Amazon Linux AMI : httpd (ALAS-2015-578)

Medium Nessus Plugin ID 85451

Synopsis

The remote Amazon Linux AMI host is missing a security update.

Description

Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks.

Solution

Run 'yum update httpd' to update your system.

See Also

https://alas.aws.amazon.com/ALAS-2015-578.html

Plugin Details

Severity: Medium

ID: 85451

File Name: ala_ALAS-2015-578.nasl

Version: 2.4

Type: local

Agent: unix

Published: 2015/08/18

Updated: 2018/04/18

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:httpd, p-cpe:/a:amazon:linux:httpd-debuginfo, p-cpe:/a:amazon:linux:httpd-devel, p-cpe:/a:amazon:linux:httpd-manual, p-cpe:/a:amazon:linux:httpd-tools, p-cpe:/a:amazon:linux:mod_ssl, cpe:/o:amazon:linux

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Patch Publication Date: 2015/08/17

Reference Information

CVE: CVE-2015-3183

ALAS: 2015-578