Detections
Analytics
Amazon Linux AMI : subversion / mod_dav_svn (ALAS-2017-794)
medium Nessus Plugin ID 97024
Language:
Synopsis
The remote Amazon Linux AMI host is missing a security update.Description
It was discovered that Subversion's mod_dontdothat module and Subversion clients using http(s):// are vulnerable to a denial-of-service attack caused by exponential XML entity expansion.An authenticated remote attacker can cause denial-of-service conditions on the server using mod_dontdothat by sending a specially crafted REPORT request. The attack does not require access to a particular repository.
Solution
Run 'yum update subversion' to update your system.Run 'yum update mod_dav_svn' to update your system.
See Also
Plugin Details
Severity: Medium
ID: 97024
File Name: ala_ALAS-2017-794.nasl
Version: 3.4
Type: local
Agent: unix
Published: 2/7/2017
Updated: 4/18/2018
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 4
Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P
CVSS v3
Risk Factor: Medium
Base Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vulnerability Information
CPE: p-cpe:/a:amazon:linux:mod24_dav_svn, p-cpe:/a:amazon:linux:mod_dav_svn, p-cpe:/a:amazon:linux:mod_dav_svn-debuginfo, p-cpe:/a:amazon:linux:subversion, p-cpe:/a:amazon:linux:subversion-debuginfo, p-cpe:/a:amazon:linux:subversion-devel, p-cpe:/a:amazon:linux:subversion-javahl, p-cpe:/a:amazon:linux:subversion-libs, p-cpe:/a:amazon:linux:subversion-perl, p-cpe:/a:amazon:linux:subversion-python26, p-cpe:/a:amazon:linux:subversion-python27, p-cpe:/a:amazon:linux:subversion-ruby, p-cpe:/a:amazon:linux:subversion-tools, cpe:/o:amazon:linux
Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list
Patch Publication Date: 2/6/2017
Reference Information
CVE: CVE-2016-8734
ALAS: 2017-794