Detections
Analytics
Oracle Solaris Third-Party Patch Update : apache (cve_2013_1896_denial_of)
medium Nessus Plugin ID 80585
Language:
Synopsis
The remote Solaris system is missing a security patch for third-party software.Description
The remote Solaris system is missing necessary patches to address security updates :- Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
(CVE-2012-3499)
- mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. (CVE-2013-1862)
- mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI. (CVE-2013-1896)
Solution
Upgrade to Solaris 11.1.11.4.0.See Also
Plugin Details
Severity: Medium
ID: 80585
File Name: solaris11_apache_20131015.nasl
Version: 1.4
Type: local
Family: Solaris Local Security Checks
Published: 1/19/2015
Updated: 1/14/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.4
CVSS v2
Risk Factor: Medium
Base Score: 5.1
Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/o:oracle:solaris:11.1, p-cpe:/a:oracle:solaris:apache
Required KB Items: Host/local_checks_enabled, Host/Solaris11/release, Host/Solaris11/pkg-list
Patch Publication Date: 10/15/2013