KCA Apache web server showing security vulnerability with scan due patch level/version
Originally Published: 2005-03-08
Article Number
Applies To
Microsoft Windows 2000 Server SP4
Apache compiled with ModSSL and OpenSSL
Nessus vulnerability scan
Issue
Customer's scanning tools inform them that the Apache web server is running a patch level/version that contains a security vulnerability
The remote web server appears to be running a version of Apache that is older than version 1.3.33. This version is vulnerable to a local buffer overflow in the get_tag()
function of the module 'mod_include' when a specially crafted document with malformed server-side includes is requested though an HTTP session. Successful exploitation can lead to execution of arbitrary code with escalated privileges, but requires that server-side includes (SSI) is enabled.
Solution: Disable SSI or upgrade to a newer version when available.
Risk factor: Medium
CVE : CAN-2004-0940
BID : 11471
Nessus ID : 15554
The remote host is using a version vulnerable of mod_ssl that is older than 2.8.19. There is a format string condition in the log functions of the remote module which may allow an attacker to execute arbitrary code on the remote host.
*** Some vendors patched older versions of mod_ssl, so this might be a false positive. Check with your vendor to determine if you have a version of mod_ssl that is patched for this vulnerability. ***
Solution : Upgrade to version 2.8.19 or newer
Risk factor : High
CVE : CAN-2004-0700
BID : 10736
Nessus ID : 13651
Resolution
*****
- All of these "vulnerabilities" either reside in features that are disabled in KCA (htpasswd, mod_proxy), or have been addressed in KCA patches
- RSA Security constantly monitors the Apache and vulnerability-tracking communities, and evaluates the impact on KCA of each issue when it arises. Careful analysis is undertaken to determine if KCA is truly vulnerable and, if so, to devise the most effective, fastest, and least disruptive solution to minimize any impact on our customers.
- Quite often, patching a vulnerability in KCA does not entail the installation of a new version of some embedded system (e.g. Apache or mod_ssl), as such "upgrades" generally include many unrelated tweaks and enhancements which can have unforeseen consequences on the KCA product. Rather than drop in a new subsystem and hope for the best, RSA identifies and addresses the specific cause of a vulnerability. By focusing on the root cause, KCA security updates can be released quickly with the lowest risk of introducing other bugs.
- The implication of this approach, however, is that naive scanning tools such as Nessus will raise false-positive alerts in KCA scans, because KCA reports the (technically correct) older version signatures of embedded components.
For more information, see http://vdc-bugzilla.na.rsa.net/show_bug.cgi?id=8958+
Related Articles
Possible Apache vulnerabilities when scanned with McAfee Foundstone Enterprise Number of Views How to respond to Nessus reported OpenSSH Vulnerabilities against the RSA Authentication Manager 8.4 or later Number of Views Authentication Manager version 8.X how to demonstrate no increased risks in RADIUS TCP ports 1812 & 1813 reported vulnerab… Number of Views Best practices for running vulnerability scans against RSA Authentication Manager 8.x Number of Views Spring-related vulnerabilities for RSA Authentication Manager Number of Views
Trending Articles
Downloading RSA Authentication Manager license files or RSA Software token seed records RSA Release Notes for RSA Authentication Manager 8.8 RSA Authentication Manager 8.9 Release Notes (January 2026) Download RSA SecurID Access Cloud User Event audit logs using Cloud Administration REST API CLU RSA SecurID Software Token 5.0.2 for Windows Desktop displays message after reboot due to roaming profile: No token stor…
Don't see what you're looking for?
