Detections
Analytics

TencentOS Server 2: httpd (TSSA-2025:0526)

critical Nessus Plugin ID 247826

Synopsis

The remote TencentOS Server 2 host is missing one or more security updates.

Description

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0526 advisory.

 Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:

 CVE-2006-20001:
 A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash.

 This issue affects Apache HTTP Server 2.4.54 and earlier.

 CVE-2020-35452:
 Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow

 CVE-2021-26690:
 Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service

 CVE-2022-22719:
 A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.

 CVE-2022-22721:
 If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.

 CVE-2022-23943:
 Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.

 CVE-2022-28615:
 Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.

 CVE-2022-29404:
 In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.

 CVE-2022-30556:
 Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.

 CVE-2022-31813:
 Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.

 CVE-2022-36760:
 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.

 CVE-2023-31122:
 Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server:
 through 2.4.57.

 CVE-2024-39573:
 Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy.
 Users are recommended to upgrade to version 2.4.60, which fixes this issue.

 CVE-2022-26377:
 Inconsistent Interpretation of HTTP Requests (/'HTTP Request Smuggling/') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.
 This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://mirrors.tencent.com/tlinux/errata/tssa-20250526.xml

Plugin Details

Severity: Critical

ID: 247826

File Name: tencentos_TSSA_2025_0526.nasl

Version: 1.2

Type: local

Published: 8/11/2025

Updated: 12/4/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2022-31813

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:tencent:tencentos_server:httpd, cpe:/o:tencent:tencentos_server:2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/etc/os-release, Host/TencentOS/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 8/5/2025

Vulnerability Publication Date: 8/5/2025

Reference Information

CVE: CVE-2006-20001, CVE-2020-35452, CVE-2021-26690, CVE-2022-22719, CVE-2022-22721, CVE-2022-23943, CVE-2022-26377, CVE-2022-28615, CVE-2022-29404, CVE-2022-30556, CVE-2022-31813, CVE-2022-36760, CVE-2023-31122, CVE-2024-39573