AlmaLinux 8 : httpd:2.4 (ALSA-2022:1915)

high Nessus Plugin ID 161133

Synopsis

The remote AlmaLinux host is missing one or more security updates.

Description

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:1915 advisory.

- Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow (CVE-2020-35452)

- A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.
(CVE-2021-33193)

- A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). (CVE-2021-36160)

- A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://errata.almalinux.org/8/ALSA-2022-1915.html

Plugin Details

Severity: High

ID: 161133

File Name: alma_linux_ALSA-2022-1915.nasl

Version: 1.3

Type: local

Published: 5/12/2022

Updated: 10/27/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2020-35452

CVSS v3

Risk Factor: High

Base Score: 8.2

Temporal Score: 7.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2021-44224

Vulnerability Information

CPE: p-cpe:/a:alma:linux:mod_md, p-cpe:/a:alma:linux:mod_http2, p-cpe:/a:alma:linux:mod_ldap, p-cpe:/a:alma:linux:mod_session, p-cpe:/a:alma:linux:mod_ssl, p-cpe:/a:alma:linux:httpd-manual, p-cpe:/a:alma:linux:httpd-devel, p-cpe:/a:alma:linux:mod_proxy_html, cpe:/o:alma:linux:8, p-cpe:/a:alma:linux:httpd, p-cpe:/a:alma:linux:httpd-tools, p-cpe:/a:alma:linux:httpd-filesystem

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/AlmaLinux/release, Host/AlmaLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/10/2022

Vulnerability Publication Date: 6/3/2021

Reference Information

CVE: CVE-2020-35452, CVE-2021-33193, CVE-2021-36160, CVE-2021-44224