Detections
Analytics

MiracleLinux 3 : neon-0.25.5-10AXS3.1 (AXSA:2009-403:02)

high Nessus Plugin ID 284013

Synopsis

The remote MiracleLinux host is missing one or more security updates.

Description

The remote MiracleLinux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2009-403:02 advisory.

 neon is an HTTP and WebDAV client library, with a C interface; providing a high-level interface to HTTP and WebDAV methods along with a low-level interface for HTTP request handling. neon supports persistent connections, proxy servers, basic, digest and Kerberos authentication, and has complete SSL support.
 Security bugs fixed by this release:
 CVE-2009-2473 neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
 CVE-2009-2474 neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected neon package.

See Also

https://tsn.miraclelinux.com/en/node/1041

Plugin Details

Severity: High

ID: 284013

File Name: miracle_linux_AXSA-2009-403.nasl

Version: 1.1

Type: local

Published: 1/14/2026

Updated: 1/14/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS Score Source: CVE-2009-2474

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2009-2473

Vulnerability Information

CPE: cpe:/o:miracle:linux:3, p-cpe:/a:miracle:linux:neon

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/30/2009

Vulnerability Publication Date: 8/18/2009

Reference Information

CVE: CVE-2009-2473, CVE-2009-2474