httpd-2.4.6-95.0.1.el7.AXS7
エラータID: AXSA:2020-639:02
リリース日:
2020/10/08 Thursday - 09:37
題名:
httpd-2.4.6-95.0.1.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- httpdには、に指定した正規表現の'$'がファイル名の末尾ではなく
悪意のあるファイル名の改行文字にマッチしてしまう問題があり、ファイルの
アップロードが制限されている環境において攻撃者がファイル名の末尾のみを
一致させることで認証を回避できる脆弱性があります。(CVE-2020-15715)
- httpdには、セッションデータをCGIアプリケーションに転送するように
mod_sessionモジュールを設定している場合(意図的にSessionEnvを有効にした場合)、
攻撃者が"Session"ヘッダーを使用してコンテンツに影響を与えることができる
脆弱性があります。(CVE-2018-1283)
- httpdには、mod_cache_socacheモジュールを利用している場合、共有メモリに
キャッシュするデータの準備処理中に、細工されたHTTPリクエストヘッダーによって、
範囲外のメモリ読み込みによるクラッシュが発生する問題があり、サービス拒否攻撃
として利用されてしまう脆弱性があります。(CVE-2018-1303)
- httpdには、mod_rewirteモジュールでの自己参照を意図したリダイレクト設定が、
リクエストURLにエンコードされた改行文字を含めることで騙され、リクエストURLに
含まれるURLへリダイレクトしてしまうオープンリダイレクトの脆弱性があります。
(CVE-2019-10098, CVE-2020-1927)
- httpdには、悪意のあるFTPサーバーにプロキシする際、mod_proxy_ftpモジュールが
初期化されていないメモリを利用してしまう脆弱性があります。(CVE-2020-1934)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2017-15715
In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.
In Apache httpd 2.4.0 to 2.4.29, the expression specified in
CVE-2018-1283
In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTP_SESSION" variable name used by mod_session to forward its data to CGIs, since the prefix "HTTP_" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications.
In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTP_SESSION" variable name used by mod_session to forward its data to CGIs, since the prefix "HTTP_" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications.
CVE-2018-1303
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.
CVE-2019-10098
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.
CVE-2020-1927
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.
CVE-2020-1934
In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.
In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.
追加情報:
N/A
ダウンロード:
SRPMS
- httpd-2.4.6-95.0.1.el7.AXS7.src.rpm
MD5: cef60ce4be6579b4e3b961d0f08a38b1
SHA-256: a3c1e883f1625c29d3fef9ef77e163ce07d9acd8ba9d2de8de67519c179f4592
Size: 4.97 MB
Asianux Server 7 for x86_64
- httpd-2.4.6-95.0.1.el7.AXS7.x86_64.rpm
MD5: 3c9c5033a81b25cd8c4536a156f1f8f8
SHA-256: f6d9cba643c6a25742e96e3a04a6dc0966d973fe3c85ee1ab4af5d1d0701915d
Size: 1.19 MB - httpd-devel-2.4.6-95.0.1.el7.AXS7.x86_64.rpm
MD5: b1ff7c7e94f9dd6a10cbdc4dfa5948bb
SHA-256: 090aed3e9c93954741d4f8df6746e07b42337696b0de3594ed80db75e5805d5b
Size: 198.05 kB - httpd-manual-2.4.6-95.0.1.el7.AXS7.noarch.rpm
MD5: 702f73358f575f732ec347b083dba9db
SHA-256: e9eebb88f3ea138edaa9044299821201df8b5ced827cedc5849c3bf4a3e66357
Size: 1.34 MB - httpd-tools-2.4.6-95.0.1.el7.AXS7.x86_64.rpm
MD5: f1340e3e1e7907f6255c74965933b79e
SHA-256: 1b054c2f57864fb63be6706b2ca323f740f739b205c94fb981381a19f2d8288e
Size: 91.97 kB - mod_session-2.4.6-95.0.1.el7.AXS7.x86_64.rpm
MD5: 688bb23fa37b20b55d9b9763dcd7272a
SHA-256: b9ca121648befba857309e2a42274899e518f817d43a020b21c5a0290fb802ba
Size: 62.02 kB - mod_ssl-2.4.6-95.0.1.el7.AXS7.x86_64.rpm
MD5: ed737c8feb97ebf9d321f02eb9f037d4
SHA-256: 45b56fd104a63294d6e6146283965a7bb470f4c66fd9bbc5506bf1bac4436828
Size: 113.12 kB
English