git: 5df2bb5b0fc2 - main - security/vuxml: Document Apache httpd vulnerabilities
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 01 Jul 2024 14:03:58 UTC
The branch main has been updated by brnrd: URL: https://cgit.FreeBSD.org/ports/commit/?id=5df2bb5b0fc20b4e8ce062ec68fd2fd3c4d29dee commit 5df2bb5b0fc20b4e8ce062ec68fd2fd3c4d29dee Author: Bernard Spil <brnrd@FreeBSD.org> AuthorDate: 2024-07-01 14:03:41 +0000 Commit: Bernard Spil <brnrd@FreeBSD.org> CommitDate: 2024-07-01 14:03:41 +0000 security/vuxml: Document Apache httpd vulnerabilities --- security/vuxml/vuln/2024.xml | 70 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index f557f664f995..cb0b4fc0ffb3 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,3 +1,73 @@ + <vuln vid="d7efc2ad-37af-11ef-b611-84a93843eb75"> + <topic>Apache httpd -- Multiple vulnerabilities</topic> + <affects> + <package> + <name>apache24</name> + <range><lt>2.4.60</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Apache httpd project reports:</p> + <blockquote cite="https://httpd.apache.org/security/vulnerabilities_24.html"> + <p>DoS by Null pointer in websocket over HTTP/2 (CVE-2024-36387) (Low). + Serving WebSocket protocol upgrades over a HTTP/2 connection could + result in a Null Pointer dereference, leading to a crash of the server + process, degrading performance.</p> + <p>Proxy encoding problem (CVE-2024-38473) (Moderate). + Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier + allows request URLs with incorrect encoding to be sent to backend + services, potentially bypassing authentication via crafted requests.</p> + <p>Weakness with encoded question marks in backreferences + (CVE-2024-38474) (Important). Substitution encoding issue in + mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker + to execute scripts in directories permitted by the configuration but + not directly reachable by any URL or source disclosure of scripts + meant to only to be executed as CGI.</p> + <p>Weakness in mod_rewrite when first segment of substitution matches + filesystem path (CVE-2024-38475) (Important). Improper escaping of + output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows + an attacker to map URLs to filesystem locations that are permitted to + be served by the server but are not intentionally/directly reachable + by any URL, resulting in code execution or source code disclosure. + Substitutions in server context that use a backreferences or variables + as the first segment of the substitution are affected. Some unsafe + RewiteRules will be broken by this change and the rewrite flag + "UnsafePrefixStat" can be used to opt back in once ensuring the + substitution is appropriately constrained.</p> + <p>may use exploitable/malicious backend application output to run local + handlers via internal redirect (CVE-2024-38476) (Important). + Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are + vulnerable to information disclosure, SSRF or local script execution + via backend applications whose response headers are malicious or + exploitable.</p> + <p>Crash resulting in Denial of Service in mod_proxy via a malicious + request (CVE-2024-38477) (Important). Null pointer dereference in + mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker + to crash the server via a malicious request.</p> + <p>mod_rewrite proxy handler substitution (CVE-2024-39573) (Moderate). + Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier + allows an attacker to cause unsafe RewriteRules to unexpectedly setup + URL's to be handled by mod_proxy.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2024-36387</cvename> + <cvename>CVE-2024-38473</cvename> + <cvename>CVE-2024-38474</cvename> + <cvename>CVE-2024-38475</cvename> + <cvename>CVE-2024-38476</cvename> + <cvename>CVE-2024-38477</cvename> + <cvename>CVE-2024-39573</cvename> + <url>https://httpd.apache.org/security/vulnerabilities_24.html</url> + </references> + <dates> + <discovery>2024-07-01</discovery> + <entry>2024-07-01</entry> + </dates> + </vuln> + <vuln vid="f1a00122-3797-11ef-b611-84a93843eb75"> <topic>OpenSSH -- Race condition resulting in potential remote code execution</topic> <affects>