Академический Документы
Профессиональный Документы
Культура Документы
Release 7.5
FireEye and the FireEye logo are registered trademarks of FireEye, Inc. in the United
States and other countries. All other trademarks are the property of their respective
owners.
FireEye assumes no responsibility for any inaccuracies in this document. FireEye reserves
the right to change, modify, transfer, or otherwise revise this publication without notice.
Copyright © 2015 FireEye, Inc. All rights reserved.
Vulnerabilities Report
Release 7.5
Version 4
Introduction 1
Scan Parameters 1
Vulnerability Summary 2
Vulnerability Summary from Previous Releases 2
Vulnerability Details 4
High-Level Vulnerabilities 5
Medium-Level Vulnerabilities 7
References 12
© 2015 FireEye i
Release 7.5 Introduction
Introduction
This document provides an explanation of the findings in the vulnerability scan reports generated
via the QualysGuard Security Scanner product version 7.11.20-1. This document also includes
findings that were collected via manual analysis and field reports.
In the scan reports generated by QualysGuard, SNMP versions 1 and 2 are supported
for backward compatibility. However, SNMP version 3 needs to be used for authen-
tication.
CVE-2014-9295 has already been patched.
CVE-2015-0235 has already been patched.
These vulnerabilities have been addressed in version 7.5.1. To patch these
vulnerabilities for release 7.4.x and earlier, download hotfix images from FireEye
Technical Support. The hotfix ensures that the current installed binary is patched and
not vulnerable to an attack, as described in the CVEs. For backward compatibility, the
version number is not changed. Common vulnerability assessment tools and scanners,
which validate binary version numbers, might report that FireEye is still vulnerable to
these CVEs after the hotfix images are applied.
Scan Parameters
Scanner QualysGuard Security Scanner
Options: All
Credentials: admin
FireEye EX Series
FireEye FX Series
FireEye AX Series
FireEye CM Series
© 2015 FireEye 1
Release 7.5 Vulnerability Summary
Vulnerability Summary
Vulnerability Severity Related CVE-IDs Validity
Apache HTTPD Server Version Out Of Date High CVE-1999-0662 Not Valid
© 2015 FireEye 2
Vulnerabilities Report
Related CVE-
Vulnerability Severity Validity
IDs
OpenSSH - System Account Enumeration if Medium CVE-2007-2243 Valid but FireEye invul-
S/KEY is used nerable
3 © 2015 FireEye
Release 7.5 Vulnerability Details
Vulnerability Details
Vulnerabilities fall into two classifications:
l High-level vulnerabilities
l Medium-level vulnerabilities
© 2015 FireEye 4
Release 7.5
High-Level Vulnerabilities
The following vulnerabilities are considered high level:
l Apache HTTPD Server Version Out Of Date
l Apache HTTP Server Multiple Vulnerabilities (20130722) - Remote
Description The Apache HTTPD Server version detected on this system has been found
to be out of date. Versions that have not been updated after an excessive
time period could be susceptible to vulnerabilities that would otherwise be
resolved by upgrading to a newer version.
Audit 3872 and Audit 15585 are designed for Apache ver-
sions from Apache.org and may report false findings on
vendor-specific Apache backports.
How To Fix Upgrade to the latest Apache HTTPD Server version available.
Related CVE Breakdown CVE-ID CVSS Score PCI Severity PCI Status
CVE-1999- No No No
0662
FireEye Response FireEye patched our version to the latest available security.
© 2015 FireEye 5
Vulnerabilities Report
Description Apache HTTP Server contains multiple vulnerabilities when handling a crafted URI in
'mod_dav_svn' function and the 'dirty flag' when saving sessions. Successful exploitation
may allow a remote attacker to create denial-of-service conditions or potentially lead to a
compromise of the target system.
How To Fix Update the Apache HTTP Server to version 2.4.6, 2.2.25 or later.
CVE-2013-1862 No No No
CVE-2013-1896 No No No
CVE-2013-2249 No No No
CVE-2013-2249 is valid.
For CVE-2013-2249, FireEye is not vulnerable because we do not use the mod_session_
dbd module.
6 © 2015 FireEye
Release 7.5
Medium-Level Vulnerabilities
The following vulnerabilities are considered medium level:
l HTTP TRACE/TRACK Method Supported
l Apache Reverse Proxy Crafted URI Request Information Disclosure - Banner
l Apache Multiple Vulnerabilities (20120131) - Banner - TCP:80
l Apache Mod_SetEnvIf .htaccess Privilege Escalation
Description Retina has discovered that the target host supports the HTTP TRACE method (or the IIS
equivalent HTTP TRACK method). This method is known to allow attackers to gain
access to sensitive information such as cookies and authentication data.
How To Fix It is recommended that the TRACE method be disabled to prevent unauthorized dis-
closure of information.
Related CVE Break- CVE-ID CVSS Score PCI Severity PCI Status
down
CVE-2003- 5.8 Medium (CVSS Score) Fail
1567
5.8 Medium (CVSS Score) Fail
CVE-2004-
4.3 Medium (CVSS Score) Fail
2320
4.3 Medium (CVSS Score) Fail
CVE-2007-
3008
CVE-2010-
0386
© 2015 FireEye 7
Vulnerabilities Report
CVE-2003- No No No
1567
No No No
CVE-2004-
No No No
2320
No No No
CVE-2007-
3008
CVE-2010-
0386
FireEye Response FireEye does not support Microsoft Internet Information Services (IIS), BEA WebLogic
Server and Express, Mbedthis AppWeb, or Sun Java System Application Server.
Audit ID 15366
Description Apache contains a vulnerability handling crafted URI requests when using mod_proxy in
reverse proxy mode with certain configurations. Successful exploitation could allow an
attacker to connect to an arbitrary server, leveraging existing trust relationships to access
sensitive information from internal web servers not directly accessible to the attacker.
8 © 2015 FireEye
Release 7.5
BugtraqID 49957
50802
CVE-2011-3368 Yes No No
CVE-2011-4317 No No No
Description Apache 2.2 contains multiple vulnerabilities when constructing 400 error documents,
when handling format strings in cookies, and when handling unspecified fields in
scoreboard shared memory. Successful exploitation may result in disclosure of
'httpOnly' cookies and denial of service conditions.
© 2015 FireEye 9
Vulnerabilities Report
CVE-2012-
0053
BugtraqID 51407
51705
51706
CVE-2012- No No No
0021
No No No
CVE-2012-
Yes No No
0031
CVE-2012-
0053
FireEye Response For CVE-2012-0021, FireEye is not vulnerable because the issue does not affect this
version.
10 © 2015 FireEye
Release 7.5
Related CVE Break- CVE-ID CVSS Score PCI Severity PCI Status
down
CVE-2011-3607 4.4 Medium (CVSS Score) Fail
BugtraqID 50494
CVE-2011-3607 No No No
© 2015 FireEye 11
Release 7.5 References
References
l QualysGuard Vulnerability Scan report for FireEye NX Series
l QualysGuard Vulnerability Scan report for FireEye EX Series
l QualysGuard Vulnerability Scan report for FireEye AX Series
l QualysGuard Vulnerability Scan report for FireEye FX Series
l QualysGuard Vulnerability Scan report for FireEye CM Series
© 2015 FireEye 12