Tenable SecurityCenter 5.19.x / 5.20.x / 5.21.0 Multiple Vulnerabilities (TNS-2022-14)

critical Nessus Plugin ID 162621

Synopsis

An application installed on the remote host is affected by multiple vulnerabilities.

Description

According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is running 5.19.x, 5.20.x, or 5.21.0 and is therefore affected by multiple vulnerabilities:

- The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue. (CVE-2022-28614)
- Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected. (CVE-2022-28615)

- Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application. (CVE-2022-31813) Note that successful exploitation of the most serious issues can result in arbitrary code execution.

Solution

Apply the security patch referenced in the vendor advisory.

See Also

https://www.tenable.com/security/tns-2022-14

http://www.nessus.org/u?c6698356

Plugin Details

Severity: Critical

ID: 162621

File Name: securitycenter_5_21_0_tns_2022_14.nasl

Version: 1.2

Type: local

Agent: unix

Family: Misc.

Published: 6/30/2022

Updated: 7/1/2022

Supported Sensors: Nessus Agent

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

CVSS Score Source: CVE-2022-31813

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:tenable:securitycenter

Exploit Ease: No known exploits are available

Patch Publication Date: 6/30/2022

Vulnerability Publication Date: 6/30/2022

Reference Information

CVE: CVE-2022-28614, CVE-2022-28615, CVE-2022-31813