Amazon Linux AMI : httpd Multiple Vulnerabilities (ALAS-2011-09)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote Amazon Linux AMI host is missing a security update.

Description :

The MITRE CVE database describes these CVEs as :

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42,
2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly
interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern
matches for configuration of a reverse proxy, which allows remote
attackers to send requests to intranet servers via a malformed URI
containing an initial @ (at sign) character.

The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when
used with mod_proxy_balancer in certain configurations, allows remote
attackers to cause a denial of service (temporary 'error state' in the
backend server) via a malformed HTTP request. It was discovered that
the Apache HTTP Server did not properly validate the request URI for
proxied requests. In certain configurations, if a reverse proxy used
the ProxyPassMatch directive, or if it used the RewriteRule directive
with the proxy flag, a remote attacker could make the proxy connect to
an arbitrary server, possibly disclosing sensitive information from
internal web servers not directly accessible to the attacker.

It was discovered that mod_proxy_ajp incorrectly returned an 'Internal
Server Error' response when processing certain malformed HTTP
requests, which caused the back-end server to be marked as failed in
configurations where mod_proxy was used in load balancer mode. A
remote attacker could cause mod_proxy to not send requests to back-end
AJP (Apache JServ Protocol) servers for the retry timeout period or
until all back-end servers were marked as failed.

See also :

http://www.nessus.org/u?49c1f29c

Solution :

Run 'yum upgrade httpd' to upgrade your system. Then run 'service
httpd restart' to restart the Apache HTTP Server.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Public Exploit Available : true

Family: Amazon Linux Local Security Checks

Nessus Plugin ID: 69568 ()

Bugtraq ID:

CVE ID: CVE-2011-3348
CVE-2011-3368