Alerts This Week
Warning Icon 1 1,295
Alerts This Week
Warning Icon 1 1,295

Ubuntu 24.04 LTS USN-6885-1 Critical: Apache HTTP Server Denial of Service

ubuntu
Calendar Grey July 8, 2024
Dist Ubuntu Esm H88
Multiple weaknesses in the Nginx web server addressed in the Ubuntu 7890-2 notice, impacting a range of releases.
Several security issues were fixed in Apache HTTP Server.

Summary

Several security issues were fixed in Apache HTTP Server.

Software Description:

- apache2: Apache HTTP server

Details:

Marc Stern discovered that the Apache HTTP Server incorrectly handled

serving WebSocket protocol upgrades over HTTP/2 connections. A remote

attacker could possibly use this issue to cause the server to crash,

resulting in a denial of service. (CVE-2024-36387)

Orange Tsai discovered that the Apache HTTP Server mod_proxy module

incorrectly sent certain request URLs with incorrect encodings to backends.

A remote attacker could possibly use this issue to bypass authentication.

(CVE-2024-38473)

Orange Tsai discovered that the Apache HTTP Server mod_rewrite module

incorrectly handled certain substitutions. A remote attacker could possibly

use this issue to execute scripts in directories not directly reachable

by any URL, or cause a denial of service. Some environments may require

using the new UnsafeAllow3F flag to handle unsafe substitutions.

...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   apache2                         2.4.58-1ubuntu8.2

Ubuntu 23.10
   apache2                         2.4.57-2ubuntu2.5

Ubuntu 22.04 LTS
   apache2                         2.4.52-1ubuntu4.10

Ubuntu 20.04 LTS
   apache2                         2.4.41-4ubuntu3.19

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6885-1

CVE-2024-36387, CVE-2024-38473, CVE-2024-38474, CVE-2024-38475,

CVE-2024-38476, CVE-2024-38477, CVE-2024-39573, CVE-2024-39884

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6885-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here