Red Hat update for Apache

Published: 2017-12-15 00:00:00 | Updated: 2017-12-19 14:51:42
Severity Medium
Patch available YES
Number of vulnerabilities 5
CVE ID CVE-2017-3167
CVE-2017-3169
CVE-2017-7679
CVE-2017-9798
CVE-2017-12613
CVSSv3 6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
5.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
5.4 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C]
4.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CWE ID CWE-592
CWE-125
CWE-416
CWE-200
Exploitation vector Network
Public exploit Public exploit code for vulnerability #4 is available.
Vulnerable software JBoss Core Services
Vulnerable software versions JBoss Core Services -
Vendor URL Red Hat Inc.

Security Advisory

1) Authentication bypass

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to usage of the ap_get_basic_auth_pw() function by third-party modules outside of the authentication phase. A remote attacker can create a specially crafted HTTP request to vulnerable web server, bypass authentication requirements and gain unauthorized access to otherwise protected information.

Remediation

Install update from vendor's website.

External links

https://access.redhat.com/errata/RHSA-2017:3475

2) NULL pointer dereference

Description

The vulnerability allows a remote attacker to perform denial of service attack.

The vulnerability exists due to a NULL pointer dereference error within mod_ssl module, when third-party modules call ap_hook_process_connection() function during an HTTP request to an HTTPS port. A remote attacker can send a specially crafted HTTP request and crash the affected web server.

Remediation

Install update from vendor's website.

External links

https://access.redhat.com/errata/RHSA-2017:3475

3) Out-of-bounds read

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to out-of-bounds read within the mod_mime when constructing Content-Type response header. A remote attacker read one byte pas the end of a buffer when sending a malicious Content-Type response header.

Remediation

Install update from vendor's website.

External links

https://access.redhat.com/errata/RHSA-2017:3475

4) Use-after-free

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to use-after-free error when processing HTTP OPTIONS requests in server/core.c, when limits are configured in .htaccess or httpd.conf configuration files. A remote unauthenticated attacker can read portions of memory through HTTP OPTIONS requests and gain access to potentially sensitive data.

The vulnerability is dubbed Optionsbleed.

Remediation

Install update from vendor's website.

External links

https://access.redhat.com/errata/RHSA-2017:3475

5) Information disclosure

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to an out-of-bounds array dereference in the apr_time_exp_get() function. A remote attacker can access prior out-of-bounds memory, reveal the contents of a different static heap value and read arbitrary files or cause the application to crash.

Remediation

Install update from vendor's website.

External links

https://access.redhat.com/errata/RHSA-2017:3475

Back to List