본문 바로가기

취약점 정보1

Apache httpd 2.4.26 mod_http2.c Read-After-Free

728x90
CVE-2017-9789: Read after free in mod_http2.c

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
httpd 2.4.26

Description:
When under stress, closing many connections, the HTTP/2
handling code would sometimes access memory after it has
been freed, resulting in potentially erratic behaviour.

Mitigation:
2.4.26 users of mod_http2 should upgrade to 2.4.27.

Credit:
The Apache HTTP Server security team would like to thank Robert AwiAcki
for reporting this issue.

References:
https://httpd.apache.org/security_report.html

important: ap_get_basic_auth_pw() Authentication Bypass CVE-2017-3167

Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.
Third-party module writers SHOULD use ap_get_basic_auth_components(), available in 2.2.34 and 2.4.26, instead of ap_get_basic_auth_pw(). Modules which call the legacy ap_get_basic_auth_pw() during the authentication phase MUST either immediately authenticate the user after the call, or else stop the request immediately with an error response, to avoid incorrectly authenticating the current request.
Acknowledgements: We would like to thank Emmanuel Dreyfus for reporting this issue.
Reported to security team: 6th February 2017
Issue public: 19th June 2017
Update Released: 19th June 2017
Affects: 2.4.25, 2.4.23, 2.4.20, 2.4.18, 2.4.17, 2.4.16, 2.4.12, 2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1

important: mod_ssl Null Pointer Dereference CVE-2017-3169

mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.
Acknowledgements: We would like to thank Vasileios Panopoulos and AdNovum Informatik AG for reporting this issue.
Reported to security team: 5th December 2016
Issue public: 19th June 2017
Update Released: 19th June 2017
Affects: 2.4.25, 2.4.23, 2.4.20, 2.4.18, 2.4.17, 2.4.16, 2.4.12, 2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1

important: mod_http2 Null Pointer Dereference CVE-2017-7659

A maliciously constructed HTTP/2 request could cause mod_http2 to dereference a NULL pointer and crash the server process.
Acknowledgements: We would like to thank Robert Święcki for reporting this issue.
Reported to security team: 18th November 2016
Issue public: 19th June 2017
Update Released: 19th June 2017
Affects: 2.4.25

important: ap_find_token() Buffer Overread CVE-2017-7668

The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.
Acknowledgements: We would like to thank Javier Jiménez (javijmor@gmail.com) for reporting this issue.
Reported to security team: 6th May 2017
Issue public: 19th June 2017
Update Released: 19th June 2017
Affects: 2.4.25

important: mod_mime Buffer Overread CVE-2017-7679

mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.
Acknowledgements: We would like to thank ChenQin and Hanno Böck for reporting this issue.



728x90