FreeBSD : Apache httpd -- several vulnerabilities (0c2db2aa-5584-11e7-9a7d-b499baebfeaf)
High Nessus Plugin ID 100881
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionThe Apache httpd project reports :
- ap_get_basic_auth_pw() Authentication Bypass (CVE-2017-3167) : Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.
- mod_ssl NULL pointer Dereference (CVE-2017-3169):mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.
- mod_http2 NULL pointer Dereference (CVE-2017-7659): A maliciously constructed HTTP/2 request could cause mod_http2 to dereference a NULL pointer and crash the server process.
- ap_find_token() Buffer Overread (CVE-2017-7668):The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.
- mod_mime Buffer Overread (CVE-2017-7679):mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.
SolutionUpdate the affected packages.