Amazon Linux AMI : httpd (ALAS-2011-09)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote Amazon Linux AMI host is missing a security update.

Description :

The MITRE CVE database describes these CVEs as :

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42,
2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly
interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern
matches for configuration of a reverse proxy, which allows remote
attackers to send requests to intranet servers via a malformed URI
containing an initial @ (at sign) character.

The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when
used with mod_proxy_balancer in certain configurations, allows remote
attackers to cause a denial of service (temporary 'error state' in the
backend server) via a malformed HTTP request.

It was discovered that the Apache HTTP Server did not properly
validate the request URI for proxied requests. In certain
configurations, if a reverse proxy used the ProxyPassMatch directive,
or if it used the RewriteRule directive with the proxy flag, a remote
attacker could make the proxy connect to an arbitrary server, possibly
disclosing sensitive information from internal web servers not
directly accessible to the attacker.

It was discovered that mod_proxy_ajp incorrectly returned an 'Internal
Server Error' response when processing certain malformed HTTP
requests, which caused the back-end server to be marked as failed in
configurations where mod_proxy was used in load balancer mode. A
remote attacker could cause mod_proxy to not send requests to back-end
AJP (Apache JServ Protocol) servers for the retry timeout period or
until all back-end servers were marked as failed.

See also :

http://www.nessus.org/u?49c1f29c

Solution :

Run 'yum upgrade httpd' to upgrade your system. Then run 'service
httpd restart' to restart the Apache HTTP Server.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Public Exploit Available : true

Family: Amazon Linux Local Security Checks

Nessus Plugin ID: 69568 ()

Bugtraq ID:

CVE ID: CVE-2011-3348
CVE-2011-3368