SuSE 10 Security Update : Apache (ZYPP Patch Number 8530)

Medium Nessus Plugin ID 65908

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

Apache2 has been updated to fix multiple XSS flaws.

- Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server potentially allowed remote attackers to inject arbitrary web script or HTML via a crafted string. (CVE-2012-4558)

- Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server allowed remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules. (CVE-2012-3499)

Solution

Apply ZYPP patch number 8530.

See Also

http://support.novell.com/security/cve/CVE-2012-3499.html

http://support.novell.com/security/cve/CVE-2012-4558.html

Plugin Details

Severity: Medium

ID: 65908

File Name: suse_apache2-8530.nasl

Version: Revision: 1.5

Type: local

Agent: unix

Published: 2013/04/10

Updated: 2013/09/15

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Patch Publication Date: 2013/03/27

Reference Information

CVE: CVE-2012-3499, CVE-2012-4558