FreeBSD : trafficserver -- unspecified vulnerability (6318b303-3507-11e4-b76c-0011d823eebd)

critical Nessus Plugin ID 77560

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Bryan Call reports :

Below is our announcement for the security issue reported to us from Yahoo! Japan. All versions of Apache Traffic Server are vulnerable. We urge users to upgrade to either 4.2.1.1 or 5.0.1 immediately.

This fixes CVE-2014-3525 and limits access to how the health checks are performed.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?7e1b465e

http://www.nessus.org/u?362dd9c8

Plugin Details

Severity: Critical

ID: 77560

File Name: freebsd_pkg_6318b303350711e4b76c0011d823eebd.nasl

Version: 1.4

Type: local

Published: 9/8/2014

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:trafficserver, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 9/5/2014

Vulnerability Publication Date: 7/23/2014

Reference Information

CVE: CVE-2014-3525