ID

VAR-201306-0226

CVE

CVE-2013-1862

TITLE

Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability

DESCRIPTION

mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. Apache HTTP Server is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input. Attackers can exploit this issue to execute arbitrary commands in the context of the application. Release Date: 2013-09-18 Last Updated: 2013-09-18 Potential Security Impact: Remote execution of arbitrary code and Denial of Service (DoS). Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX Apache Web Server. These vulnerabilities could be exploited remotely to execute arbitrary code or create a Denial of Service (DoS). References: CVE-2013-1862, CVE-2013-1896 (SSRT101288) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.27 or earlier BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2013-1862 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 5.1 CVE-2013-1896 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following software updates to resolve the vulnerabilities. The updates are available for download from http://software.hp.com HP-UX Web Server Suite v3.28 containing Apache v2.2.15.16 HP-UX 11i Release Apache Depot name B.11.23 (32-bit) HPUXWS22ATW-B328-11-23-32.depot B.11.23 (64-bit) HPUXWS22ATW-B328-11-23-64.depot B.11.31 (32-bit) HPUXWS22ATW-B328-11-31-32.depot B.11.31 (64-bit) HPUXWS22ATW-B328-11-31-64.depot MANUAL ACTIONS: Yes - Update Install HP-UX Web Server Suite v3.28 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.23 ============== hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2 action: install revision B.2.2.15.16 or subsequent HP-UX B.11.31 ================== hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2 action: install revision B.2.2.15.16 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 18 September 2013 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2013 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Description: Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.1.0, and includes bug fixes and enhancements. Refer to the 6.1.1 Release Notes for information on the most significant of these changes, available shortly from https://access.redhat.com/site/documentation/ Security fixes: Cross-site scripting (XSS) flaws were found in the mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. (CVE-2012-4558) A flaw was found in the way the mod_dav module handled merge requests. An attacker could use this flaw to send a crafted merge request that contains URIs that are not configured for DAV, causing the httpd child process to crash. (CVE-2013-1896) A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially-crafted XML signature block. (CVE-2013-1862) The data file used by PicketBox Vault to store encrypted passwords contains a copy of its own admin key. The file is encrypted using only this admin key, not the corresponding JKS key. A local attacker with permission to read the vault data file could read the admin key from the file, and use it to decrypt the file and read the stored passwords in clear text. (CVE-2013-1921) A flaw was found in JGroup's DiagnosticsHandler that allowed an attacker on an adjacent network to reuse the credentials from a previous successful authentication. This could be exploited to read diagnostic information (information disclosure) and attain limited remote code execution. Refer to the Solution section for further details. The JBoss server process must be restarted for the update to take effect. On update, the configuration files that have been locally modified will not be updated. The updated version of such files will be stored as the rpmnew files. Make sure to locate any such files after the update and merge any changes manually. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: httpd security update Advisory ID: RHSA-2013:0815-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0815.html Issue date: 2013-05-13 CVE Names: CVE-2012-3499 CVE-2012-4558 CVE-2013-1862 ===================================================================== 1. Summary: Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 3. Description: The Apache HTTP Server is a popular web server. Cross-site scripting (XSS) flaws were found in the mod_proxy_balancer module's manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's manager interface session. (CVE-2012-4558) It was found that mod_rewrite did not filter terminal escape sequences from its log file. (CVE-2013-1862) Cross-site scripting (XSS) flaws were found in the mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An attacker could possibly use these flaws to perform XSS attacks if they were able to make the victim's browser generate an HTTP request with a specially-crafted Host header. (CVE-2012-3499) All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 915883 - CVE-2012-3499 httpd: multiple XSS flaws due to unescaped hostnames 915884 - CVE-2012-4558 httpd: XSS flaw in mod_proxy_balancer manager interface 953729 - CVE-2013-1862 httpd: mod_rewrite allows terminal escape sequences to be written to the log file 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-78.el5_9.src.rpm i386: httpd-2.2.3-78.el5_9.i386.rpm httpd-debuginfo-2.2.3-78.el5_9.i386.rpm mod_ssl-2.2.3-78.el5_9.i386.rpm x86_64: httpd-2.2.3-78.el5_9.x86_64.rpm httpd-debuginfo-2.2.3-78.el5_9.x86_64.rpm mod_ssl-2.2.3-78.el5_9.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-78.el5_9.src.rpm i386: httpd-debuginfo-2.2.3-78.el5_9.i386.rpm httpd-devel-2.2.3-78.el5_9.i386.rpm httpd-manual-2.2.3-78.el5_9.i386.rpm x86_64: httpd-debuginfo-2.2.3-78.el5_9.i386.rpm httpd-debuginfo-2.2.3-78.el5_9.x86_64.rpm httpd-devel-2.2.3-78.el5_9.i386.rpm httpd-devel-2.2.3-78.el5_9.x86_64.rpm httpd-manual-2.2.3-78.el5_9.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/httpd-2.2.3-78.el5_9.src.rpm i386: httpd-2.2.3-78.el5_9.i386.rpm httpd-debuginfo-2.2.3-78.el5_9.i386.rpm httpd-devel-2.2.3-78.el5_9.i386.rpm httpd-manual-2.2.3-78.el5_9.i386.rpm mod_ssl-2.2.3-78.el5_9.i386.rpm ia64: httpd-2.2.3-78.el5_9.ia64.rpm httpd-debuginfo-2.2.3-78.el5_9.ia64.rpm httpd-devel-2.2.3-78.el5_9.ia64.rpm httpd-manual-2.2.3-78.el5_9.ia64.rpm mod_ssl-2.2.3-78.el5_9.ia64.rpm ppc: httpd-2.2.3-78.el5_9.ppc.rpm httpd-debuginfo-2.2.3-78.el5_9.ppc.rpm httpd-debuginfo-2.2.3-78.el5_9.ppc64.rpm httpd-devel-2.2.3-78.el5_9.ppc.rpm httpd-devel-2.2.3-78.el5_9.ppc64.rpm httpd-manual-2.2.3-78.el5_9.ppc.rpm mod_ssl-2.2.3-78.el5_9.ppc.rpm s390x: httpd-2.2.3-78.el5_9.s390x.rpm httpd-debuginfo-2.2.3-78.el5_9.s390.rpm httpd-debuginfo-2.2.3-78.el5_9.s390x.rpm httpd-devel-2.2.3-78.el5_9.s390.rpm httpd-devel-2.2.3-78.el5_9.s390x.rpm httpd-manual-2.2.3-78.el5_9.s390x.rpm mod_ssl-2.2.3-78.el5_9.s390x.rpm x86_64: httpd-2.2.3-78.el5_9.x86_64.rpm httpd-debuginfo-2.2.3-78.el5_9.i386.rpm httpd-debuginfo-2.2.3-78.el5_9.x86_64.rpm httpd-devel-2.2.3-78.el5_9.i386.rpm httpd-devel-2.2.3-78.el5_9.x86_64.rpm httpd-manual-2.2.3-78.el5_9.x86_64.rpm mod_ssl-2.2.3-78.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/httpd-2.2.15-28.el6_4.src.rpm i386: httpd-2.2.15-28.el6_4.i686.rpm httpd-debuginfo-2.2.15-28.el6_4.i686.rpm httpd-tools-2.2.15-28.el6_4.i686.rpm x86_64: httpd-2.2.15-28.el6_4.x86_64.rpm httpd-debuginfo-2.2.15-28.el6_4.x86_64.rpm httpd-tools-2.2.15-28.el6_4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/httpd-2.2.15-28.el6_4.src.rpm i386: httpd-debuginfo-2.2.15-28.el6_4.i686.rpm httpd-devel-2.2.15-28.el6_4.i686.rpm mod_ssl-2.2.15-28.el6_4.i686.rpm noarch: httpd-manual-2.2.15-28.el6_4.noarch.rpm x86_64: httpd-debuginfo-2.2.15-28.el6_4.i686.rpm httpd-debuginfo-2.2.15-28.el6_4.x86_64.rpm httpd-devel-2.2.15-28.el6_4.i686.rpm httpd-devel-2.2.15-28.el6_4.x86_64.rpm mod_ssl-2.2.15-28.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/httpd-2.2.15-28.el6_4.src.rpm x86_64: httpd-2.2.15-28.el6_4.x86_64.rpm httpd-debuginfo-2.2.15-28.el6_4.x86_64.rpm httpd-tools-2.2.15-28.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/httpd-2.2.15-28.el6_4.src.rpm noarch: httpd-manual-2.2.15-28.el6_4.noarch.rpm x86_64: httpd-debuginfo-2.2.15-28.el6_4.i686.rpm httpd-debuginfo-2.2.15-28.el6_4.x86_64.rpm httpd-devel-2.2.15-28.el6_4.i686.rpm httpd-devel-2.2.15-28.el6_4.x86_64.rpm mod_ssl-2.2.15-28.el6_4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/httpd-2.2.15-28.el6_4.src.rpm i386: httpd-2.2.15-28.el6_4.i686.rpm httpd-debuginfo-2.2.15-28.el6_4.i686.rpm httpd-devel-2.2.15-28.el6_4.i686.rpm httpd-tools-2.2.15-28.el6_4.i686.rpm mod_ssl-2.2.15-28.el6_4.i686.rpm noarch: httpd-manual-2.2.15-28.el6_4.noarch.rpm ppc64: httpd-2.2.15-28.el6_4.ppc64.rpm httpd-debuginfo-2.2.15-28.el6_4.ppc.rpm httpd-debuginfo-2.2.15-28.el6_4.ppc64.rpm httpd-devel-2.2.15-28.el6_4.ppc.rpm httpd-devel-2.2.15-28.el6_4.ppc64.rpm httpd-tools-2.2.15-28.el6_4.ppc64.rpm mod_ssl-2.2.15-28.el6_4.ppc64.rpm s390x: httpd-2.2.15-28.el6_4.s390x.rpm httpd-debuginfo-2.2.15-28.el6_4.s390.rpm httpd-debuginfo-2.2.15-28.el6_4.s390x.rpm httpd-devel-2.2.15-28.el6_4.s390.rpm httpd-devel-2.2.15-28.el6_4.s390x.rpm httpd-tools-2.2.15-28.el6_4.s390x.rpm mod_ssl-2.2.15-28.el6_4.s390x.rpm x86_64: httpd-2.2.15-28.el6_4.x86_64.rpm httpd-debuginfo-2.2.15-28.el6_4.i686.rpm httpd-debuginfo-2.2.15-28.el6_4.x86_64.rpm httpd-devel-2.2.15-28.el6_4.i686.rpm httpd-devel-2.2.15-28.el6_4.x86_64.rpm httpd-tools-2.2.15-28.el6_4.x86_64.rpm mod_ssl-2.2.15-28.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/httpd-2.2.15-28.el6_4.src.rpm i386: httpd-2.2.15-28.el6_4.i686.rpm httpd-debuginfo-2.2.15-28.el6_4.i686.rpm httpd-devel-2.2.15-28.el6_4.i686.rpm httpd-tools-2.2.15-28.el6_4.i686.rpm mod_ssl-2.2.15-28.el6_4.i686.rpm noarch: httpd-manual-2.2.15-28.el6_4.noarch.rpm x86_64: httpd-2.2.15-28.el6_4.x86_64.rpm httpd-debuginfo-2.2.15-28.el6_4.i686.rpm httpd-debuginfo-2.2.15-28.el6_4.x86_64.rpm httpd-devel-2.2.15-28.el6_4.i686.rpm httpd-devel-2.2.15-28.el6_4.x86_64.rpm httpd-tools-2.2.15-28.el6_4.x86_64.rpm mod_ssl-2.2.15-28.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3499.html https://www.redhat.com/security/data/cve/CVE-2012-4558.html https://www.redhat.com/security/data/cve/CVE-2013-1862.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRkStkXlSAg2UNWIIRAjqUAKC32RL1vwpATVk/Br3oSVd4O798twCglqcU SUNZGJOLZsJPZ1ahPENC8lg= =9n3X -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-043: RSA\xae Validation Manager Security Update for Multiple Vulnerabilities EMC Identifier: ESA-2015-043 CVE Identifier: CVE-2014-3566, CVE-2014-0098, CVE-2014-0231, CVE-2014-0226, CVE-2013-1862, CVE-2012-3499, CVE-2015-0526, CVE-2013-2566 Severity Rating: CVSSv2 Base Score: See below for details Affected Products: RSA Validation Manager 3.2 prior to Build 201 Unaffected Products: RSA Validation Manager 3.2 Build 201 or above Summary: RSA Validation Manager (RVM) requires a security update to address potential multiple vulnerabilities. Details: RSA Validation Manager (RVM) contains security fixes to address the following vulnerabilities: CVE-2014-3566:The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566 for more details. CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2014-0098: The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation. See http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0098 for more details. See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0231 CVSSv2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2014-0226: Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c. See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0226for more details. See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1862 for more details. See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3499 for more details. CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2013-2566: The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext. See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2566 for more details. CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) Reflected Cross-Site Scripting Vulnerability (CVE-2015-0526): A cross-site scripting vulnerability affecting the displayMode and wrapPreDisplayMode parameter could potentially be exploited by an attacker to execute arbitrary HTML and script code in RVM user\x92s browser session. CVSSv2 Base Score:7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm. To search for a particular CVE, use the database\x92s search utility at http://web.nvd.nist.gov/view/vuln/search. Recommendation: The following RVM release contains the resolution to these issues: RSA Validation Manager 3.2 Build 201 or later RSA recommends all customers upgrade to the version mentioned above at the earliest opportunity. Credit: RSA would like to thank Ken Cijsouw (ken.cijsouw@sincerus.nl) for reporting CVE-2015-0526. Obtaining Downloads: To obtain the latest RSA product downloads, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose download you want to obtain. Scroll to the section for the product download that you want and click on the link. Obtaining Documentation: To obtain RSA documentation, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose documentation you want to obtain. Scroll to the section for the product version that you want and click the set link. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. Obtaining More Information: For more information about RSA products, visit the RSA web site at http://www.rsa.com. Getting Support and Service: For customers with current maintenance contracts, contact your local RSA Customer Support center with any additional questions regarding this RSA SecurCare Note. For contact telephone numbers or e-mail addresses, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com, click Help & Contact, and then click the Contact Us - Phone tab or the Contact Us - Email tab. General Customer Support Information: http://www.emc.com/support/rsa/index.htm RSA SecurCare Online: https://knowledge.rsasecurity.com EOPS Policy: RSA has a defined End of Primary Support policy associated with all major versions. http://www.emc.com/support/rsa/eops/index.htm SecurCare Online Security Advisories RSA, The Security Division of EMC, distributes SCOL Security Advisories in order to bring to the attention of users of the affected RSA products important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. RSA disclaim all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall RSA or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. About RSA SecurCare Notes & Security Advisories Subscription RSA SecurCare Notes & Security Advisories are targeted e-mail messages that RSA sends you based on the RSA product family you currently use. If you\x92d like to stop receiving RSA SecurCare Notes & Security Advisories, or if you\x92d like to change which RSA product family Notes & Security Advisories you currently receive, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com/scolcms/help.aspx?_v=view3. Following the instructions on the page, remove the check mark next to the RSA product family whose Notes & Security Advisories you no longer want to receive. Click the Submit button to save your selection. Please review the CVE identifiers and research paper referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Apache HTTP Server users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.2.25" References ========== [ 1 ] CVE-2007-6750 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6750 [ 2 ] CVE-2012-4929 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4929 [ 3 ] CVE-2013-1862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1862 [ 4 ] CVE-2013-1896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1896 [ 5 ] Compression and Information Leakage of Plaintext http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201309-12.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . (CVE-2013-1862) Note: CVE-2013-1862 affects mod_rewrite. In the process of testing this patch, it was found that enabling mod_rewrite on 64-bit versions of Windows Server 2008 and Windows Server 2008 R2 running Red Hat JBoss Web Server 2.0.1 could cause an httpd thread to crash, and the httpd process to restart

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

encryption problem

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Joe Orton

SOURCES

LAST UPDATE DATE

2024-09-17T19:59:38.979000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE