ProHoster > Blog > internet nhau > Apache 2.4.46 http server kuburitswa ine vulnerabilities yakagadziriswa

Apache 2.4.46 http server kuburitswa ine vulnerabilities yakagadziriswa

rakabudiswa Apache HTTP Server kuburitswa 2.4.46 (yakaburitswa 2.4.44 uye 2.4.45 yakasvetuka), iyo yakatanga 17 shanduko uye yakabviswa 3 kusasimba:

  • CVE-2020-11984 - buffer inofashukira mune mod_proxy_uwsgi module, iyo inogona kutungamira kune ruzivo ruza kana kuuraya kodhi pane sevha kana uchitumira chikumbiro chakagadzirwa. Kusagadzikana kunoshandiswa nekufambisa musoro wakareba kwazvo weHTTP. Nekudzivirira, kuvharika kwemisoro kureba kupfuura 16K (muganho unotsanangurwa muiyo protocol yakatarwa) yawedzerwa.
  • CVE-2020-11993 -kusagadzikana mune mod_http2 module iyo inobvumira maitiro kuparara kana uchitumira chikumbiro chine yakanyatso kurongeka HTTP/2 musoro. Dambudziko rinozviratidza kana kugadzirisa kana kutsvaga kunogoneswa mune mod_http2 module uye inoratidzwa muhuori hwekurangarira nekuda kwechimiro chenhangemutange kana uchichengetedza ruzivo kurogi. Dambudziko hariratidzike kana LogLevel yaiswa ku "info".
  • CVE-2020-9490 -kusagadzikana mune mod_http2 module inobvumira maitiro kuparara kana uchitumira chikumbiro kuburikidza neHTTP/2 ine yakanyatso kurongwa 'Cache-Digest' yemusoro kukosha (kuparara kunoitika paunenge uchiedza kuita HTTP/2 PUSH oparesheni kune sosi). Kusagadzikana kunogona kuvharwa nekushandisa "H2Push off" kuseta.
  • CVE-2020-11985 - a mod_remoteip kusagadzikana kunobvumira IP kero spoofing kana proxying uchishandisa mod_remoteip uye mod_rewrite. Dambudziko rinongoitika mukuburitswa 2.4.1 kuburikidza 2.4.23.

Shanduko dzinonyanya kuzivikanwa dzisiri dzekuchengetedza ndeidzi:

  • Dhizaini yekutsigira yakabviswa kubva mod_http2 kazuho-h2-cache-digest, kukwidziridzwa kwacho kwakamiswa.
  • Maitiro e "LimitRequestFields" rairo mu mod_http2 yakashandurwa, ichitsanangura kukosha kwe0 ikozvino inodzima muganho.
  • mod_http2 inopa kubata kwe master/secondary connections uye kumaka kwemaitiro zvichienderana nekushandiswa.
  • Kana zvisizvo Yekupedzisira-Yakagadziridzwa yemusoro yemukati yakagamuchirwa kubva kuFCGI/CGI script, musoro wabviswa pane kuchinjwa panguva yeUnix epoch.
  • Iyo ap_parse_strict_length() basa rakawedzerwa kune kodhi yekunyatso patsanura yehukuru hwemukati.
  • Mu mod_proxy_fcgi, ProxyFCGISetEnvIf inova nechokwadi chekuti nharaunda dzakasiyana dzinobviswa kana kutaura kwakapihwa kuchidzoka Nhema.
  • Yakagadzirisa mamiriro emujaho uye inogona kuitika mod_ssl kuparara kana uchishandisa chitupa chemutengi chakataurwa kuburikidza neSSProxyMachineCertificateFile kuseta.
  • Yakagadzirisa ndangariro kuvuza mu mod_ssl.
  • Mune mod_proxy_http2 kushandiswa kweiyo proxy parameter " kunopihwaping»kana uchitarisa hutano hwekubatana kutsva kana kushandiswa zvakare kune backend.
  • Yakamira kubatanidza httpd ne "-lsystemd" sarudzo kana mod_systemd ikagoneswa.
  • mod_proxy_http2 ikozvino inoremekedza iyo ProxyTimeout yekumisikidza kana yakamirira inouya data kuburikidza ne backend yekubatanidza.

Source: opennet.ru

Tenga inovimbika yekutambira kwemasaiti ane DDoS dziviriro, VPS VDS maseva 🔥 Tenga webhusaiti yakavimbika ine dziviriro yeDDoS, maseva eVPS VDS | ProHoster