kuburitswa kweApache HTTP server 2.4.41 (kuburitswa 2.4.40 kwakasvetuka), iyo yakatanga uye yakabviswa :
- inyaya mu mod_http2 iyo inogona kutungamira kuhuwori hwekurangarira kana uchitumira zvikumbiro zvepush padanho rekutanga. Paunenge uchishandisa iyo "H2PushResource" kurongedza, zvinokwanisika kudzoreredza chiyeuchidzo mune yekukumbira kugadzirisa dziva, asi dambudziko rinogumira pakupunzika nekuti iyo data iri kunyorwa haina kubva pane ruzivo rwakagamuchirwa kubva kumutengi;
- - kuratidzwa kwemazuva ano DoS kusagadzikana muHTTP/2 kuita.
Munhu anorwisa anogona kupedza chiyeuchidzo chinowanikwa kune imwe nzira uye kugadzira mutoro unorema weCPU nekuzarura hwindo reHTTP / 2 rinotsvedza kuti sevha itumire data pasina zvipingamupinyi, asi kuchengetedza hwindo reTCP rakavharwa, kudzivirira data kubva chaizvoizvo kunyorwa kune socket; - - dambudziko mune mod_rewrite, iyo inokubvumira kushandisa sevha kutumira zvikumbiro kune zvimwe zviwanikwa (vhura redirect). Mamwe ma mod_rewrite marongero anogona kuita kuti mushandisi aendeswe kune imwe chinongedzo, encoded uchishandisa mutsara mutsva mukati meparameter inoshandiswa mune iripo redirect. Kuti uvhare dambudziko muRegexDefaultOptions, unogona kushandisa PCRE_DOTALL mureza, iyo ikozvino yakagadzwa nekukasira;
- - kugona kuita muchinjika-saiti scripting pamapeji ekukanganisa anoratidzwa ne mod_proxy. Pamapeji aya, chinongedzo chine URL yakawanikwa kubva pachikumbiro, umo munhu anorwisa anogona kuisa abbitral HTML code kuburikidza nekupukunyuka kwehunhu;
- - stack mafashama uye NULL pointer dereference mu mod_remoteip, inoshandiswa kuburikidza nekunyengera kwePROXY protocol musoro. Kurwiswa kunogona kuitwa chete kubva kudivi reiyo proxy server inoshandiswa muzvirongwa, uye kwete kuburikidza nechikumbiro chemutengi;
- -kusagadzikana mu mod_http2 iyo inobvumira, panguva yekumisa kubatana, kutanga kuverenga zvemukati kubva kune yakatosunungurwa ndangariro nzvimbo (yekuverenga-mushure-yemahara).
Shanduko dzinonyanya kuzivikanwa dzisiri dzekuchengetedza ndeidzi:
- mod_proxy_balancer yakavandudza dziviriro kubva kuXSS/XSRF kurwiswa kubva kune vezera rakavimbika;
- A SessionExpiryUpdateInterval setting yakawedzerwa ku mod_session kuti ione nguva yekuvandudza chikamu / nguva yekupera kwekiki;
- Mapeji ane zvikanganiso akacheneswa, ane chinangwa chekubvisa kuratidzwa kwemashoko kubva kune zvikumbiro pamapeji aya;
- mod_http2 inofunga nezve kukosha kwe "LimitRequestFieldSize" parameter, iyo yaimbove yakakodzera kutarisa HTTP/1.1 misoro yeminda;
- Inovimbisa kuti mod_proxy_hcheck gadziriso inogadzirwa kana ichishandiswa muBalancerMember;
- Yakaderedzwa ndangariro kushandiswa mu mod_dav kana uchishandisa PROPFIND kuraira pane yakakura muunganidzwa;
- Mune mod_proxy uye mod_ssl, matambudziko nekutsanangura chitupa uye SSL marongero mukati meProxy block akagadziriswa;
- mod_proxy inobvumira SSLProxyCheckPeer * marongero kuti aiswe kune ese proxy modules;
- Module masimba akawedzerwa , Ngatinyorei purojekiti kuti tigadzirise risiti uye kugadzirisa zvitupa uchishandisa iyo ACME (Otomatiki Chitupa Management Nzvimbo) protocol:
- Yakawedzera yechipiri vhezheni yeprotocol , iyo ikozvino yakasarudzika uye isina zvikumbiro zvePOST pane GET.
- Yakawedzerwa tsigiro yekusimbisa yakavakirwa paiyo TLS-ALPN-01 yekuwedzera (RFC 7301, Application-Layer Protocol Negotiation), iyo inoshandiswa muHTTP/2.
- Tsigiro yeiyo 'tls-sni-01' nzira yekuongorora yakamiswa (nekuda kwe ).
- Yakawedzera mirairo yekumisikidza nekupwanya cheki uchishandisa iyo 'dns-01' nzira.
- Yakawedzerwa rutsigiro muzvitupa kana DNS-based verification yagoneswa ('dns-01').
- Yakaitwa 'md-status' mubato uye peji rechitupa 'https://domain/.httpd/certificate-status'.
- Yakawedzerwa "MDCertificateFile" uye "MDCertificateKeyFile" mirairo yekugadzirisa domain paramita kuburikidza neakamira mafaera (pasina otomatiki tsigiro).
- Yakawedzera "MDMessageCmd" dhairekitori yekudaidza ekunze mirairo kana 'yakavandudzwa', 'kupera' kana 'yakakanganisa' zviitiko zvikaitika.
- Yakawedzera "MDWarnWindow" kuraira kuti ugadzire meseji yambiro nezve kupera kwechitupa;
Source: opennet.ru