Detections
Analytics
openSUSE Security Update : apache2 (openSUSE-SU-2013:0243-1)
medium Nessus Plugin ID 75181
Language:
Synopsis
The remote openSUSE host is missing a security update.Description
- ignore case when checking against SNI server names.[bnc#798733] httpd-2.2.x-bnc798733-SNI_ignorecase.diff
- better cleanup of busy count after recovering from failure [bnc#789828] httpd-2.2.x-bnc789828-mod_balancer.diff
- httpd-2.2.x-bnc788121-CVE-2012-4557-mod_proxy_ajp_timeout.diff:
backend timeouts should not affect the entire worker. [bnc#788121]
- httpd-2.2.x-envvars.diff obsoletes httpd-2.0.54-envvars.dif:
Fix for low profile bug CVE-2012-0883 about improper LD_LIBRARY_PATH handling. [bnc#757710]
- httpd-2.2.x-bnc777260-CVE-2012-2687-mod_negotiation_filename_xss.diff Escape filename for the case that uploads are allowed with untrusted user's control over filenames and mod_negotiation enabled on the same directory. CVE-2012-2687 [bnc#777260]
- httpd-2.2.x-CVE-2011-3368_CVE-2011-4317-bnc722545.diff reworked to reflect the upstream changes. This will prevent the 'Invalid URI in request OPTIONS *' messages in the error log. [bnc#722545]
Solution
Update the affected apache2 packages.See Also
https://bugzilla.novell.com/show_bug.cgi?id=722545
https://bugzilla.novell.com/show_bug.cgi?id=757710
https://bugzilla.novell.com/show_bug.cgi?id=777260
https://bugzilla.novell.com/show_bug.cgi?id=788121
https://bugzilla.novell.com/show_bug.cgi?id=789828
https://bugzilla.novell.com/show_bug.cgi?id=798733
https://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html
Plugin Details
Severity: Medium
ID: 75181
File Name: openSUSE-2013-80.nasl
Version: 1.7
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 6/13/2014
Updated: 1/19/2021
Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6.9
Temporal Score: 5.4
Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:novell:opensuse:apache2-devel, p-cpe:/a:novell:opensuse:apache2-debuginfo, p-cpe:/a:novell:opensuse:apache2-prefork, p-cpe:/a:novell:opensuse:apache2-worker, p-cpe:/a:novell:opensuse:apache2-utils, p-cpe:/a:novell:opensuse:apache2-utils-debuginfo, p-cpe:/a:novell:opensuse:apache2-example-pages, p-cpe:/a:novell:opensuse:apache2-itk-debuginfo, p-cpe:/a:novell:opensuse:apache2, p-cpe:/a:novell:opensuse:apache2-itk, p-cpe:/a:novell:opensuse:apache2-worker-debuginfo, cpe:/o:novell:opensuse:12.1, p-cpe:/a:novell:opensuse:apache2-event, p-cpe:/a:novell:opensuse:apache2-debugsource, p-cpe:/a:novell:opensuse:apache2-prefork-debuginfo, p-cpe:/a:novell:opensuse:apache2-event-debuginfo
Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 1/29/2013
Reference Information
CVE: CVE-2011-3368, CVE-2011-4317, CVE-2012-0883, CVE-2012-2687, CVE-2012-4557