Detections
Analytics

Tenable Security Center Multiple Vulnerabilities (TNS-2025-17)

critical Nessus Plugin ID 258118

Synopsis

An instance of Security Center installed on the remote system is affected by multiple vulnerabilities.

Description

According to its self-reported version, the Tenable Security Center running on the remote host is prior to version 6.6.0 with patch SC-202508.1. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2025-17 advisory.

 - In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a different set of trusted client certificates (for example with a different SSLCACertificateFile/Path setting). In such a case, a client trusted to access one virtual host may be able to access another virtual host, if SSLStrictSNIVHostCheck is not enabled in either virtual host. (CVE-2025-23048)

 - HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response.
 This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP Server 2.4.59 did not address the issue. Users are recommended to upgrade to version 2.4.64, which fixes this issue.
 (CVE-2024-42516)

 - SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where mod_headers is configured to modify the Content-Type request or response header with a value provided in the HTTP request. Users are recommended to upgrade to version 2.4.64 which fixes this issue. (CVE-2024-43204)

 - Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with %{varname}x or %{varname}c to log variables provided by mod_ssl such as SSL_TLS_SNI, no escaping is performed by either mod_log_config or mod_ssl and unsanitized data provided by the client may appear in log files. (CVE-2024-47252)

 - In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in mod_proxy_http2.
 Configurations affected are a reverse proxy is configured for an HTTP/2 backend, with ProxyPreserveHost set to on. (CVE-2025-49630)

 - In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using SSLEngine optional to enable TLS upgrades are affected. Users are recommended to upgrade to version 2.4.64, which removes support for TLS upgrade. (CVE-2025-49812)

 - Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63. Users are recommended to upgrade to version 2.4.64, which fixes the issue. (CVE-2025-53020)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Tenable Security Center 6.6.0 with Patch SC-202508.1 or later.

See Also

http://www.nessus.org/u?ac19917a

http://www.nessus.org/u?29b03dc6

https://www.tenable.com/security/TNS-2025-17

Plugin Details

Severity: Critical

ID: 258118

File Name: securitycenter_6_6_0_tns_2025_17.nasl

Version: 1.1

Type: combined

Agent: unix

Family: Misc.

Published: 8/29/2025

Updated: 8/29/2025

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

Vendor

Vendor Severity: Critical

CVSS v2

Risk Factor: High

Base Score: 9.4

Temporal Score: 7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N

CVSS Score Source: CVE-2025-23048

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:tenable:security_center

Exploit Ease: No known exploits are available

Patch Publication Date: 8/28/2025

Vulnerability Publication Date: 7/8/2025

Reference Information

CVE: CVE-2024-42516, CVE-2024-43204, CVE-2024-47252, CVE-2025-23048, CVE-2025-49630, CVE-2025-49812, CVE-2025-53020