Multiple vulnerabilities in Apache HTTP Server



Published: 2018-03-27
Risk Medium
Patch available YES
Number of vulnerabilities 7
CVE-ID CVE-2018-1312
CVE-2018-1303
CVE-2018-1301
CVE-2018-1283
CVE-2017-15710
CVE-2017-15715
CVE-2018-1302
CWE-ID CWE-264
CWE-125
CWE-20
CWE-787
CWE-476
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Apache HTTP Server
Server applications / Web servers

Vendor Apache Foundation

Security Bulletin

This security bulletin contains information about 7 vulnerabilities.

1) Security restrictions bypass

EUVDB-ID: #VU11279

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1312

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists in Apache HTTPD mod_auth_digest due to improper generation of HTTP Digest authentication nonce. A remote attacker can replay HTTP requests across the cluster without detection by the target server(s) and bypass replay protection.

Mitigation

Update to version 2.4.32.

Vulnerable software versions

Apache HTTP Server: 2.4.1 - 2.4.29


CPE2.3 External links

http://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1312

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds read

EUVDB-ID: #VU11280

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1303

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in Apache HTTPD mod_cache_socache due to improper validation of user-supplied input. A remote attacker can send a specially crafted HTTP request header, trigger an out-of-bounds memory read error in mod_cache_socache and cause the target service to crash.

Mitigation

Update to version 2.4.32.

Vulnerable software versions

Apache HTTP Server: 2.4.1 - 2.4.29


CPE2.3 External links

http://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1303

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds read

EUVDB-ID: #VU11281

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1301

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to improper validation of user-supplied input. A remote attacker can send a specially crafted HTTP request to trigger an out-of-bounds memory access error after a header size limit has been reached to cause the target service to crash.

Mitigation

Update to version 2.4.32.

Vulnerable software versions

Apache HTTP Server: 2.4.1 - 2.4.29


CPE2.3 External links

http://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1301

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper access control

EUVDB-ID: #VU11282

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1283

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to modify data on the target system.

The weakness exists on systems with mod_session configured with SessionEnv on to forward session data to CGI applications due to improper input validation. A remote attacker can send a specially crafted 'Session' header value to potentially modify mod_session data.

Mitigation

Update to version 2.4.32.

Vulnerable software versions

Apache HTTP Server: 2.4.1 - 2.4.29


CPE2.3 External links

http://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1283

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Out-of-bounds write

EUVDB-ID: #VU11283

Risk: Medium

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-15710

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in HTTPD mod_authnz_ldap due to improper validation of user-supplied input. A remote attacker can send a specially crafted Accept-Language header value, trigger an out-of-bounds memory write error and potentially cause the target service to crash.

Mitigation

Update to version 2.4.32.

Vulnerable software versions

Apache HTTP Server: 2.4.1 - 2.4.29


CPE2.3 External links

http://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-15710

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Security restrictions bypass

EUVDB-ID: #VU11284

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-15715

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists on systems that allow uploading of user-specified filenames due to the '<FilesMatch>' expression may not correctly match characters in a filename. A remote attacker can supply a specially crafted filename to potentially bypass security controls that use the '<FilesMatch>' directive.

Mitigation

Update to version 2.4.32.

Vulnerable software versions

Apache HTTP Server: 2.4.1 - 2.4.29


CPE2.3 External links

http://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-15715

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Null pointer dereference

EUVDB-ID: #VU11287

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1302

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to improper destruction of an HTTP/2 stream after being handled. A remote attacker can send a specially crafted HTTP/2 stream, write a NULL pointer value to an already freed memory space and cause the service to crash.

Mitigation

Update to version 2.4.32.

Vulnerable software versions

Apache HTTP Server: 2.4.1 - 2.4.29


CPE2.3 External links

http://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1302

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###