Detections
Analytics

Amazon Linux AMI : httpd24 (ALAS-2019-1311) (Internal Data Buffering)

critical Nessus Plugin ID 130281

Language:

Synopsis

The remote Amazon Linux AMI host is missing a security update.

Description

A vulnerability was found in Apache httpd, in mod_http2. Under certain circumstances, HTTP/2 early pushes could lead to memory corruption, causing a server to crash.(CVE-2019-10081)

A read-after-free vulnerability was discovered in Apache httpd, in mod_http2. A specially crafted http/2 client session could cause the server to read memory that was previously freed during connection shutdown, potentially leading to a crash.(CVE-2019-10082)

A cross-site scripting vulnerability was found in Apache httpd, affecting the mod_proxy error page. Under certain circumstances, a crafted link could inject content into the HTML displayed in the error page, potentially leading to client-side exploitation.(CVE-2019-10092)

A vulnerability was discovered in Apache httpd, in mod_remoteip. A trusted proxy using the 'PROXY' protocol could send specially crafted headers that can cause httpd to experience a stack buffer overflow or NULL pointer dereference, leading to a crash or other potential consequences.\n\nThis issue could only be exploited by configured trusted intermediate proxy servers. HTTP clients such as browsers could not exploit the vulnerability.(CVE-2019-10097)

A vulnerability was discovered in Apache httpd, in mod_rewrite.
Certain self-referential mod_rewrite rules could be fooled by encoded newlines, causing them to redirect to an unexpected location. An attacker could abuse this flaw in a phishing attack or as part of a client-side attack on browsers.(CVE-2019-10098)

Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.(CVE-2019-9517)

Solution

Run 'yum update httpd24' to update your system.

See Also

https://alas.aws.amazon.com/ALAS-2019-1311.html

Plugin Details

Severity: Critical

ID: 130281

File Name: ala_ALAS-2019-1311.nasl

Version: 1.5

Type: local

Agent: unix

Published: 10/28/2019

Updated: 12/6/2022

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P

CVSS Score Source: CVE-2019-10082

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:httpd24, p-cpe:/a:amazon:linux:httpd24-debuginfo, p-cpe:/a:amazon:linux:httpd24-devel, p-cpe:/a:amazon:linux:httpd24-manual, p-cpe:/a:amazon:linux:httpd24-tools, p-cpe:/a:amazon:linux:mod24_ldap, p-cpe:/a:amazon:linux:mod24_md, p-cpe:/a:amazon:linux:mod24_proxy_html, p-cpe:/a:amazon:linux:mod24_session, p-cpe:/a:amazon:linux:mod24_ssl, cpe:/o:amazon:linux

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/18/2019

Vulnerability Publication Date: 8/13/2019

Reference Information

CVE: CVE-2019-10081, CVE-2019-10082, CVE-2019-10092, CVE-2019-10097, CVE-2019-10098, CVE-2019-9517

ALAS: 2019-1311