Amazon Linux AMI : httpd24 (ALAS-2019-1311) (Internal Data Buffering)

medium Nessus Plugin ID 130281
New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 6.7

Synopsis

The remote Amazon Linux AMI host is missing a security update.

Description

A vulnerability was found in Apache httpd, in mod_http2. Under certain circumstances, HTTP/2 early pushes could lead to memory corruption, causing a server to crash.(CVE-2019-10081)

A read-after-free vulnerability was discovered in Apache httpd, in mod_http2. A specially crafted http/2 client session could cause the server to read memory that was previously freed during connection shutdown, potentially leading to a crash.(CVE-2019-10082)

A cross-site scripting vulnerability was found in Apache httpd, affecting the mod_proxy error page. Under certain circumstances, a crafted link could inject content into the HTML displayed in the error page, potentially leading to client-side exploitation.(CVE-2019-10092)

A vulnerability was discovered in Apache httpd, in mod_remoteip. A trusted proxy using the 'PROXY' protocol could send specially crafted headers that can cause httpd to experience a stack buffer overflow or NULL pointer dereference, leading to a crash or other potential consequences.\n\nThis issue could only be exploited by configured trusted intermediate proxy servers. HTTP clients such as browsers could not exploit the vulnerability.(CVE-2019-10097)

A vulnerability was discovered in Apache httpd, in mod_rewrite.
Certain self-referential mod_rewrite rules could be fooled by encoded newlines, causing them to redirect to an unexpected location. An attacker could abuse this flaw in a phishing attack or as part of a client-side attack on browsers.(CVE-2019-10098)

Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.(CVE-2019-9517)

Solution

Run 'yum update httpd24' to update your system.

See Also

https://alas.aws.amazon.com/ALAS-2019-1311.html

Plugin Details

Severity: Medium

ID: 130281

File Name: ala_ALAS-2019-1311.nasl

Version: 1.3

Type: local

Agent: unix

Published: 10/28/2019

Updated: 12/18/2019

Dependencies: ssh_get_info.nasl

Risk Information

Risk Factor: Medium

VPR Score: 6.7

CVSS Score Source: CVE-2019-10082

CVSS v2.0

Base Score: 6.4

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 9.1

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:o:amazon:linux:*:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:httpd24:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:httpd24-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:httpd24-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:httpd24-manual:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:httpd24-tools:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:mod24_ldap:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:mod24_proxy_html:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:mod24_session:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:mod24_ssl:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:mod24_md:*:*:*:*:*:*:*

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/24/2019

Vulnerability Publication Date: 8/13/2019

Reference Information

CVE: CVE-2019-9517, CVE-2019-10081, CVE-2019-10082, CVE-2019-10097, CVE-2019-10092, CVE-2019-10098

ALAS: 2019-1311