Critical Apache HTTP Server Vulnerabilities Expose Millions of Websites to Cyber Attack
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
The Apache Software Foundation has disclosed several critical vulnerabilities in the Apache HTTP Server, which could potentially expose millions of websites to cyber-attacks.
These vulnerabilities, identified by their Common Vulnerabilities and Exposures (CVE) numbers, affect various versions of the Apache HTTP Server and could lead to severe consequences such as source code disclosure, server-side request forgery (SSRF), and denial of service (DoS).
Detailed Vulnerabilities
Source Code Disclosure with Handlers Configured via AddType (CVE-2024-40725)
A partial fix for CVE-2024-39884 in Apache HTTP Server 2.4.61 overlooked some uses of legacy content-type-based handler configurations.
Under certain circumstances, configurations like “AddType” can lead to disclosing local source code when files are requested indirectly. For instance, PHP scripts might serve as plain text instead of being interpreted.
SSRF with mod_rewrite on Windows (CVE-2024-40898)
A Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server on Windows, using mod_rewrite in server/vhost context, could potentially leak NTLM hashes to a malicious server through SSRF and crafted requests.
Source Code Disclosure with Handlers Configured via AddType (CVE-2024-39884)
A regression in Apache HTTP Server 2.4.60 ignored some uses of legacy content-type-based handler configurations. This could lead to disclosing local source code when files are requested indirectly.
DoS by Null Pointer in WebSocket over HTTP/2 (CVE-2024-36387)
Serving WebSocket protocol upgrades over an HTTP/2 connection could result in a Null Pointer dereference, causing a server crash and performance degradation.
UNC SSRF on Windows (CVE-2024-38472)
A Server-Side Request Forgery (SSRF) vulnerability in the Apache HTTP Server on Windows could potentially leak NTLM hashes to a malicious server via SSRF and crafted requests or content.
Proxy Encoding Problem (CVE-2024-38473)
An encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows incorrectly encoded request URLs to be sent to backend services, potentially bypassing authentication via crafted requests.
Weakness with Encoded Question Marks in Backreferences (CVE-2024-38474)
A substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attackers to execute scripts in directories permitted by the configuration but not directly reachable by any URL, or disclose scripts meant to be executed as CGI.
Weakness in mod_rewrite with File System Path (CVE-2024-38475)
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations permitted to be served by the server but not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure.
Exploitable/Malicious Backend Application Output (CVE-2024-38476)
A vulnerability in the core of Apache HTTP Server 2.4.59 and earlier allows information disclosure, SSRF, or local script execution via backend applications with malicious or exploitable response headers.
Crash Resulting in DoS in mod_proxy (CVE-2024-38477)
A null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request.
mod_rewrite Proxy Handler Substitution (CVE-2024-39573)
A potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to set up URLs to be handled by mod_proxy unexpectedly.
HTTP Response Splitting (CVE-2023-38709)
A faulty input validation in the core of the Apache HTTP Server allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects the Apache HTTP Server through version 2.4.58.
HTTP Response Splitting in Multiple Modules (CVE-2024-24795)
HTTP Response splitting in multiple modules in Apache HTTP Server allows attackers to inject malicious response headers into backend applications, potentially causing an HTTP desynchronization attack.
HTTP/2 DoS by Memory Exhaustion on Endless Continuation Frames (CVE-2024-27316)
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 to generate an informative HTTP 413 response. If a client continues sending headers, this can lead to memory exhaustion.
mod_macro Buffer Over-read (CVE-2023-31122)
An out-of-bounds read vulnerability in mod_macro of Apache HTTP Server affects versions through 2.4.57.
DoS in HTTP/2 with Initial Window Size 0 (CVE-2023-43622)
An attacker opening an HTTP/2 connection with an initial window size of 0 can block the handling of that connection indefinitely, similar to the “slow loris” attack pattern.
HTTP/2 Stream Memory Not Reclaimed Right Away on RST (CVE-2023-45802)
When a client resets an HTTP/2 stream, the request’s memory resources are not immediately reclaimed, leading to potential memory exhaustion.
HTTP Request Splitting with mod_rewrite and mod_proxy (CVE-2023-25690)
Certain mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow an HTTP Request Smuggling attack, potentially bypassing access controls and causing cache poisoning.
mod_proxy_uwsgi HTTP Response Splitting (CVE-2023-27522)
A vulnerability in the Apache HTTP Server via mod_proxy_uwsgi allows special characters in the origin response header to truncate/split the response forwarded to the client.
mod_dav Out of Bounds Read or Write of Zero Byte (CVE-2006-20001)
A carefully crafted If: request header can cause a memory read or write of a single zero byte in a pool (heap) memory location beyond the header value sent, potentially causing a process crash.
mod_proxy_ajp Possible Request Smuggling (CVE-2022-36760)
An HTTP Request Smuggling vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.
mod_proxy Before 2.4.55 Allows Backend to Trigger HTTP Response Splitting (CVE-2022-37436)
A malicious backend can cause response headers to be truncated early, resulting in some headers being incorporated into the response body.
mod_proxy_ajp Possible Request Smuggling (CVE-2022-26377)
An HTTP Request Smuggling vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.
Read Beyond Bounds in mod_isapi (CVE-2022-28330)
Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.
Read Beyond Bounds via ap_rwrite() (CVE-2022-28614)
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs().
Read Beyond Bounds in ap_strcmp_match() (CVE-2022-28615)
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer.
Denial of Service in mod_lua r:parsebody (CVE-2022-29404)
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.
mod_sed Denial of Service (CVE-2022-30522)
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may allocate excessive memory and trigger an abort.
HTTP Response Splitting (CVE-2023-38709)
Faulty input validation in the core of Apache HTTP Server allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects the Apache HTTP Server through version 2.4.58.
HTTP Response Splitting in Multiple Modules (CVE-2024-24795)
HTTP Response splitting in multiple modules in Apache HTTP Server allows attackers to inject malicious response headers into backend applications, potentially causing an HTTP desynchronization attack.
HTTP/2 DoS by Memory Exhaustion on Endless Continuation Frames (CVE-2024-27316)
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 to generate an informative HTTP 413 response. If a client continues sending headers, this can lead to memory exhaustion.
mod_macro Buffer Over-read (CVE-2023-31122)
An out-of-bounds read vulnerability in mod_macro of Apache HTTP Server affects versions through 2.4.57.
DoS in HTTP/2 with Initial Window Size 0 (CVE-2023-43622)
An attacker opening an HTTP/2 connection with an initial window size of 0 can block the handling of that connection indefinitely, similar to the “slow loris” attack pattern. Jafarov (City University of New York), Prof. Heejo Lee (Korea University), Choongin Lee (Korea University)
HTTP/2 Stream Memory Not Reclaimed Right Away on RST (CVE-2023-45802)
When a client resets an HTTP/2 stream, the request’s memory resources are not immediately reclaimed, leading to potential memory exhaustion.
HTTP Request Splitting with mod_rewrite and mod_proxy (CVE-2023-25690)
Certain mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow an HTTP Request Smuggling attack, potentially bypassing access controls and causing cache poisoning.
mod_proxy_uwsgi HTTP Response Splitting (CVE-2023-27522)
A vulnerability in the Apache HTTP Server via mod_proxy_uwsgi allows special characters in the origin response header to truncate/split the response forwarded to the client.
mod_dav Out of Bounds Read or Write of Zero Byte (CVE-2006-20001)
A carefully crafted If: request header can cause a memory read or write of a single zero byte in a pool (heap) memory location beyond the header value sent, potentially causing a process crash.
mod_proxy_ajp Possible Request Smuggling (CVE-2022-36760)
An HTTP Request Smuggling vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.
mod_proxy Before 2.4.55 Allows Backend to Trigger HTTP Response Splitting (CVE-2022-37436)
A malicious backend can cause response headers to be truncated early, resulting in some headers being incorporated into the response body.
mod_proxy_ajp Possible Request Smuggling (CVE-2022-26377)
An HTTP Request Smuggling vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.
Read Beyond Bounds in mod_isapi (CVE-2022-28330)
Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.
Read Beyond Bounds via ap_rwrite() (CVE-2022-28614)
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs().
Read Beyond Bounds in ap_strcmp_match() (CVE-2022-28615)
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer.
Denial of Service in mod_lua r:parsebody (CVE-2022-29404)
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.
mod_sed Denial of Service (CVE-2022-30522)
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may allocate excessive memory and trigger an abort.
HTTP Response Splitting (CVE-2023-38709)
Faulty input validation in the core of Apache HTTP Server allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects the Apache HTTP Server through version 2.4.58.
HTTP Response Splitting in Multiple Modules (CVE-2024-24795)
HTTP Response splitting in multiple modules in Apache HTTP Server allows attackers to inject malicious response headers into backend applications, potentially causing an HTTP desynchronization attack.
HTTP/2 DoS by Memory Exhaustion on Endless Continuation Frames (CVE-2024-27316)
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 to generate an informative HTTP 413 response. If a client continues sending headers, this can lead to memory exhaustion.
mod_macro Buffer Over-read (CVE-2023-31122)
An out-of-bounds read vulnerability in mod_macro of Apache HTTP Server affects versions through 2.4.57.
DoS in HTTP/2 with Initial Window Size 0 (CVE-2023-43622)
An attacker opening an HTTP/2 connection with an initial window size of 0 can block the handling of that connection indefinitely, similar to the “slow loris” attack pattern.
HTTP/2 Stream Memory Not Reclaimed Right Away on RST (CVE-2023-45802)
When a client resets an HTTP/2 stream, the request’s memory resources are not immediately reclaimed, leading to potential memory exhaustion.
HTTP Request Splitting with mod_rewrite and mod_proxy (CVE-2023-25690)
Certain mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow an HTTP Request Smuggling attack, potentially bypassing access controls and causing cache poisoning.
mod_proxy_uwsgi HTTP Response Splitting (CVE-2023-27522)
A vulnerability in the Apache HTTP Server via mod_proxy_uwsgi allows special characters in the origin response header to truncate/split the response forwarded to the client.
mod_dav Out of Bounds Read or Write of Zero Byte (CVE-2006-20001)
A carefully crafted If: request header can cause a memory read or write of a single zero byte in a pool (heap) memory location beyond the header value sent, potentially causing a process crash.
mod_proxy_ajp Possible Request Smuggling (CVE-2022-36760)
An HTTP Request Smuggling vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.
mod_proxy Before 2.4.55 Allows Backend to Trigger HTTP Response Splitting (CVE-2022-37436)
A malicious backend can cause response headers to be truncated early, resulting in some headers being incorporated into the response body.
mod_proxy_ajp Possible Request Smuggling (CVE-2022-26377)
An HTTP Request Smuggling vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.
Read Beyond Bounds in mod_isapi (CVE-2022-28330)
Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.
Read Beyond Bounds via ap_rwrite() (CVE-2022-28614)
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs().
Read Beyond Bounds in ap_strcmp_match() (CVE-2022-28615)
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer.
Denial of Service in mod_lua r:parsebody (CVE-2022-29404)
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.
mod_sed Denial of Service (CVE-2022-30522)
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may allocate excessive memory and trigger an abort.
Fixed in Apache HTTP Server 2.4.41
mod_http2, DoS Attack by Exhausting h2 Workers (CVE-2019-9517)
A malicious client could perform a DoS attack by flooding a connection with requests and never reading responses on the TCP connection. Depending on h2 worker dimensioning, blocking those with relatively few connections was possible.
mod_http2, Memory Corruption on Early Pushes (CVE-2019-10081)
HTTP/2 very early pushes, configured with “H2PushResource”, could lead to an overwrite of memory in the pushing request’s pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.
mod_http2, Read-After-Free in h2 Connection Shutdown (CVE-2019-10082)
Using fuzzed network input, the HTTP/2 session handling could be made to read memory after being freed during connection shutdown.
Limited Cross-Site Scripting in mod_proxy Error Page (CVE-2019-10092)
A limited cross-site scripting issue was reported, affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice.
This would only be exploitable if a server were set up with proxying enabled but misconfigured so that the Proxy Error page was displayed.
CVE-2019-10097 mod_remoteip: Stack Buffer Overflow and NULL Pointer Dereference (CVE-2019-10097)
When mod_remoteip was configured to use a trusted intermediary proxy server using the “PROXY” protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer dereference. This vulnerability could only be triggered by a trusted proxy, not by untrusted HTTP clients.
mod_rewrite Potential Open Redirect (CVE-2019-10098)
Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirected to an unexpected URL within the request URL.
Fixed in Apache HTTP Server 2.4.39
mod_http2, Read-After-Free on a String Compare (CVE-2019-0196)
Using fuzzed network input, the HTTP/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.
mod_http2, Possible Crash on Late Upgrade (CVE-2019-0197)
When HTTP/2 was enabled for an HTTP host or H2Upgrade was enabled for h2 on an HTTPS host, an Upgrade request from HTTP/1.1 to HTTP/2 that was not the first request on a connection could lead to a misconfiguration and crash.
A server that never enabled the h2 protocol or that only enabled it for HTTPS and did not configure the “H2Upgrade on” is unaffected by this.
Apache HTTP Server Privilege Escalation from Modules’ Scripts (CVE-2019-0211)
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker, or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could manipulate the scoreboard to execute arbitrary code with the privileges of the parent process (usually root). Non-Unix systems are not affected.
mod_ssl Access Control Bypass (CVE-2019-0215)
In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client supporting Post-Handshake Authentication to bypass configured access control restrictions.
mod_auth_digest Access Control Bypass (CVE-2019-0217)
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.
Apache httpd URL Normalization Inconsistency (CVE-2019-0220)
When the path component of a request URL contains multiple consecutive slashes (‘/’), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions, while other aspects of the server’s processing will implicitly collapse them.
Fixed in Apache HTTP Server 2.4.38
DoS for HTTP/2 Connections via Slow Request Bodies (CVE-2018-17189)
mod_session_cookie Does Not Respect Expiry Time (CVE-2018-17199)
In Apache HTTP Server 2.4, release 2.4.37; prior, mod_session checks the session expiration time before decoding the session.
This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.
mod_ssl 2.4.37 Remote DoS When Used with OpenSSL 1.1.1 (CVE-2019-0190)
A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop, leading to a denial of service.
This bug can only be triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later due to an interaction in changes to the handling of renegotiation attempts.
Fixed in Apache HTTP Server 2.4.35
DoS for HTTP/2 Connections by Continuous SETTINGS (CVE-2018-11763)
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Critical Apache HTTP Server Vulnerabilities Expose Millions of Websites to Cyber Attack
Author: DhivyaThe Apache Software Foundation has disclosed several critical vulnerabilities in the Apache HTTP Server, which could potentially expose millions of websites to cyber-attacks.
These vulnerabilities, identified by their Common Vulnerabilities and Exposures (CVE) numbers, affect various versions of the Apache HTTP Server and could lead to severe consequences such as source code disclosure, server-side request forgery (SSRF), and denial of service (DoS).
Detailed Vulnerabilities
Source Code Disclosure with Handlers Configured via AddType (CVE-2024-40725)
A partial fix for CVE-2024-39884 in Apache HTTP Server 2.4.61 overlooked some uses of legacy content-type-based handler configurations.
Under certain circumstances, configurations like “AddType” can lead to disclosing local source code when files are requested indirectly. For instance, PHP scripts might serve as plain text instead of being interpreted.
SSRF with mod_rewrite on Windows (CVE-2024-40898)
A Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server on Windows, using mod_rewrite in server/vhost context, could potentially leak NTLM hashes to a malicious server through SSRF and crafted requests.
Source Code Disclosure with Handlers Configured via AddType (CVE-2024-39884)
A regression in Apache HTTP Server 2.4.60 ignored some uses of legacy content-type-based handler configurations. This could lead to disclosing local source code when files are requested indirectly.
DoS by Null Pointer in WebSocket over HTTP/2 (CVE-2024-36387)
Serving WebSocket protocol upgrades over an HTTP/2 connection could result in a Null Pointer dereference, causing a server crash and performance degradation.
UNC SSRF on Windows (CVE-2024-38472)
A Server-Side Request Forgery (SSRF) vulnerability in the Apache HTTP Server on Windows could potentially leak NTLM hashes to a malicious server via SSRF and crafted requests or content.
Proxy Encoding Problem (CVE-2024-38473)
An encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows incorrectly encoded request URLs to be sent to backend services, potentially bypassing authentication via crafted requests.
Weakness with Encoded Question Marks in Backreferences (CVE-2024-38474)
A substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attackers to execute scripts in directories permitted by the configuration but not directly reachable by any URL, or disclose scripts meant to be executed as CGI.
Weakness in mod_rewrite with File System Path (CVE-2024-38475)
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations permitted to be served by the server but not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure.
Exploitable/Malicious Backend Application Output (CVE-2024-38476)
A vulnerability in the core of Apache HTTP Server 2.4.59 and earlier allows information disclosure, SSRF, or local script execution via backend applications with malicious or exploitable response headers.
Crash Resulting in DoS in mod_proxy (CVE-2024-38477)
A null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request.
mod_rewrite Proxy Handler Substitution (CVE-2024-39573)
A potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to set up URLs to be handled by mod_proxy unexpectedly.
HTTP Response Splitting (CVE-2023-38709)
A faulty input validation in the core of the Apache HTTP Server allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects the Apache HTTP Server through version 2.4.58.
HTTP Response Splitting in Multiple Modules (CVE-2024-24795)
HTTP Response splitting in multiple modules in Apache HTTP Server allows attackers to inject malicious response headers into backend applications, potentially causing an HTTP desynchronization attack.
HTTP/2 DoS by Memory Exhaustion on Endless Continuation Frames (CVE-2024-27316)
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 to generate an informative HTTP 413 response. If a client continues sending headers, this can lead to memory exhaustion.
mod_macro Buffer Over-read (CVE-2023-31122)
An out-of-bounds read vulnerability in mod_macro of Apache HTTP Server affects versions through 2.4.57.
DoS in HTTP/2 with Initial Window Size 0 (CVE-2023-43622)
An attacker opening an HTTP/2 connection with an initial window size of 0 can block the handling of that connection indefinitely, similar to the “slow loris” attack pattern.
HTTP/2 Stream Memory Not Reclaimed Right Away on RST (CVE-2023-45802)
When a client resets an HTTP/2 stream, the request’s memory resources are not immediately reclaimed, leading to potential memory exhaustion.
HTTP Request Splitting with mod_rewrite and mod_proxy (CVE-2023-25690)
Certain mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow an HTTP Request Smuggling attack, potentially bypassing access controls and causing cache poisoning.
mod_proxy_uwsgi HTTP Response Splitting (CVE-2023-27522)
A vulnerability in the Apache HTTP Server via mod_proxy_uwsgi allows special characters in the origin response header to truncate/split the response forwarded to the client.
mod_dav Out of Bounds Read or Write of Zero Byte (CVE-2006-20001)
A carefully crafted If: request header can cause a memory read or write of a single zero byte in a pool (heap) memory location beyond the header value sent, potentially causing a process crash.
mod_proxy_ajp Possible Request Smuggling (CVE-2022-36760)
An HTTP Request Smuggling vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.
mod_proxy Before 2.4.55 Allows Backend to Trigger HTTP Response Splitting (CVE-2022-37436)
A malicious backend can cause response headers to be truncated early, resulting in some headers being incorporated into the response body.
mod_proxy_ajp Possible Request Smuggling (CVE-2022-26377)
An HTTP Request Smuggling vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.
Read Beyond Bounds in mod_isapi (CVE-2022-28330)
Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.
Read Beyond Bounds via ap_rwrite() (CVE-2022-28614)
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs().
Read Beyond Bounds in ap_strcmp_match() (CVE-2022-28615)
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer.
Denial of Service in mod_lua r:parsebody (CVE-2022-29404)
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.
mod_sed Denial of Service (CVE-2022-30522)
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may allocate excessive memory and trigger an abort.
HTTP Response Splitting (CVE-2023-38709)
Faulty input validation in the core of Apache HTTP Server allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects the Apache HTTP Server through version 2.4.58.
HTTP Response Splitting in Multiple Modules (CVE-2024-24795)
HTTP Response splitting in multiple modules in Apache HTTP Server allows attackers to inject malicious response headers into backend applications, potentially causing an HTTP desynchronization attack.
HTTP/2 DoS by Memory Exhaustion on Endless Continuation Frames (CVE-2024-27316)
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 to generate an informative HTTP 413 response. If a client continues sending headers, this can lead to memory exhaustion.
mod_macro Buffer Over-read (CVE-2023-31122)
An out-of-bounds read vulnerability in mod_macro of Apache HTTP Server affects versions through 2.4.57.
DoS in HTTP/2 with Initial Window Size 0 (CVE-2023-43622)
An attacker opening an HTTP/2 connection with an initial window size of 0 can block the handling of that connection indefinitely, similar to the “slow loris” attack pattern. Jafarov (City University of New York), Prof. Heejo Lee (Korea University), Choongin Lee (Korea University)
HTTP/2 Stream Memory Not Reclaimed Right Away on RST (CVE-2023-45802)
When a client resets an HTTP/2 stream, the request’s memory resources are not immediately reclaimed, leading to potential memory exhaustion.
HTTP Request Splitting with mod_rewrite and mod_proxy (CVE-2023-25690)
Certain mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow an HTTP Request Smuggling attack, potentially bypassing access controls and causing cache poisoning.
mod_proxy_uwsgi HTTP Response Splitting (CVE-2023-27522)
A vulnerability in the Apache HTTP Server via mod_proxy_uwsgi allows special characters in the origin response header to truncate/split the response forwarded to the client.
mod_dav Out of Bounds Read or Write of Zero Byte (CVE-2006-20001)
A carefully crafted If: request header can cause a memory read or write of a single zero byte in a pool (heap) memory location beyond the header value sent, potentially causing a process crash.
mod_proxy_ajp Possible Request Smuggling (CVE-2022-36760)
An HTTP Request Smuggling vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.
mod_proxy Before 2.4.55 Allows Backend to Trigger HTTP Response Splitting (CVE-2022-37436)
A malicious backend can cause response headers to be truncated early, resulting in some headers being incorporated into the response body.
mod_proxy_ajp Possible Request Smuggling (CVE-2022-26377)
An HTTP Request Smuggling vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.
Read Beyond Bounds in mod_isapi (CVE-2022-28330)
Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.
Read Beyond Bounds via ap_rwrite() (CVE-2022-28614)
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs().
Read Beyond Bounds in ap_strcmp_match() (CVE-2022-28615)
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer.
Denial of Service in mod_lua r:parsebody (CVE-2022-29404)
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.
mod_sed Denial of Service (CVE-2022-30522)
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may allocate excessive memory and trigger an abort.
HTTP Response Splitting (CVE-2023-38709)
Faulty input validation in the core of Apache HTTP Server allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects the Apache HTTP Server through version 2.4.58.
HTTP Response Splitting in Multiple Modules (CVE-2024-24795)
HTTP Response splitting in multiple modules in Apache HTTP Server allows attackers to inject malicious response headers into backend applications, potentially causing an HTTP desynchronization attack.
HTTP/2 DoS by Memory Exhaustion on Endless Continuation Frames (CVE-2024-27316)
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 to generate an informative HTTP 413 response. If a client continues sending headers, this can lead to memory exhaustion.
mod_macro Buffer Over-read (CVE-2023-31122)
An out-of-bounds read vulnerability in mod_macro of Apache HTTP Server affects versions through 2.4.57.
DoS in HTTP/2 with Initial Window Size 0 (CVE-2023-43622)
An attacker opening an HTTP/2 connection with an initial window size of 0 can block the handling of that connection indefinitely, similar to the “slow loris” attack pattern.
HTTP/2 Stream Memory Not Reclaimed Right Away on RST (CVE-2023-45802)
When a client resets an HTTP/2 stream, the request’s memory resources are not immediately reclaimed, leading to potential memory exhaustion.
HTTP Request Splitting with mod_rewrite and mod_proxy (CVE-2023-25690)
Certain mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow an HTTP Request Smuggling attack, potentially bypassing access controls and causing cache poisoning.
mod_proxy_uwsgi HTTP Response Splitting (CVE-2023-27522)
A vulnerability in the Apache HTTP Server via mod_proxy_uwsgi allows special characters in the origin response header to truncate/split the response forwarded to the client.
mod_dav Out of Bounds Read or Write of Zero Byte (CVE-2006-20001)
A carefully crafted If: request header can cause a memory read or write of a single zero byte in a pool (heap) memory location beyond the header value sent, potentially causing a process crash.
mod_proxy_ajp Possible Request Smuggling (CVE-2022-36760)
An HTTP Request Smuggling vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.
mod_proxy Before 2.4.55 Allows Backend to Trigger HTTP Response Splitting (CVE-2022-37436)
A malicious backend can cause response headers to be truncated early, resulting in some headers being incorporated into the response body.
mod_proxy_ajp Possible Request Smuggling (CVE-2022-26377)
An HTTP Request Smuggling vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.
Read Beyond Bounds in mod_isapi (CVE-2022-28330)
Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.
Read Beyond Bounds via ap_rwrite() (CVE-2022-28614)
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs().
Read Beyond Bounds in ap_strcmp_match() (CVE-2022-28615)
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer.
Denial of Service in mod_lua r:parsebody (CVE-2022-29404)
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.
mod_sed Denial of Service (CVE-2022-30522)
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may allocate excessive memory and trigger an abort.
Fixed in Apache HTTP Server 2.4.41
mod_http2, DoS Attack by Exhausting h2 Workers (CVE-2019-9517)
A malicious client could perform a DoS attack by flooding a connection with requests and never reading responses on the TCP connection. Depending on h2 worker dimensioning, blocking those with relatively few connections was possible.
mod_http2, Memory Corruption on Early Pushes (CVE-2019-10081)
HTTP/2 very early pushes, configured with “H2PushResource”, could lead to an overwrite of memory in the pushing request’s pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.
mod_http2, Read-After-Free in h2 Connection Shutdown (CVE-2019-10082)
Using fuzzed network input, the HTTP/2 session handling could be made to read memory after being freed during connection shutdown.
Limited Cross-Site Scripting in mod_proxy Error Page (CVE-2019-10092)
A limited cross-site scripting issue was reported, affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice.
This would only be exploitable if a server were set up with proxying enabled but misconfigured so that the Proxy Error page was displayed.
CVE-2019-10097 mod_remoteip: Stack Buffer Overflow and NULL Pointer Dereference (CVE-2019-10097)
When mod_remoteip was configured to use a trusted intermediary proxy server using the “PROXY” protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer dereference. This vulnerability could only be triggered by a trusted proxy, not by untrusted HTTP clients.
mod_rewrite Potential Open Redirect (CVE-2019-10098)
Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirected to an unexpected URL within the request URL.
Fixed in Apache HTTP Server 2.4.39
mod_http2, Read-After-Free on a String Compare (CVE-2019-0196)
Using fuzzed network input, the HTTP/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.
mod_http2, Possible Crash on Late Upgrade (CVE-2019-0197)
When HTTP/2 was enabled for an HTTP host or H2Upgrade was enabled for h2 on an HTTPS host, an Upgrade request from HTTP/1.1 to HTTP/2 that was not the first request on a connection could lead to a misconfiguration and crash.
A server that never enabled the h2 protocol or that only enabled it for HTTPS and did not configure the “H2Upgrade on” is unaffected by this.
Apache HTTP Server Privilege Escalation from Modules’ Scripts (CVE-2019-0211)
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker, or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could manipulate the scoreboard to execute arbitrary code with the privileges of the parent process (usually root). Non-Unix systems are not affected.
mod_ssl Access Control Bypass (CVE-2019-0215)
In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client supporting Post-Handshake Authentication to bypass configured access control restrictions.
mod_auth_digest Access Control Bypass (CVE-2019-0217)
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.
Apache httpd URL Normalization Inconsistency (CVE-2019-0220)
When the path component of a request URL contains multiple consecutive slashes (‘/’), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions, while other aspects of the server’s processing will implicitly collapse them.
Fixed in Apache HTTP Server 2.4.38
DoS for HTTP/2 Connections via Slow Request Bodies (CVE-2018-17189)
mod_session_cookie Does Not Respect Expiry Time (CVE-2018-17199)
In Apache HTTP Server 2.4, release 2.4.37; prior, mod_session checks the session expiration time before decoding the session.
This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.
mod_ssl 2.4.37 Remote DoS When Used with OpenSSL 1.1.1 (CVE-2019-0190)
A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop, leading to a denial of service.
This bug can only be triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later due to an interaction in changes to the handling of renegotiation attempts.
Fixed in Apache HTTP Server 2.4.35
DoS for HTTP/2 Connections by Continuous SETTINGS (CVE-2018-11763)
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
