FreeBSD : Apache httpd -- several vulnerabilities (0c2db2aa-5584-11e7-9a7d-b499baebfeaf)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The Apache httpd project reports :

- ap_get_basic_auth_pw() Authentication Bypass (CVE-2017-3167) : Use
of the ap_get_basic_auth_pw() by third-party modules outside of the
authentication phase may lead to authentication requirements being
bypassed.

- mod_ssl NULL pointer Dereference (CVE-2017-3169):mod_ssl may
dereference a NULL pointer when third-party modules call
ap_hook_process_connection() during an HTTP request to an HTTPS port.

- mod_http2 NULL pointer Dereference (CVE-2017-7659): A maliciously
constructed HTTP/2 request could cause mod_http2 to dereference a NULL
pointer and crash the server process.

- ap_find_token() Buffer Overread (CVE-2017-7668):The HTTP strict
parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token
list parsing, which allows ap_find_token() to search past the end of
its input string. By maliciously crafting a sequence of request
headers, an attacker may be able to cause a segmentation fault, or to
force ap_find_token() to return an incorrect value.

- mod_mime Buffer Overread (CVE-2017-7679):mod_mime can read one byte
past the end of a buffer when sending a malicious Content-Type
response header.

See also :

https://httpd.apache.org/security/vulnerabilities_24.html
https://httpd.apache.org/security/vulnerabilities_22.html
http://www.nessus.org/u?ce360a3b

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 100881 ()

Bugtraq ID:

CVE ID: CVE-2017-3167
CVE-2017-3169
CVE-2017-7659
CVE-2017-7668
CVE-2017-7679

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now