Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Mageia 7, 8 Security Advisory 2021-0265 Critical: Apache DoS Threat

mageia
Calendar Grey June 16, 2021
Dist Mageia Esm H88
Revamped nginx components for Mageia resolve major vulnerabilities, boosting protection against a variety of possible risks.
mod_proxy_wstunnel tunneling of non Upgraded connections: Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by ...

Summary

mod_proxy_wstunnel tunneling of non Upgraded connections: Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured. (CVE-2019-17567).
mod_proxy_http NULL pointer dereference: Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service (CVE-2020-13950).
mod_auth_digest possible stack overflow by one nul byte: Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create on...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=29087

- https://httpd.apache.org/security/vulnerabilities_24.html

- https://www.cve.org/CVERecord?id=CVE-2019-17567

- https://www.cve.org/CVERecord?id=CVE-2020-13950

- https://www.cve.org/CVERecord?id=CVE-2020-35452

- https://www.cve.org/CVERecord?id=CVE-2021-26690

- https://www.cve.org/CVERecord?id=CVE-2021-26691

- https://www.cve.org/CVERecord?id=CVE-2021-30641

- https://www.cve.org/CVERecord?id=CVE-2021-31618

Topics%20covered

Topics Covered

security advisory denial of service security issue critical apache mod_proxy Mageia

Resolution

SRPMS

- 7/core/apache-2.4.48-1.mga7

- 8/core/apache-2.4.48-1.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 16 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0265.html
Type: security
CVE: CVE-2019-17567, CVE-2020-13950, CVE-2020-35452, CVE-2021-26690, CVE-2021-26691, CVE-2021-30641, CVE-2021-31618

Topics%20covered

Topics Covered

security advisory denial of service security issue critical apache mod_proxy Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here