ALT Linux Team

Package apache2 update in sisyphus on 2017-06-26

ALT-PU-2017-1783-1

Package apache2 updated to version 2.4.26-alt1.S1 for branch sisyphus in task 184670.

Closed vulnerabilities

Published: 2017-04-11

BDU:2017-02149

Уязвимость модуля mod_mime веб-сервера Apache HTTP Server (HTTPD), позволяющая нарушителю вызвать сбой дочернего процесса HTTPD

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2017-04-11

BDU:2017-02150

Уязвимость функции ap_find_token веб-сервера Apache HTTP Server, позволяющая нарушителю вызвать ошибку сегментации

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2016-12-05

BDU:2017-02152

Уязвимость модуля mod_ssl веб-сервера Apache HTTP Server, позволяющая нарушителю получить доступ к локальным файлам

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2016-12-05

BDU:2017-02153

Уязвимость функции ap_get_basic_auth_pw() веб-сервера Apache HTTP Server, позволяющая нарушителю обойти требования аутентификации

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2016-11-18

BDU:2021-01393

Уязвимость модуля mod_http2 веб-сервера Apache HTTP Server, связанная с разыменованием нулевого указателя, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2017-06-20
Modified: 2024-11-21

CVE-2017-3167

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2017-06-20
Modified: 2024-11-21

CVE-2017-3169

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2017-07-27
Modified: 2024-11-21

CVE-2017-7659

A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2017-06-20
Modified: 2024-11-21

CVE-2017-7668

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2017-06-20
Modified: 2024-11-21

CVE-2017-7679

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top