A remote
attacker can exploit this, via a specially crafted
request, to cause a segmentation fault, resulting in a
denial of service condition. (CVE-2014-0098)

- A flaw exists in the deflate_in_filter() function when
request body decompression is configured. A remote
attacker can exploit this, via a specially crafted
request, to exhaust available memory and CPU resources,
resulting in a denial of service condition.
(CVE-2014-0118)

- A race condition exists in the mod_status module due to
improper validation of user-supplied input when handling
the scoreboard. A remote attacker can exploit this, via
a crafted request, to cause a heap-based buffer
overflow, resulting in a denial of service condition or
the execution of arbitrary code. (CVE-2014-0226)

- A flaw exists in the mod_cgid module due to the lack of
a timeout mechanism. A remote attacker can exploit this,
via a request to a CGI script that does not read from
its stdin file descriptor, to cause a denial of service
condition. (CVE-2014-0231)

See also :

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10685

Solution :

Upgrade to Juniper NSM version 2012.2R9 or later. Alternatively,
apply Upgrade Package v4.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now