From nobody Mon Jul 01 14:03:58 2024 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WCSSv23Jtz5Np3k; Mon, 01 Jul 2024 14:03:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WCSSv10tTz4skk; Mon, 1 Jul 2024 14:03:59 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1719842639; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Ir0VDtKUH7/cT9xVaODUlcegl+iDBDYOebAVm8WDOHM=; b=pf79Ntawz5qDhXK4N9zj3AodGjVCM2/TzOZgBCCI8AYTCpZoGpoCi6IvpvEMyS68FvQAF0 fa0qXk/oTPJHlketNyg+rB3DR07IgqOqyQjYUBhvF8n5pTDnTU2CFPjbTqYe99Ne8L517O xPnKNoQnfNXVWz1bAF1JpuZR/6J4zRgSCArYvBfowi01PYl8ctODyTfcPYOroPGzscEJlJ hJ0ehnusLkUjOayyAad0iNn7TdiZOKOQTwb5bVbTlGAHeJHr2IUTUy0q4W+zqUfCEoNdvN K8OX55xCTzfo144rJiT/9rWb+qzY8HXeKuu4xnVC6gTbe76GdOUS8a84NxN/2g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1719842639; a=rsa-sha256; cv=none; b=iW5VXblvcy08VVHBWqhwJGOvHq02WPqvhOwBQXHsNJyHCx9x0UGpUjFuo2tnNtAzPQBIYj LboBtmugCB1YIjkmM76aFN69nZzhnowZxlbqqV8S4e1WP0SEN3bBJqLpDcS5KS0q92bFKK 6SqQFnKjZ9XiVgRK1h8SkCakID7g6cU3d2w7HpV2fBp4GOcosJqOiWA2SCxSdIjMOiKxh3 gZCm9YhqLDakA+Cly45He9e15rxQBLXkaa7kvWVgJbYAlWCDW0ftTP3bO4RJMbs6ReSC7e LjZvxUa1YdQiI7TDFatkBR/8NqRlz3qqN+IdHM8r2B3qcc7E4crpNxmryeMQwQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1719842639; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Ir0VDtKUH7/cT9xVaODUlcegl+iDBDYOebAVm8WDOHM=; b=q+R2C6iE44SZ2PziHC+qhdKkNuzdl/hXxdtbTZRqS82vS/y5hF3/Sk1UMPI/FEQDHGtg5u o+2NesBwvEYkGEi67BvDl8iGhtuIR1dUmv2DmJRbTsgqS/pJeFvEZLkbq8nGDxByUA3Hbq G581TloN8qUVXWV4xwvKX+fvdino3JgXY71fs9vuysMmNcNFvo8IC3bim3ubSY0Mglc1so BAZIBF6mehDx/jOqBhdsh40wuoe0+p2cOK29W5+xzKPqOZn+BhinRBJ+SxhniVRgewdtNC WJ1H8pv8oh1jsw5A0GSG/TxxIcYctuwcxQVdBDSI4IZpmD4xuyetHXC5nGaIEQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WCSSv0Js3z17NQ; Mon, 1 Jul 2024 14:03:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 461E3waN061654; Mon, 1 Jul 2024 14:03:58 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 461E3wuk061651; Mon, 1 Jul 2024 14:03:58 GMT (envelope-from git) Date: Mon, 1 Jul 2024 14:03:58 GMT Message-Id: <202407011403.461E3wuk061651@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Bernard Spil Subject: git: 5df2bb5b0fc2 - main - security/vuxml: Document Apache httpd vulnerabilities List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-all@freebsd.org Sender: owner-dev-commits-ports-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: brnrd X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 5df2bb5b0fc20b4e8ce062ec68fd2fd3c4d29dee Auto-Submitted: auto-generated The branch main has been updated by brnrd: URL: https://cgit.FreeBSD.org/ports/commit/?id=5df2bb5b0fc20b4e8ce062ec68fd2fd3c4d29dee commit 5df2bb5b0fc20b4e8ce062ec68fd2fd3c4d29dee Author: Bernard Spil AuthorDate: 2024-07-01 14:03:41 +0000 Commit: Bernard Spil CommitDate: 2024-07-01 14:03:41 +0000 security/vuxml: Document Apache httpd vulnerabilities --- security/vuxml/vuln/2024.xml | 70 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index f557f664f995..cb0b4fc0ffb3 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,3 +1,73 @@ + + Apache httpd -- Multiple vulnerabilities + + + apache24 + 2.4.60 + + + + +

The Apache httpd project reports:

+
+

DoS by Null pointer in websocket over HTTP/2 (CVE-2024-36387) (Low). + Serving WebSocket protocol upgrades over a HTTP/2 connection could + result in a Null Pointer dereference, leading to a crash of the server + process, degrading performance.

+

Proxy encoding problem (CVE-2024-38473) (Moderate). + Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier + allows request URLs with incorrect encoding to be sent to backend + services, potentially bypassing authentication via crafted requests.

+

Weakness with encoded question marks in backreferences + (CVE-2024-38474) (Important). Substitution encoding issue in + mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker + to execute scripts in directories permitted by the configuration but + not directly reachable by any URL or source disclosure of scripts + meant to only to be executed as CGI.

+

Weakness in mod_rewrite when first segment of substitution matches + filesystem path (CVE-2024-38475) (Important). Improper escaping of + output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows + an attacker to map URLs to filesystem locations that are permitted to + be served by the server but are not intentionally/directly reachable + by any URL, resulting in code execution or source code disclosure. + Substitutions in server context that use a backreferences or variables + as the first segment of the substitution are affected. Some unsafe + RewiteRules will be broken by this change and the rewrite flag + "UnsafePrefixStat" can be used to opt back in once ensuring the + substitution is appropriately constrained.

+

may use exploitable/malicious backend application output to run local + handlers via internal redirect (CVE-2024-38476) (Important). + Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are + vulnerable to information disclosure, SSRF or local script execution + via backend applications whose response headers are malicious or + exploitable.

+

Crash resulting in Denial of Service in mod_proxy via a malicious + request (CVE-2024-38477) (Important). Null pointer dereference in + mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker + to crash the server via a malicious request.

+

mod_rewrite proxy handler substitution (CVE-2024-39573) (Moderate). + Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier + allows an attacker to cause unsafe RewriteRules to unexpectedly setup + URL's to be handled by mod_proxy.

+
+ + + + CVE-2024-36387 + CVE-2024-38473 + CVE-2024-38474 + CVE-2024-38475 + CVE-2024-38476 + CVE-2024-38477 + CVE-2024-39573 + https://httpd.apache.org/security/vulnerabilities_24.html + + + 2024-07-01 + 2024-07-01 + + + OpenSSH -- Race condition resulting in potential remote code execution