Detections
Analytics

MiracleLinux 7 : httpd-2.4.6-99.1.0.9.el7.AXS7 (AXSA:2025-10586:06)

medium Nessus Plugin ID 283205

Synopsis

The remote MiracleLinux host is missing one or more security updates.

Description

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10586:06 advisory.

 * CVE-2014-8109: mod_lua: fix LuaAuthzProvider argument handling issue
 * CVE-2019-10092: mod_proxy: fix limited cross-site scripting in mod_proxy error page CVE(s):
 CVE-2019-10092 In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.
 CVE-2014-8109 mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://tsn.miraclelinux.com/en/node/21770

Plugin Details

Severity: Medium

ID: 283205

File Name: miracle_linux_AXSA-2025-10586.nasl

Version: 1.1

Type: local

Published: 1/13/2026

Updated: 1/13/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.4

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2019-10092

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 5.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:mod_ssl, p-cpe:/a:miracle:linux:httpd, cpe:/o:miracle:linux:7, p-cpe:/a:miracle:linux:httpd-tools, p-cpe:/a:miracle:linux:mod_session, p-cpe:/a:miracle:linux:httpd-devel, p-cpe:/a:miracle:linux:httpd-manual

Required KB Items: Host/local_checks_enabled, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/25/2025

Vulnerability Publication Date: 10/19/2013

Reference Information

CVE: CVE-2014-8109, CVE-2019-10092