| VID |
22901 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.33. It is, therefore, affected by multiple vulnerabilities:
- An out of bounds write vulnerability exists in mod_authnz_ldap with AuthLDAPCharsetConfig enabled. An unauthenticated, remote attacker can exploit this, via the Accept-Language header value, to cause the application to stop responding. (CVE-2017-15710)
- An arbitrary file upload vulnerability exists in the FilesMatch component where a malicious filename can be crafted to match the expression check for a newline character. An unauthenticated, remote attacker can exploit this, via newline character, to upload arbitrary files on the remote host subject to the privileges of the user. (CVE-2017-15715)
- A session management vulnerability exists in the mod_session component due to SessionEnv being enabled and forwarding it's session data to the CGI Application. An unauthenticated, remote attacker can exploit this, via tampering the HTTP_SESSION and using a session header, to influence content. (CVE-2018-1283)
- An out of bounds access vulnerability exists when the size limit is reached. An unauthenticated, remote attacker can exploit this, to cause the Apache HTTP Server to crash. (CVE-2018-1301)
- A write after free vulnerability exists in HTTP/2 stream due to a NULL pointer being written to an area of freed memory. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2018-1302)
- An out of bounds read vulnerability exists in mod_cache_socache.
An unauthenticated, remote attacker can exploit this, via a specially crafted HTTP request header to cause the application to stop responding. (CVE-2018-1303)
- A weak digest vulnerability exists in the HTTP digest authentication challenge. An unauthenticated, remote attacker can exploit this in a cluster of servers configured to use a common digest authentication, to replay HTTP requests across servers without being detected. (CVE-2018-1312)
* References:
https://archive.apache.org/dist/httpd/CHANGES_2.4.33
https://httpd.apache.org/security/vulnerabilities_24.html#2.4.33
* Platforms Affected:
Apache HTTP versions 2.4.x prior to 2.4.33
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Apache HTTP Server (2.4.33 or later), available from the Apache Software Foundation download site, http://httpd.apache.org/download.cgi |
| Related URL |
CVE-2017-15710,CVE-2017-15715,CVE-2018-1283,CVE-2018-1301,CVE-2018-1302,CVE-2018-1303,CVE-2018-1312 (CVE) |
| Related URL |
103512,103515,103524,103525,103528,104584,106158 (SecurityFocus) |
| Related URL |
(ISS) |
|
