Detections
Analytics

EulerOS 2.0 SP8 : httpd (EulerOS-SA-2020-1155)

critical Nessus Plugin ID 133989

Synopsis

The remote EulerOS host is missing multiple security updates.

Description

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

 - In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the 'PROXY' protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.(CVE-2019-10097)

 - Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire.
 The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.(CVE-2019-9517)

 - HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with 'H2PushResource', could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.(CVE-2019-10081)

 - In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.(CVE-2019-10082)

 - In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.(CVE-2018-17199)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected httpd packages.

See Also

http://www.nessus.org/u?2159315e

Plugin Details

Severity: Critical

ID: 133989

File Name: EulerOS_SA-2020-1155.nasl

Version: 1.8

Type: local

Published: 2/25/2020

Updated: 3/26/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P

CVSS Score Source: CVE-2019-10082

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:httpd, p-cpe:/a:huawei:euleros:httpd-devel, p-cpe:/a:huawei:euleros:httpd-filesystem, p-cpe:/a:huawei:euleros:httpd-manual, p-cpe:/a:huawei:euleros:httpd-tools, p-cpe:/a:huawei:euleros:mod_session, p-cpe:/a:huawei:euleros:mod_ssl, cpe:/o:huawei:euleros:2.0

Required KB Items: Host/local_checks_enabled, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/sp

Excluded KB Items: Host/EulerOS/uvp_version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/25/2020

Reference Information

CVE: CVE-2018-17199, CVE-2019-10081, CVE-2019-10082, CVE-2019-10097, CVE-2019-9517