FreeBSD : passenger -- client controlled header overwriting (84fdd1bb-9d37-11e5-8f5c-002590263bf5)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Daniel Knoppel reports :

It was discovered by the SUSE security team that it was possible, in
some cases, for clients to overwrite headers set by the server,
resulting in a medium level security issue. CVE-2015-7519 has been
assigned to this issue.

Affected use-cases :

Header overwriting may occur if all of the following conditions are
met :

- Apache integration mode, or standalone+builtin engine without a
filtering proxy

- Ruby or Python applications only (Passenger 5); or any application
(Passenger 4)

- The app depends on a request header containing a dash (-)

- The header is supposed to be trusted (set by the server)

- The client correctly guesses the header name

This vulnerability has been fixed by filtering out client headers that
do not consist of alphanumeric/dash characters (Nginx already did
this, so Passenger+Nginx was not affected). If your application
depends on headers that don't conform to this, you can add a
workaround in Apache specifically for those to convert them to a
dash-based format.

See also :

https://blog.phusion.nl/2015/12/07/cve-2015-7519/
http://www.nessus.org/u?12490725

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 87226 ()

Bugtraq ID:

CVE ID: CVE-2015-7519

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now