FreeBSD : Apache -- Multiple vulnerabilities (caf545f2-c0d9-11e9-9051-4c72b94353b5) (Internal Data Buffering)

critical Nessus Plugin ID 127951

Language:

New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

SO-AND-SO reports : SECURITY: CVE-2019-10081 mod_http2: HTTP/2 very early pushes, for example configured with 'H2PushResource', could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client. SECURITY: CVE-2019-9517 mod_http2: a malicious client could perform a DoS attack by flooding a connection with requests and basically never reading responses on the TCP connection. Depending on h2 worker dimensioning, it was possible to block those with relatively few connections. SECURITY:
CVE-2019-10098 rewrite, core: Set PCRE_DOTALL flag by default to avoid unpredictable matches and substitutions with encoded line break characters. SECURITY: CVE-2019-10092 Remove HTML-escaped URLs from canned error responses to prevent misleading text/links being displayed via crafted links. SECURITY: CVE-2019-10097 mod_remoteip:
Fix stack-based buffer overflow and NULL pointer deference when reading the PROXY protocol header. CVE-2019-10082 mod_http2: Using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.

Solution

Update the affected package.

See Also

http://www.apache.org/dist/httpd/CHANGES_2.4

http://www.nessus.org/u?d60028a5

Plugin Details

Severity: Critical

ID: 127951

File Name: freebsd_pkg_caf545f2c0d911e990514c72b94353b5.nasl

Version: 1.4

Type: local

Published: 8/20/2019

Updated: 1/2/2020

Dependencies: ssh_get_info.nasl

Risk Information

CVSS Score Source: CVE-2019-10082

VPR

Risk Factor: Medium

Score: 5.7

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

Temporal Vector: E:POC/RL:OF/RC:C

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Temporal Vector: E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:apache24, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/17/2019

Vulnerability Publication Date: 8/14/2019

Reference Information

CVE: CVE-2019-10081, CVE-2019-10082, CVE-2019-10092, CVE-2019-10098, CVE-2019-9517