Ubuntu 5834-1: Apache HTTP Server vulnerabilities | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Contribute
==========================================================================

Ubuntu Security Notice USN-5834-1
January 31, 2023

apache2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM

Summary:

Several security issues were fixed in Apache HTTP Server.

Software Description:
- apache2: Apache HTTP server

Details:

It was discovered that the Apache HTTP Server mod_dav module did not
properly handle specially crafted request headers. A remote attacker
could possibly use this issue to cause the process to crash, leading
to a denial of service. (CVE-2006-20001)

It was discovered that the Apache HTTP Server mod_proxy_ajp module did not
properly handle certain invalid Transfer-Encoding headers. A remote attacker
could possibly use this issue to perform an HTTP Request Smuggling attack.
(CVE-2022-36760)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
   apache2                           2.4.18-2ubuntu3.17+esm8
   apache2-bin                     2.4.18-2ubuntu3.17+esm8

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5834-1 

   CVE-2006-20001, CVE-2022-36760

Ubuntu 5834-1: Apache HTTP Server vulnerabilities

January 31, 2023
Several security issues were fixed in Apache HTTP Server.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: Several security issues were fixed in Apache HTTP Server. Software Description: - apache2: Apache HTTP server Details: It was discovered that the Apache HTTP Server mod_dav module did not properly handle specially crafted request headers. A remote attacker could possibly use this issue to cause the process to crash, leading to a denial of service. (CVE-2006-20001) It was discovered that the Apache HTTP Server mod_proxy_ajp module did not properly handle certain invalid Transfer-Encoding headers. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. (CVE-2022-36760)

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM:   apache2                           2.4.18-2ubuntu3.17+esm8   apache2-bin                     2.4.18-2ubuntu3.17+esm8 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5834-1

  CVE-2006-20001, CVE-2022-36760

Severity

Package Information

Related News

Google Discloses CentOS Linux Kernel Vulnerabilities Following Failure to Issue Timely Fixes

5 Best free to use Linux Server distributions for 2023

Kali Linux 2023.1 Introduces 'Purple' Distro for Defensive Security

Companies Can’t Stop Using Open Source

News

Advisories

HOWTOs

Features

Interview with Guardian Digital CEO Dave Wreski: Open Source Utilization in Email Security Solutions & More
Verifying Linux Server Security: What Every Admin Needs to Know
What Linux, Windows & Mac OS Users Need to Know About VPNs
Complete Guide to Vulnerability Basics
How To Get Live Updates on Critical Linux Security Advisories

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy