Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > Apache 2.4.56 http kumasulidwa kwa seva yokhala ndi zovuta zokhazikika

Apache 2.4.56 http kumasulidwa kwa seva yokhala ndi zovuta zokhazikika

Kutulutsidwa kwa seva ya Apache HTTP 2.4.56 kwasindikizidwa, komwe kumayambitsa zosintha za 6 ndikuchotsa ziwopsezo za 2 zomwe zimagwirizanitsidwa ndi kuthekera kochita ziwopsezo za "HTTP Request Smuggling" pamakina akutsogolo-kumapeto, kulola kulowa mkati. zomwe zili muzopempha za ena ogwiritsa ntchito zomwe zasinthidwa mu ulusi womwewo pakati pa frontend ndi backend. Kuwukiraku kungagwiritsidwe ntchito kudutsa njira zoletsa kulowa kapena kuyika JavaScript code yoyipa mugawo lomwe lili ndi tsamba lovomerezeka.

Chiwopsezo choyamba (CVE-2023-27522) chimakhudza mod_proxy_uwsgi module ndipo amalola kuti yankho ligawidwe m'magawo awiri kumbali ya proxy kudzera m'malo mwa zilembo zapadera pamutu wa HTTP wobwezedwa ndi backend.

Chiwopsezo chachiwiri (CVE-2023-25690) chilipo mu mod_proxy ndipo chimachitika mukamagwiritsa ntchito malamulo ena olemberanso pogwiritsa ntchito RewriteRule malangizo operekedwa ndi mod_rewrite module, kapena machitidwe ena mu malangizo a ProxyPassMatch. Kusatetezeka kungapangitse pempho kudzera mwa projekiti yazachuma zamkati, mwayi wofikira womwe uli woletsedwa kudzera pa proxy, kapena kupha zomwe zili mkati mwa cache. Kuti kusatetezeka kuwonekere, ndikofunikira kuti malamulo olemberanso pempho agwiritse ntchito data ya ulalo, yomwe imasinthidwa ndi pempho lomwe latumizidwanso. Mwachitsanzo: RewriteEngine pa RewriteRule β€œ^/here/(.*)” Β» http://example.com:8080/elsewhere?$1β€³ http://example.com:8080/elsewhere ; [P] ProxyPassReverse / here/ http://example.com:8080/ http://example.com:8080/

Zina mwa zosintha zopanda chitetezo:

  • Mbendera ya "-T" yawonjezedwa ku zida za rotatelogs, zomwe zimalola, pozungulira zipika, kutsitsa mafayilo alogi osatsitsa fayilo yoyambira.
  • mod_ldap imalola zolakwika mu malangizo a LDAPConnectionPoolTTL kuti akonzenso kugwiritsidwa ntchito kwa maulalo akale.
  • Mod_md module, yomwe imagwiritsidwa ntchito popanga ma risiti ndi kukonza ziphaso pogwiritsa ntchito protocol ya ACME (Automatic Certificate Management Environment) ikapangidwa ndi libressl 3.5.0+, imaphatikizapo kuthandizira dongosolo la siginecha ya digito ya ED25519 ndikuwerengera zidziwitso zachinsinsi za anthu (CT , Certificate Transparency). Lamulo la MDChallengeDns01 limalola kutanthauzira kwa makonda a madera omwewo.
  • mod_proxy_uwsgi yalimbitsa kuyang'ana ndi kugawa mayankho kuchokera ku HTTP backends.

Source: opennet.ru

Kuwonjezera ndemanga