tso tawm ntawm Apache HTTP server 2.4.46 (tso tawm 2.4.44 thiab 2.4.45 raug hla), uas tau qhia thiab tshem tawm :
- - qhov tsis txaus nyob rau hauv mod_proxy_uwsgi module, uas tuaj yeem ua rau cov ntaub ntawv xau lossis kev ua tiav ntawm tus neeg rau zaub mov thaum xa cov lus thov tshwj xeeb. Qhov tsis zoo yog siv los ntawm kev xa HTTP header ntev heev. Rau kev tiv thaiv, thaiv cov headers ntev dua 16K tau ntxiv (ib qho txwv uas tau teev tseg hauv cov txheej txheem tshwj xeeb).
- - qhov tsis zoo hauv mod_http2 module uas tso cai rau cov txheej txheem sib tsoo thaum xa cov lus thov nrog tus tsim tshwj xeeb HTTP / 2 header. Qhov teeb meem manifests nws tus kheej thaum debugging los yog tracing yog enabled nyob rau hauv lub mod_http2 module thiab yog reflected nyob rau hauv lub cim xeeb cov ntsiab lus kev noj nyiaj txiag vim muaj kev sib tw mob thaum txuag cov ntaub ntawv rau lub cav. Qhov teeb meem tsis tshwm sim thaum LogLevel teem rau "info".
- - qhov tsis zoo hauv mod_http2 module uas tso cai rau cov txheej txheem sib tsoo thaum xa daim ntawv thov ntawm HTTP / 2 nrog qhov tshwj xeeb tsim 'Cache-Digest' header tus nqi (kev sib tsoo tshwm sim thaum sim ua haujlwm HTTP / 2 PUSH ntawm cov peev txheej) . Txhawm rau thaiv qhov tsis zoo, koj tuaj yeem siv qhov "H2Push off" teeb tsa.
- β mod_remoteip vulnerability, uas tso cai rau koj mus spoof IP chaw nyob thaum proxying siv mod_remoteip thiab mod_rewrite. Qhov teeb meem tsuas yog tshwm sim rau kev tso tawm 2.4.1 txog 2.4.23.
Qhov tseem ceeb tshaj plaws kev hloov pauv tsis muaj kev ruaj ntseg yog:
- Kev them nyiaj yug rau cov qauv tshwj xeeb tau raug tshem tawm ntawm mod_http2 , nws qhov kev txhawb nqa tau raug tso tseg.
- Hloov tus cwj pwm ntawm "LimitRequestFields" cov lus qhia hauv mod_http2; qhia tus nqi ntawm 0 tam sim no lov tes taw qhov txwv.
- mod_http2 muab kev ua haujlwm ntawm thawj thiab theem nrab (tus tswv / theem nrab) kev sib txuas thiab kos npe ntawm txoj kev nyob ntawm kev siv.
- Yog tias qhov tsis raug Qhov Kawg-Modified header cov ntsiab lus tau txais los ntawm FCGI / CGI tsab ntawv, lub ntsiab lus no tam sim no raug tshem tawm ntau dua li hloov hauv Unix lub sijhawm.
- ap_parse_strict_length() muaj nuj nqi tau ntxiv rau cov cai kom nruj me ntsis cais cov ntsiab lus loj.
- Mod_proxy_fcgi's ProxyFCGISetEnvIf xyuas kom meej tias ib puag ncig hloov pauv tau raug tshem tawm yog tias cov lus qhia rov qab False.
- Kho qhov kev sib tw thiab ua tau mod_ssl tsoo thaum siv daim ntawv pov thawj tus neeg siv khoom tau teev tseg ntawm SSLProxyMachineCertificateFile teeb tsa.
- Tsau nco xau hauv mod_ssl.
- mod_proxy_http2 muab kev siv lub npe tsis muaj "Β» thaum kuaj xyuas qhov ua haujlwm ntawm qhov kev sib txuas tshiab lossis rov siv dua rau lub backend.
- Nres kev khi httpd nrog "-lsystemd" kev xaiv thaum mod_systemd qhib.
- mod_proxy_http2 xyuas kom meej tias qhov kev teeb tsa ProxyTimeout raug coj mus rau hauv tus as khauj thaum tos cov ntaub ntawv nkag los ntawm kev sib txuas rau lub backend.
Tau qhov twg los: opennet.ru