Here is summary of the scanned vulnerabilities and their analysis: 1) 86727 - Apache Mod_IMAP Referer Cross-Site Scripting Vulnerability Analysis: - The WebServer is not built with mod_imap in RSA Certificate Manager (RCM) and RSA Registration Manager (RRM) 6.7. Here is the list from RCM and RRM's Apache:- apache.exe -l Compiled-in modules: http_core.c mod_so.c mod_mime.c mod_access.c mod_auth.c mod_negotiation.c mod_include.c mod_autoindex.c mod_dir.c mod_cgi.c mod_gencert.c mod_userdir.c mod_alias.c mod_rewrite.c mod_env.c mod_log_config.c mod_asis.c mod_actions.c mod_xudaacl.c mod_setenvif.c mod_isapi.c mod_ssl.c 2) 86695 - Apache Mod_SSL Log Function Format String Vulnerability (1) Analysis: - The WebServer in 6.7 is not built with mod_proxy and the document mentions that the offending call is implemented in mod_proxy hook functions. - This is issue is reported with Apache 1.3.30/mod_ssl 2.8.18. This is fixed in mod_ssl 2.8.19-1.3.31. The WebServer version in 6.7 is Apache 1.3.33/mod_ssl 2.8.22. This problem does not exist in RCM and RRM 6.7. 3) 86731 - Multiple Apache Web Server (1.3.26 and Earlier) Vulnerabilities Analysis: - The vulnerabilities CVE-2002-0843 and CVE-2002-0839 are reported in older versions of Apache. Since the current Apache version is 1.3.33, this problem does not exist in RCM and RRM 6.7. 4) EXT-M-005: Apache SSLVerifyClient Bypass Restrictions Analysis: - This parameter is not configured as a global parameter in httpd.conf and is configured per virtual host. This problem does not occur in RCM and RRM 6.7. 5) EXT-M-006: mod_ssl ssl_engine_ext Format String Error Analysis: - This problem is reported for mod_ssl versions before 2.8.19. The 6.7 webserver is using 2.8.22. This problem is not applicable to RCM and RRM 6.7.
|