httpd-2.4.6-67.2.0.1.el7.AXS7
エラータID: AXSA:2017-2042:02
The Apache HTTP Server is a powerful, efficient, and extensible
web server.
CVE-2017-3167
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of
the ap_get_basic_auth_pw() by third-party modules outside of the
authentication phase may lead to authentication requirements being
bypassed.
CVE-2017-3169
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl
may dereference a NULL pointer when third-party modules call
ap_hook_process_connection() during an HTTP request to an HTTPS port.
CVE-2017-7668
The HTTP strict parsing changes added in Apache httpd 2.2.32 and
2.4.24 introduced a bug in token list parsing, which allows
ap_find_token() to search past the end of its input string. By
maliciously crafting a sequence of request headers, an attacker may be
able to cause a segmentation fault, or to force ap_find_token() to
return an incorrect value.
CVE-2017-7679
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime
can read one byte past the end of a buffer when sending a malicious
Content-Type response header.
CVE-2017-9788
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value
placeholder in [Proxy-]Authorization headers of type 'Digest' was not
initialized or reset before or between successive key=value
assignments by mod_auth_digest. Providing an initial key with no '='
assignment could reflect the stale value of uninitialized pool memory
used by the prior request, leading to leakage of potentially
confidential information, and a segfault in other cases resulting in
denial of service.
Update packages.
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.
N/A
SRPMS
- httpd-2.4.6-67.2.0.1.el7.AXS7.src.rpm
MD5: b565dedd28393d2ecd742c2385e3d8d9
SHA-256: 9b63478be42510ec8f7d942a0f8e57247ec5be3354afa7648ce1a029b939669b
Size: 4.92 MB
Asianux Server 7 for x86_64
- httpd-2.4.6-67.2.0.1.el7.AXS7.x86_64.rpm
MD5: fc704b2b51d2d258ccd3bab7476cee81
SHA-256: a45f10ef1f1cc492bdeffb58a39654d0ba55988fd812c870e7882ba638c72206
Size: 1.18 MB - httpd-devel-2.4.6-67.2.0.1.el7.AXS7.x86_64.rpm
MD5: b710be7086899767b049958782773043
SHA-256: ac5268858adb5a7088c97bf4c8e392bc52b9b2438eb4804eed49288eff7819d1
Size: 192.75 kB - httpd-manual-2.4.6-67.2.0.1.el7.AXS7.noarch.rpm
MD5: 6b8c87615cef0bd9cd5884fbf8eed243
SHA-256: f9eb9fff00d4f00a259bf6f88d3c2473a68dd32e755e0622b55d1f44a860483e
Size: 1.34 MB - httpd-tools-2.4.6-67.2.0.1.el7.AXS7.x86_64.rpm
MD5: d25822546148983cd576775eed7ccd5f
SHA-256: 29c11607417b08cdbc36ef6cafa9d78602af50f79afd080a73b4b41e659cea3e
Size: 86.69 kB - mod_session-2.4.6-67.2.0.1.el7.AXS7.x86_64.rpm
MD5: 18744c8e66b75a61d7d41291b6c46c78
SHA-256: 3257f3a2e170cf33b3b556bac4e27fe6deac6cdf95cf6bd966ded8ea5757651c
Size: 56.96 kB - mod_ssl-2.4.6-67.2.0.1.el7.AXS7.x86_64.rpm
MD5: fc19cb90c0852cd4bdb858046ae01b6a
SHA-256: 9f60a17ce2cb621440294e67763d9ecca1c852b020b98aeef0526abd55d2b943
Size: 108.01 kB