ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > Apache 2.4.54 http neeg rau zaub mov tso tawm nrog qhov tsis zoo tau kho

Apache 2.4.54 http neeg rau zaub mov tso tawm nrog qhov tsis zoo tau kho

Apache 2.4.53 HTTP neeg rau zaub mov tso tawm tau tshaj tawm, uas nthuav tawm 19 kev hloov pauv thiab kho 8 qhov tsis zoo:

  • CVE-2022-31813 yog qhov tsis zoo hauv mod_proxy uas tso cai rau koj los thaiv kev xa X-Forwarded-* headers nrog cov ntaub ntawv hais txog IP chaw nyob uas qhov kev thov thawj tuaj. Qhov teeb meem tuaj yeem siv los hla kev txwv kev nkag mus raws li IP chaw nyob.
  • CVE-2022-30556 yog qhov muaj qhov tsis zoo hauv mod_lua uas tso cai rau kev nkag mus rau cov ntaub ntawv sab nraud ntawm kev faib tsis pub dhau los ntawm kev tswj hwm ntawm r: wsread() ua haujlwm hauv Lua scripts.
  • CVE-2022-30522 - Tsis lees paub qhov kev pabcuam (muaj lub cim xeeb tag) thaum ua cov ntaub ntawv los ntawm mod_sed module.
  • CVE-2022-29404 yog qhov tsis lees paub ntawm kev pabcuam hauv mod_lua, siv tau los ntawm kev xa cov lus thov tshwj xeeb rau Lua cov neeg tuav haujlwm siv r:parsebody(0) hu.
  • CVE-2022-28615, CVE-2022-28614 - Kev tsis lees paub kev pabcuam lossis kev nkag mus rau cov ntaub ntawv hauv cov txheej txheem nco vim yog qhov ua yuam kev hauv ap_strcmp_match() thiab ap_rwrite() ua haujlwm, ua rau kev nyeem los ntawm thaj chaw dhau ntawm qhov tsis muaj ciam teb.
  • CVE-2022-28330 - Cov ntaub ntawv xa tawm los ntawm qhov chaw tsis muaj nyob hauv mod_isapi (qhov teeb meem tsuas yog tshwm sim ntawm Windows platform).
  • CVE-2022-26377 - Lub mod_proxy_ajp module muaj qhov cuam tshuam rau HTTP Thov Smuggling tawm tsam ntawm pem hauv ntej-kawg-rov qab-kawg systems, uas tso cai rau nws mus smuggle nws tus kheej mus rau hauv cov ntsiab lus ntawm lwm tus neeg siv cov lus thov ua tiav nyob rau hauv tib lub xov ntawm lub hauv ntej-kawg. thiab back-end.

Qhov tseem ceeb tshaj plaws kev hloov pauv tsis muaj kev ruaj ntseg yog:

  • mod_ssl ua rau SSLFIPS hom sib xws nrog OpenSSL 3.0.
  • ab utility txhawb TLSv1.3 (yuav tsum tau txuas nrog lub tsev qiv ntawv SSL uas txhawb nqa cov txheej txheem no).
  • Hauv mod_md, MDCertificateAuthority directive tso cai ntau tshaj ib lub npe CA thiab URL. Cov lus qhia tshiab tau ntxiv lawm: MDRetryDelay (txhais qhov ncua sij hawm ua ntej xa rov qab thov) thiab MDRetryFailover (txhais cov lej rov ua dua thaum tsis ua haujlwm ua ntej xaiv lwm txoj cai pov thawj). Ntxiv kev txhawb nqa rau lub xeev "auto" thaum tso tawm qhov tseem ceeb hauv "tus yuam sij: tus nqi" hom. Muab lub peev xwm los tswj cov ntawv pov thawj rau cov neeg siv ntawm Tailscale ruaj ntseg VPN network.
  • Lub mod_http2 module tau raug ntxuav ntawm qhov tsis siv thiab tsis zoo.
  • mod_proxy xyuas kom meej tias qhov backend network chaw nres nkoj tau tshwm sim hauv cov lus yuam kev sau rau lub cav.
  • Hauv mod_heartmonitor, tus nqi ntawm HeartbeatMaxServers parameter tau hloov pauv ntawm 0 mus rau 10 (pib pib 10 qhov sib koom nco).

Tau qhov twg los: opennet.ru

Ntxiv ib saib