ProHoster > Blog > internet nhau > Apache 2.4.46 http server kuburitswa ine vulnerabilities yakagadziriswa

Apache 2.4.46 http server kuburitswa ine vulnerabilities yakagadziriswa

rakabudiswa kuburitswa kweApache HTTP server 2.4.46 (yakaburitswa 2.4.44 uye 2.4.45 yakasvetuka), iyo yakatanga 17 shanduko uye yakabviswa 3 kusasimba:

  • CVE-2020-11984 - buffer inofashukira mune mod_proxy_uwsgi module, iyo inogona kutungamira kune ruzivo rwekudonha kana kodhi kuuraya pavhavha painotumira chikumbiro chakagadzirwa. Kusagadzikana kunoshandiswa nekutumira musoro wakareba weHTTP. Kuti dzidzivirire, kuvharika kwemisoro yakareba kupfuura 16K kwakawedzerwa (muganho unotsanangurwa mune yakatarwa protocol).
  • CVE-2020-11993 -kusagadzikana mune mod_http2 module iyo inobvumira maitiro kuti aparadze kana uchitumira chikumbiro neyakagadzirirwa HTTP/2 musoro. Dambudziko rinozviratidza kana kugadzirisa kana kutsvaga kunogoneswa mune mod_http2 module uye inoratidzwa muhuori hwemukati nekuda kwechimiro chenhangemutange kana uchichengetedza ruzivo kurogi. Dambudziko harisi kuoneka kana LogLevel yakaiswa ku "info".
  • CVE-2020-9490 -kusagadzikana mune mod_http2 module inobvumira maitiro kuparara kana uchitumira chikumbiro kuburikidza neHTTP/2 ine yakanyatso gadzirwa 'Cache-Digest' yemusoro kukosha (kuparara kunoitika kana uchiedza kuita HTTP/2 PUSH oparesheni pane sosi) . Kuti uvhare kusazvibata, unogona kushandisa "H2Push off" kuseta.
  • CVE-2020-11985 - mod_remoteip kusagadzikana, iyo inokutendera iwe kukanganisa IP kero panguva ye proxying uchishandisa mod_remoteip uye mod_rewrite. Dambudziko rinongowanikwa kune zvaburitswa 2.4.1 kusvika 2.4.23.

Shanduko dzinonyanya kuzivikanwa dzisiri dzekuchengetedza ndeidzi:

  • Tsigiro yezvirongwa zvekudhirowa yakabviswa kubva mod_http2 kazuho-h2-cache-digest, ane kukwidziridzwa kwakamiswa.
  • Yakachinja maitiro e "LimitRequestFields" rairo mu mod_http2; kutsanangura kukosha kwe0 ikozvino kunodzima muganho.
  • mod_http2 inopa kugadzirisa kwepuraimari nesekondari (master/secondary) zvinongedzo uye kumaka kwemaitiro zvichienderana nekushandiswa.
  • Kana zvisizvo Yekupedzisira-Yakagadziridzwa yemusoro yemukati yakagamuchirwa kubva kuFCGI/CGI script, uyu musoro wabviswa pane kutsiviwa muUnix epoch nguva.
  • Iyo ap_parse_strict_length() basa rakawedzerwa kune kodhi kunyatso ratidza saizi yemukati.
  • Mod_proxy_fcgi's ProxyFCGISetEnvIf inova nechokwadi chekuti nharaunda dzakasiyana dzinobviswa kana kutaura kwakapihwa kuchidzoka Nhema.
  • Yakagadzirisa mamiriro emujaho uye inogona kuitika mod_ssl kuparara kana uchishandisa chitupa chemutengi chakataurwa kuburikidza neSSProxyMachineCertificateFile kuseta.
  • Yakagadziriswa memory leak mu mod_ssl.
  • mod_proxy_http2 inopa kushandiswa kweiyo proxy parameter "pingΒ»kana uchitarisa mashandiro echinhu chitsva kana kushandiswa zvakare kubackend.
  • Yakamira kusunga httpd ne "-lsystemd" sarudzo kana mod_systemd yaitwa.
  • mod_proxy_http2 inova nechokwadi chekuti ProxyTimeout yekumisikidza inoverengerwa pakumirira data inouya kuburikidza nekubatanidza kune backend.

Source: opennet.ru

Voeg