Here is summary of the scanned vulnerabilities and their analysis:
1) 86727 - Apache Mod_IMAP Referer Cross-Site Scripting Vulnerability
Analysis:
- The WebServer is not built with mod_imap in RSA Certificate Manager (RCM) and RSA Registration Manager (RRM) 6.7. Here is the list from RCM and RRM's Apache:-
apache.exe -l
Compiled-in modules:
http_core.c
mod_so.c
mod_mime.c
mod_access.c
mod_auth.c
mod_negotiation.c
mod_include.c
mod_autoindex.c
mod_dir.c
mod_cgi.c
mod_gencert.c
mod_userdir.c
mod_alias.c
mod_rewrite.c
mod_env.c
mod_log_config.c
mod_asis.c
mod_actions.c
mod_xudaacl.c
mod_setenvif.c
mod_isapi.c
mod_ssl.c
2) 86695 - Apache Mod_SSL Log Function Format String Vulnerability (1)
Analysis:
- The WebServer in 6.7 is not built with mod_proxy and the document mentions that the offending call is implemented in mod_proxy hook functions.
- This is issue is reported with Apache 1.3.30/mod_ssl 2.8.18. This is fixed in mod_ssl 2.8.19-1.3.31. The WebServer version in 6.7 is Apache 1.3.33/mod_ssl 2.8.22. This problem does not exist in RCM and RRM 6.7.
3) 86731 - Multiple Apache Web Server (1.3.26 and Earlier) Vulnerabilities
Analysis:
- The vulnerabilities CVE-2002-0843 and CVE-2002-0839 are reported in older versions of Apache. Since the current Apache version is 1.3.33, this problem does not exist in RCM and RRM 6.7.
4) EXT-M-005: Apache SSLVerifyClient Bypass Restrictions
Analysis:
- This parameter is not configured as a global parameter in httpd.conf and is configured per virtual host. This problem does not occur in RCM and RRM 6.7.
5) EXT-M-006: mod_ssl ssl_engine_ext Format String Error
Analysis:
- This problem is reported for mod_ssl versions before 2.8.19. The 6.7 webserver is using 2.8.22. This problem is not applicable to RCM and RRM 6.7.
|
