ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > Tso tawm Apache 2.4.58 http server nrog tshem tawm DoS qhov tsis zoo hauv HTTP / 2

Tso tawm Apache 2.4.58 http server nrog tshem tawm DoS qhov tsis zoo hauv HTTP / 2

Kev tso tawm ntawm Apache HTTP neeg rau zaub mov 2.4.58 tau tshaj tawm, uas qhia txog 33 qhov kev hloov pauv thiab tshem tawm peb qhov tsis zoo, ob qho uas cuam tshuam txog qhov muaj peev xwm ua tiav DoS nres ntawm cov tshuab siv HTTP / 2 raws tu qauv.

  • CVE-2023-45802 Lub cim xeeb qaug zog yog tsim los ntawm kev ncua lub cim xeeb deallocation tom qab HTTP / 2 kwj rov pib dua los ntawm pob ntawv nrog tus chij RST. Txij li thaum lub cim xeeb tsis tso tawm tam sim ntawd tom qab tus chij RST tau ua tiav, tab sis tsuas yog tom qab kev sib txuas raug kaw, tus neeg tawm tsam tuaj yeem ua rau lub cim xeeb nce ntxiv los ntawm kev xa cov lus thov tshiab thiab yaug lawv nrog pob ntawv RST, tab sis tsis kaw qhov kev sib txuas.
  • CVE-2023-43622 - HTTP / 2 kev sib txuas ua haujlwm blocks indefinitely yog tias nws tau qhib nrog qhov pib zawv zawg qhov rai loj teem rau 0. Qhov tsis zoo tuaj yeem siv los ua kom tsis lees paub qhov kev pabcuam los ntawm kev tshaj li qhov txwv ntawm qhov siab tshaj plaws uas tau tso cai rau qhib kev sib txuas.
  • CVE-2023-31122 yog qhov muaj qhov tsis zoo hauv mod_macro uas tso cai rau cov ntaub ntawv nyeem los ntawm thaj chaw sab nraud ntawm qhov tsis sib faib.

Ntawm cov kev hloov tsis ruaj ntseg:

  • mod_http2 ntxiv kev txhawb nqa rau kev siv WebSocket raws tu qauv hla kwj hauv HTTP / 2 kev sib txuas (RFC 8441). Txhawm rau pab kom WebSocket hla HTTP / 2, 'H2WebSockets on|off' cov lus qhia tau raug npaj.
  • Ntxiv 'H2EarlyHint lub npe tus nqi' cov lus qhia rau mod_http2 ntxiv headers rau "103 Early Hints" teb.
  • Ntxiv 'H2ProxyRequests on|off' directive to mod_http2 to control seb HTTP/2 request processing is enabled in the proxy configuration.
  • Cov lus qhia 'H2MaxDataFrameLen n' tau ntxiv rau mod_http2 kom txwv qhov loj tshaj plaws ntawm lub cev teb hauv bytes kis hauv ib qho DATA ncej hauv HTTP/2. Qhov kev txwv tsis pub dhau yog 16 KB.
  • Hloov kho cov ntaub ntawv mime.types, uas ".js" txuas ntxiv yog khi rau 'text/javascript' hom es tsis txhob siv 'application/javascript' thiab ntxiv cov extensions: ".mjs" (nrog rau 'text/javascript' hom ) thiab ".opus" ('audio/ogg'). Ntxiv MIME hom thiab txuas ntxiv siv hauv WebAssembly.
  • Lub mod_tls module (ib qho kev xaiv rau mod_ssl hauv lus Rust) tau raug txhais los siv lub tsev qiv ntawv rustls-ffi 0.9.2+.
  • Ntxiv 'MDMatchNames tag nrho | servernames' cov lus qhia rau mod_md module los tswj yuav ua li cas MDomains sib phim rau cov ntsiab lus VirtualHosts.
  • Cov lus qhia 'MDChallengeDns01Version' tau ntxiv rau mod_md module xaiv ACME raws tu qauv siv rau kev txheeb xyuas DNS.
  • mod_md tso cai rau siv MDChallengeDns01 cov lus qhia rau tus kheej.
  • Ntxiv 'DavBasePath' cov lus qhia rau mod_dav kom teeb tsa txoj hauv kev mus rau hauv paus ntawm WebDav repository.
  • Ntxiv 'AliasPreservePath' cov lus qhia rau mod_alias siv tus nqi Alias ​​hauv qhov chaw thaiv raws li txoj hauv kev.
  • Ntxiv 'RedirectRelative' cov lus qhia rau mod_alias, tso cai rau redirection siv txoj kev txheeb ze.
  • Cov %{z} thiab %{strftime-format} hom specifiers tau ntxiv rau ErrorLogFormat cov lus qhia.
  • Ntxiv 'DeflateAlterETag' cov lus qhia rau mod_deflate los tswj ETag hloov li cas thaum siv compression.
  • Kev ua tau zoo ntawm send_brigade_nonblocking() muaj nuj nqi tau ua kom zoo dua.
  • Mod_status xyuas kom meej tias cov yuam sij "BusyWorkers" thiab "IdleWorkers" raug tshem tawm, thiab lub txee tshiab "GracefulWorkers" ntxiv.

Tau qhov twg los: opennet.ru

Ntxiv ib saib