Apache 2.2.x < 2.2.22 Multiple Vulnerabilities
Medium Nessus Plugin ID 57791
SynopsisThe remote web server is affected by multiple vulnerabilities.
DescriptionAccording to its banner, the version of Apache 2.2.x installed on the remote host is prior to 2.2.22. It is, therefore, potentially affected by the following vulnerabilities :
- When configured as a reverse proxy, improper use of the RewriteRule and ProxyPassMatch directives could cause the web server to proxy requests to arbitrary hosts.
This could allow a remote attacker to indirectly send requests to intranet servers.
- A heap-based buffer overflow exists when mod_setenvif module is enabled and both a maliciously crafted 'SetEnvIf' directive and a maliciously crafted HTTP request header are used. (CVE-2011-3607)
- A format string handling error can allow the server to be crashed via maliciously crafted cookies.
- An error exists in 'scoreboard.c' that can allow local attackers to crash the server during shutdown.
- An error exists in 'protocol.c' that can allow 'HTTPOnly' cookies to be exposed to attackers through the malicious use of either long or malformed HTTP headers. (CVE-2012-0053)
- An error in the mod_proxy_ajp module when used to connect to a backend server that takes an overly long time to respond could lead to a temporary denial of service. (CVE-2012-4557)
Note that Nessus did not actually test for these flaws, but instead has relied on the version in the server's banner.
SolutionUpgrade to Apache version 2.2.22 or later.