Detections
Analytics

RHEL 7 / 8 : Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP10 (RHSA-2021:4614)

critical Nessus Plugin ID 155223

Language:

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4614 advisory.

 - httpd: mod_proxy_wstunnel tunneling of non Upgraded connection (CVE-2019-17567)

 - pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1 (CVE-2019-20838)

 - httpd: mod_proxy NULL pointer dereference (CVE-2020-13950)

 - pcre: Integer overflow when parsing callout numeric arguments (CVE-2020-14155)

 - httpd: Single zero byte stack overflow in mod_auth_digest (CVE-2020-35452)

 - openssl: integer overflow in CipherUpdate (CVE-2021-23840)

 - openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841)

 - httpd: mod_session: NULL pointer dereference when parsing Cookie header (CVE-2021-26690)

 - httpd: mod_session: Heap overflow via a crafted SessionHeader value (CVE-2021-26691)

 - httpd: Unexpected URL matching with 'MergeSlashes OFF' (CVE-2021-30641)

 - httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)

 - Red Hat JBCS: URL normalization issue with dot-dot-semicolon(s) leads to information disclosure (CVE-2021-3688)

 - openssl: Read buffer overruns processing ASN.1 strings (CVE-2021-3712)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://access.redhat.com/security/cve/CVE-2019-17567

https://access.redhat.com/security/cve/CVE-2019-20838

https://access.redhat.com/security/cve/CVE-2020-13950

https://access.redhat.com/security/cve/CVE-2020-14155

https://access.redhat.com/security/cve/CVE-2020-35452

https://access.redhat.com/security/cve/CVE-2021-3688

https://access.redhat.com/security/cve/CVE-2021-3712

https://access.redhat.com/security/cve/CVE-2021-23840

https://access.redhat.com/security/cve/CVE-2021-23841

https://access.redhat.com/security/cve/CVE-2021-26690

https://access.redhat.com/security/cve/CVE-2021-26691

https://access.redhat.com/security/cve/CVE-2021-30641

https://access.redhat.com/security/cve/CVE-2021-34798

https://access.redhat.com/errata/RHSA-2021:4614

https://bugzilla.redhat.com/1848436

https://bugzilla.redhat.com/1848444

https://bugzilla.redhat.com/1930310

https://bugzilla.redhat.com/1930324

https://bugzilla.redhat.com/1966724

https://bugzilla.redhat.com/1966729

https://bugzilla.redhat.com/1966732

https://bugzilla.redhat.com/1966738

https://bugzilla.redhat.com/1966740

https://bugzilla.redhat.com/1966743

https://bugzilla.redhat.com/1990252

https://bugzilla.redhat.com/1995634

https://bugzilla.redhat.com/2005128

Plugin Details

Severity: Critical

ID: 155223

File Name: redhat-RHSA-2021-4614.nasl

Version: 1.9

Type: local

Agent: unix

Published: 11/11/2021

Updated: 11/24/2023

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-26691

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:redhat:enterprise_linux:7, cpe:/o:redhat:enterprise_linux:8, p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr, p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-devel, p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util, p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-devel, p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-ldap, p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-mysql, p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-nss, p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-odbc, p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-openssl, p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-pgsql, p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-sqlite, p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-curl, p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd, p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-devel, p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-manual, p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-selinux, p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-tools, p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-libcurl, p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-libcurl-devel, p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native, p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_http2, p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-ap24, p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-manual, p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ldap, p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_md, p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_proxy_html, p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_security, p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_session, p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ssl, p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2, p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2-devel, p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl, p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-chil, p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-devel, p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-libs, p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-perl, p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-pkcs11, p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-static

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/10/2021

Vulnerability Publication Date: 6/15/2020

Reference Information

CVE: CVE-2019-17567, CVE-2019-20838, CVE-2020-13950, CVE-2020-14155, CVE-2020-35452, CVE-2021-23840, CVE-2021-23841, CVE-2021-26690, CVE-2021-26691, CVE-2021-30641, CVE-2021-3712

CWE: 119, 125, 190, 20, 200, 287, 476

IAVA: 2021-A-0058, 2021-A-0103-S, 2021-A-0193-S, 2021-A-0195, 2021-A-0259-S, 2021-A-0395-S, 2021-A-0480, 2021-A-0482, 2021-A-0487-S

RHSA: 2021:4614