Vulnerabilities > CVE-2014-3525 - Unspecified vulnerability in Apache Traffic Server
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN apache
nessus
Summary
Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, 4.x before 4.2.1.1, and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks.
Vulnerable Configurations
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2015-10524.NASL description https://cwiki.apache.org/confluence/display/TS/What%27s+New+in+v5.3.x Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-07-06 plugin id 84517 published 2015-07-06 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84517 title Fedora 22 : trafficserver-5.3.0-1.fc22 (2015-10524) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2015-10524. # include("compat.inc"); if (description) { script_id(84517); script_version("2.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-3525"); script_xref(name:"FEDORA", value:"2015-10524"); script_name(english:"Fedora 22 : trafficserver-5.3.0-1.fc22 (2015-10524)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "https://cwiki.apache.org/confluence/display/TS/What%27s+New+in+v5.3.x Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1102559" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1103173" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1103174" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1133387" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1179204" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1179205" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=955127" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=994224" ); # https://cwiki.apache.org/confluence/display/TS/What%27s+New+in+v5.3.x script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?faef1c1b" ); # https://lists.fedoraproject.org/pipermail/package-announce/2015-July/161337.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?20fb325d" ); script_set_attribute( attribute:"solution", value:"Update the affected trafficserver package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:trafficserver"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:22"); script_set_attribute(attribute:"patch_publication_date", value:"2015/06/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^22([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 22.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC22", reference:"trafficserver-5.3.0-1.fc22")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "trafficserver"); }NASL family Fedora Local Security Checks NASL id FEDORA_2015-10520.NASL description https://cwiki.apache.org/confluence/display/TS/What%27s+New+in+v5.3.x Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-07-06 plugin id 84516 published 2015-07-06 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84516 title Fedora 21 : trafficserver-5.3.0-1.fc21 (2015-10520) NASL family Fedora Local Security Checks NASL id FEDORA_2014-8790.NASL description Fix CVE-2014-3525. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-08-09 plugin id 77094 published 2014-08-09 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77094 title Fedora 20 : trafficserver-4.2.1.1-0.fc20 (2014-8790) NASL family Web Servers NASL id APACHE_TRAFFIC_SERVER_501.NASL description According to its banner, the version of Apache Traffic Server running on the remote host is prior to 4.2.1.1 / 5.0.1. It is, therefore, affected by an unspecified vulnerability related to synthetic health checks. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 80917 published 2015-01-22 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80917 title Apache Traffic Server 4.x < 4.2.1.1 / 5.x < 5.0.1 Synthetic Health Check Vulnerability NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_6318B303350711E4B76C0011D823EEBD.NASL description Bryan Call reports : Below is our announcement for the security issue reported to us from Yahoo! Japan. All versions of Apache Traffic Server are vulnerable. We urge users to upgrade to either 4.2.1.1 or 5.0.1 immediately. This fixes CVE-2014-3525 and limits access to how the health checks are performed. last seen 2020-06-01 modified 2020-06-02 plugin id 77560 published 2014-09-08 reporter This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77560 title FreeBSD : trafficserver -- unspecified vulnerability (6318b303-3507-11e4-b76c-0011d823eebd)