SuSE 11.2 Security Update : Apache (SAT Patch Number 7409)

Medium Nessus Plugin ID 65023

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.9

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

This update fixes the following issues :

- Denial of Service via special requests in mod_proxy_ajp.
(CVE-2012-4557)

- improper LD_LIBRARY_PATH handling. (CVE-2012-0883)

- filename escaping problem Additionally, some non-security bugs have been fixed:. (CVE-2012-2687)

- ignore case when checking against SNI server names.
[bnc#798733]

- httpd-2.2.x-CVE-2011-3368_CVE-2011-4317-bnc722545.diff reworked to reflect the upstream changes. This will prevent the 'Invalid URI in request OPTIONS *' messages in the error log. [bnc#722545]

- new sysconfig variable APACHE_DISABLE_SSL_COMPRESSION;
if set to on, OPENSSL_NO_DEFAULT_ZLIB will be inherited to the apache process; openssl will then transparently disable compression. This change affects start script and sysconfig fillup template. Default is on, SSL compression disabled. Please see mod_deflate for compressed transfer at http layer. [bnc#782956]

Solution

Apply SAT patch number 7409.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=722545

https://bugzilla.novell.com/show_bug.cgi?id=757710

https://bugzilla.novell.com/show_bug.cgi?id=774045

https://bugzilla.novell.com/show_bug.cgi?id=777260

https://bugzilla.novell.com/show_bug.cgi?id=782956

https://bugzilla.novell.com/show_bug.cgi?id=788121

https://bugzilla.novell.com/show_bug.cgi?id=793004

https://bugzilla.novell.com/show_bug.cgi?id=798733

http://support.novell.com/security/cve/CVE-2011-3368.html

http://support.novell.com/security/cve/CVE-2011-4317.html

http://support.novell.com/security/cve/CVE-2012-0021.html

http://support.novell.com/security/cve/CVE-2012-0883.html

http://support.novell.com/security/cve/CVE-2012-2687.html

http://support.novell.com/security/cve/CVE-2012-4557.html

Plugin Details

Severity: Medium

ID: 65023

File Name: suse_11_apache2-130225.nasl

Version: 1.8

Type: local

Agent: unix

Published: 2013/03/05

Updated: 2020/06/04

Dependencies: 12634

Risk Information

Risk Factor: Medium

VPR Score: 5.9

CVSS v2.0

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:apache2, p-cpe:/a:novell:suse_linux:11:apache2-doc, p-cpe:/a:novell:suse_linux:11:apache2-example-pages, p-cpe:/a:novell:suse_linux:11:apache2-prefork, p-cpe:/a:novell:suse_linux:11:apache2-utils, p-cpe:/a:novell:suse_linux:11:apache2-worker, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2013/02/25

Reference Information

CVE: CVE-2011-3368, CVE-2011-4317, CVE-2012-0021, CVE-2012-0883, CVE-2012-2687, CVE-2012-4557