EulerOS 2.0 SP8 : httpd (EulerOS-SA-2020-1155)

critical Nessus Plugin ID 133989
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote EulerOS host is missing multiple security updates.

Description

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

- In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the 'PROXY' protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.(CVE-2019-10097)

- Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire.
The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.(CVE-2019-9517)

- HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with 'H2PushResource', could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.(CVE-2019-10081)

- In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.(CVE-2019-10082)

- In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.(CVE-2018-17199)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected httpd packages.

See Also

http://www.nessus.org/u?2159315e

Plugin Details

Severity: Critical

ID: 133989

File Name: EulerOS_SA-2020-1155.nasl

Version: 1.6

Type: local

Published: 2/25/2020

Updated: 1/6/2021

Dependencies: ssh_get_info.nasl

Risk Information

CVSS Score Source: CVE-2019-10082

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 4.7

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:httpd, p-cpe:/a:huawei:euleros:httpd-devel, p-cpe:/a:huawei:euleros:httpd-filesystem, p-cpe:/a:huawei:euleros:httpd-manual, p-cpe:/a:huawei:euleros:httpd-tools, p-cpe:/a:huawei:euleros:mod_session, p-cpe:/a:huawei:euleros:mod_ssl, cpe:/o:huawei:euleros:2.0

Required KB Items: Host/local_checks_enabled, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/sp

Excluded KB Items: Host/EulerOS/uvp_version

Exploit Ease: No known exploits are available

Patch Publication Date: 2/25/2020

Reference Information

CVE: CVE-2018-17199, CVE-2019-10081, CVE-2019-10082, CVE-2019-10097, CVE-2019-9517