Vulnerabilities > CVE-2014-3525 - Unspecified vulnerability in Apache Traffic Server

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

apache

nessus

NVD

Published: 2014-08-22

Updated: 2024-11-21

Summary

Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, 4.x before 4.2.1.1, and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks.

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache Traffic Server 3.1.4 Apache Traffic Server 2.1.1 Apache Traffic Server 3.3.3 Apache Traffic Server 2.1.8 Apache Traffic Server 2.1.0 Apache Traffic Server 2.0.1 Apache Traffic Server 2.1.7 Apache Traffic Server 4.0.1 Apache Traffic Server 3.3.0 Apache Traffic Server 3.1.1 Apache Traffic Server 3.1.3 Apache Traffic Server 2.1.5 Apache Traffic Server 4.2.0 Apache Traffic Server 3.0.3 Apache Traffic Server 2.1.3 Apache Traffic Server 3.0.0 Apache Traffic Server 2.1.4 Apache Traffic Server 4.1.0 Apache Traffic Server 2.1.6 Apache Traffic Server 4.2.1 Apache Traffic Server 3.3.1 Apache Traffic Server 5.0.0 Apache Traffic Server 3.0.2 Apache Traffic Server 3.3.4 Apache Traffic Server 3.1.0 Apache Traffic Server 3.3.5 Apache Traffic Server 2.0.0 Apache Traffic Server 3.1.2 Apache Traffic Server 2.1.9 Apache Traffic Server 3.0.1 Apache Traffic Server 3.2.0 Apache Traffic Server 3.0.4 Apache Traffic Server 2.1.2 Apache Traffic Server 3.3.2	35

Nessus

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2015-10524.NASL
description	https://cwiki.apache.org/confluence/display/TS/What%27s+New+in+v5.3.x Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2015-07-06
plugin id	84517
published	2015-07-06
reporter	This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/84517
title	Fedora 22 : trafficserver-5.3.0-1.fc22 (2015-10524)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2015-10524. # include("compat.inc"); if (description) { script_id(84517); script_version("2.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-3525"); script_xref(name:"FEDORA", value:"2015-10524"); script_name(english:"Fedora 22 : trafficserver-5.3.0-1.fc22 (2015-10524)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "https://cwiki.apache.org/confluence/display/TS/What%27s+New+in+v5.3.x Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1102559" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1103173" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1103174" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1133387" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1179204" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1179205" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=955127" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=994224" ); # https://cwiki.apache.org/confluence/display/TS/What%27s+New+in+v5.3.x script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?faef1c1b" ); # https://lists.fedoraproject.org/pipermail/package-announce/2015-July/161337.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?20fb325d" ); script_set_attribute( attribute:"solution", value:"Update the affected trafficserver package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:trafficserver"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:22"); script_set_attribute(attribute:"patch_publication_date", value:"2015/06/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^22([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 22.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC22", reference:"trafficserver-5.3.0-1.fc22")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "trafficserver"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2015-10520.NASL
description	https://cwiki.apache.org/confluence/display/TS/What%27s+New+in+v5.3.x Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2015-07-06
plugin id	84516
published	2015-07-06
reporter	This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/84516
title	Fedora 21 : trafficserver-5.3.0-1.fc21 (2015-10520)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2014-8790.NASL
description	Fix CVE-2014-3525. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2014-08-09
plugin id	77094
published	2014-08-09
reporter	This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/77094
title	Fedora 20 : trafficserver-4.2.1.1-0.fc20 (2014-8790)

NASL family	Web Servers
NASL id	APACHE_TRAFFIC_SERVER_501.NASL
description	According to its banner, the version of Apache Traffic Server running on the remote host is prior to 4.2.1.1 / 5.0.1. It is, therefore, affected by an unspecified vulnerability related to synthetic health checks. Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	80917
published	2015-01-22
reporter	This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/80917
title	Apache Traffic Server 4.x < 4.2.1.1 / 5.x < 5.0.1 Synthetic Health Check Vulnerability

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_6318B303350711E4B76C0011D823EEBD.NASL
description	Bryan Call reports : Below is our announcement for the security issue reported to us from Yahoo! Japan. All versions of Apache Traffic Server are vulnerable. We urge users to upgrade to either 4.2.1.1 or 5.0.1 immediately. This fixes CVE-2014-3525 and limits access to how the health checks are performed.
last seen	2020-06-01
modified	2020-06-02
plugin id	77560
published	2014-09-08
reporter	This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/77560
title	FreeBSD : trafficserver -- unspecified vulnerability (6318b303-3507-11e4-b76c-0011d823eebd)

Summary

Vulnerable Configurations

Nessus

References