Main Vulnerability Database SB2023020739

SB2023020739 - SUSE update for apache2

Published: February 7, 2023

Security Bulletin ID SB2023020739

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 3

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 3 vulnerabilities.

1) Buffer overflow (CVE-ID: CVE-2006-20001)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the mod_dav module when handling HTTP requests. A remote attacker can send a specially crafted HTTP request, trigger a one byte buffer overflow and perform a denial of service (DoS) attack.

2) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2022-36760)

CWE-ID: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests in mod_proxy_ajp. A remote attacker can send a specially crafted HTTP request to the web server and smuggle arbitrary HTTP headers to the AJP server it forwards requests to.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.

3) HTTP response splitting (CVE-ID: CVE-2022-37436)

CWE-ID: CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to perform HTTP splitting attacks.

The vulnerability exists due to software does not correctly process CRLF character sequences within the mod_proxy module. A remote attacker can send specially crafted request containing CRLF sequence and make the application to send a split HTTP response.

Successful exploitation of the vulnerability may allow an attacker perform cache poisoning attack.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2023/suse-su-20230294-1/

Vulnerable Software

SUSE CaaS Platform: 4.0
SUSE Enterprise Storage: 6
SUSE Linux Enterprise Server for SAP: 15-SP1
SUSE Linux Enterprise High Performance Computing: 15-SP1-LTSS
SUSE Linux Enterprise Server: 15-SP1-LTSS
apache2: before 2.4.33-150000.3.72.1
apache2-debuginfo: before 2.4.33-150000.3.72.1
apache2-debugsource: before 2.4.33-150000.3.72.1
apache2-devel: before 2.4.33-150000.3.72.1
apache2-prefork: before 2.4.33-150000.3.72.1
apache2-prefork-debuginfo: before 2.4.33-150000.3.72.1
apache2-utils: before 2.4.33-150000.3.72.1
apache2-utils-debuginfo: before 2.4.33-150000.3.72.1
apache2-worker: before 2.4.33-150000.3.72.1
apache2-worker-debuginfo: before 2.4.33-150000.3.72.1
apache2-doc: before 2.4.33-150000.3.72.1

SB2023020739 - SUSE update for apache2

Breakdown by Severity

Description

Remediation

References

Please verify you're human