Detections
Analytics
Amazon Linux AMI : subversion (ALAS-2013-269)
low Nessus Plugin ID 71581
Language:
Synopsis
The remote Amazon Linux AMI host is missing a security update.Description
The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request.The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service (assertion failure and Apache process abort) via a non-canonical URL in a request, as demonstrated using a trailing /.
Solution
Run 'yum update subversion' to update your system.See Also
Plugin Details
Severity: Low
ID: 71581
File Name: ala_ALAS-2013-269.nasl
Version: 1.4
Type: local
Agent: unix
Published: 12/23/2013
Updated: 4/18/2018
Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Low
Base Score: 3.5
Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:P
Vulnerability Information
CPE: p-cpe:/a:amazon:linux:mod_dav_svn, p-cpe:/a:amazon:linux:subversion, p-cpe:/a:amazon:linux:subversion-debuginfo, p-cpe:/a:amazon:linux:subversion-devel, p-cpe:/a:amazon:linux:subversion-javahl, p-cpe:/a:amazon:linux:subversion-libs, p-cpe:/a:amazon:linux:subversion-perl, p-cpe:/a:amazon:linux:subversion-python, p-cpe:/a:amazon:linux:subversion-ruby, p-cpe:/a:amazon:linux:subversion-tools, cpe:/o:amazon:linux
Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list
Patch Publication Date: 12/17/2013
Reference Information
CVE: CVE-2013-4505, CVE-2013-4558
ALAS: 2013-269