ProHoster > Blog > internet nhau > Apache 2.4.54 http server kuburitswa ine vulnerabilities yakagadziriswa

Apache 2.4.54 http server kuburitswa ine vulnerabilities yakagadziriswa

Iyo Apache HTTP server 2.4.53 yakaburitswa, ichiunza 19 shanduko uye kubvisa 8 kusagadzikana:

  • CVE-2022-31813 ndeyekusagadzikana mu mod_proxy iyo inokutendera kuti uvhare kutumira kwe X-Forwarded-* misoro ine ruzivo nezve IP kero kwakabva chikumbiro chepakutanga. Dambudziko rinogona kushandiswa kunzvenga zvirambidzo zvekupinda zvichibva pamakero eIP.
  • CVE-2022-30556 ndeyekusagadzikana mu mod_lua iyo inobvumira kuwana data kunze kweiyo yakagoverwa buffer kuburikidza nekunyengera kweiyo r:wsread() basa muLua zvinyorwa.
  • CVE-2022-30522 - Kuramba sevhisi (inowanikwa ndangariro kuneta) paunenge uchigadzirisa imwe data nemod_sed module.
  • CVE-2022-29404 kurambwa kwesevhisi mumod_lua inoshandiswa nekutumira zvikumbiro zvakashongedzwa kuvashandi veLua vachishandisa r:parsebody(0) kufona.
  • CVE-2022-28615, CVE-2022-28614 - Kurambwa kwesevhisi kana kuwana dhata mu process memory nekuda kwezvikanganiso muap_strcmp_match () uye ap_rwrite () mabasa, zvichikonzera kuverenga kubva kunzvimbo iri mhiri kwemuganho webuffer.
  • CVE-2022-28330 - Ruzivo rwekudonha kubva kunze-kwe-miganhu buffer nzvimbo mu mod_isapi (iyo nyaya inongoitika paWindows papuratifomu).
  • CVE-2022-26377 - Iyo mod_proxy_ajp module inobatwa neHTTP Chikumbiro cheSmuggling kurwiswa kumberi-backend masisitimu, iyo inoibvumira kuzvipinza mukati mezviri mukati mezvimwe zvikumbiro zvevamwe vashandisi zvinogadziriswa mushinda imwechete pakati pemberi uye backend.

Shanduko dzinonyanya kuzivikanwa dzisiri dzekuchengetedza ndeidzi:

  • mod_ssl inoita kuti SSLFIPS modhi ienderane neOpenSSL 3.0.
  • Iyo ab utility inotsigira TLSv1.3 (inoda kubatanidza neSSL raibhurari inotsigira iyi protocol).
  • Mune mod_md, iyo MDCertificateAuthority dhairekitori inobvumira anopfuura rimwe reCA zita uye URL. Mirayiridzo mitsva yakawedzerwa: MDRetryDelay (inotsanangura kunonoka usati watumira chikumbiro chekuyedzazve) uye MDRetryFailover (inotsanangura huwandu hwekuedzazve kana ukatadza usati wasarudza imwe chiremera chetitifiketi). Yakawedzera tsigiro ye "auto" mamiriro kana ichiburitsa kukosha mu "kiyi: kukosha" fomati. Inopa kugona kubata zvitupa zvevashandisi veTailscale yakachengeteka VPN network.
  • Iyo mod_http2 module yakacheneswa yekodhi isina kushandiswa uye isina kuchengetedzeka.
  • mod_proxy inova nechokwadi chekuti backend network chiteshi inoratidzwa mumhosho mameseji akanyorwa kulogi.
  • Mune mod_heartmonitor, kukosha kweiyo HeartbeatMaxServers parameter yakashandurwa kubva pa0 kusvika ku10 (kutanga gumi rakagovaniswa memory slots).

Source: opennet.ru

Voeg