Tenable SecurityCenter Multiple Apache Vulnerabilities (TNS-2015-11)

medium Nessus Plugin ID 85628
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote application is affected by multiple vulnerabilities.

Description

The Tenable SecurityCenter application installed on the remote host contains a bundled version of Apache HTTP Server prior to 2.4.16. It is, therefore, affected by the following vulnerabilities :

- A flaw exists in the chunked transfer coding implementation in http_filters.c. due to a failure to properly parse chunk headers when handling large chunk-size values and invalid chunk-extension characters. A remote attacker can exploit this, via a crafted request, to carry out HTTP request smuggling, potentially resulting in cache poisoning or the hijacking of credentials. (CVE-2015-3183)

- A security bypass vulnerability exists due to a failure in the ap_some_auth_required() function in request.c to consider that a Require directive may be associated with an authorization setting instead of an authentication setting. A remote attacker can exploit this, by leveraging the presence of a module that relies on the 2.2 API behavior, to bypass intended access restrictions under certain circumstances.
(CVE-2015-3185)

Note that the 4.x version of SecurityCenter is impacted only by CVE-2015-3183. The 5.x version is impacted by both CVE-2015-3183 and CVE-2015-3185

Solution

Apply the relevant patch for version 4.7.1 / 4.8.2 as referenced in the vendor advisory. Alternatively, upgrade to Tenable SecurityCenter version 5.0.2.

See Also

https://www.tenable.com/security/tns-2015-11

http://www.apache.org/dist/httpd/Announcement2.2.html

http://www.apache.org/dist/httpd/Announcement2.4.html

Plugin Details

Severity: Medium

ID: 85628

File Name: securitycenter_apache_2_4_16.nasl

Version: 1.19

Type: combined

Agent: unix

Family: Web Servers

Published: 8/25/2015

Updated: 10/9/2020

Dependencies: securitycenter_installed.nbin, securitycenter_detect.nbin

Risk Information

CVSS Score Source: CVE-2015-3183

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 5.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:tenable:securitycenter

Required KB Items: Host/SecurityCenter/Version, installed_sw/SecurityCenter, Host/local_checks_enabled

Exploit Ease: No known exploits are available

Patch Publication Date: 8/20/2015

Vulnerability Publication Date: 6/8/2015

Reference Information

CVE: CVE-2015-3183, CVE-2015-3185

BID: 75963, 75965