Kuburitswa kweApache HTTP server 2.4.56 kwakabudiswa, kunounza shanduko 6 uye kubvisa kusazvibata kwe2 kwakabatana nemukana wekuita "HTTP Chikumbiro Smuggling" kurwisa kumberi-kumashure-kumashure-kumagumo masisitimu, zvichibvumira kupinda mukati. zviri mukati mezvikumbiro zvevamwe vashandisi zvinogadziriswa mushinda imwechete pakati pemberi uye backend. Kurwiswa kwacho kunogona kushandiswa kunzvenga masystem ekurambidza kana kuisa yakashata JavaScript kodhi muchikamu chine webhusaiti yepamutemo.
Kusagadzikana kwekutanga (CVE-2023-27522) kunokanganisa mod_proxy_uwsgi module uye inobvumira mhinduro kuti ipatsanurwe kuita zvikamu zviviri parutivi rweproxy kuburikidza nekutsiviwa kwemavara akakosha muHTTP musoro wakadzoserwa nebackend.
Kusagadzikana kwechipiri (CVE-2023-25690) kuripo mumod_proxy uye kunoitika kana uchishandisa mimwe mitemo yekunyorazve chikumbiro uchishandisa RewriteRule rairo rinopihwa nemod_rewrite module kana mamwe mapatani muProxyPassMatch rairo. Kusagadzikana kunogona kutungamira kuchikumbiro kuburikidza nemumiriri wezviwanikwa zvemukati izvo zvisingabvumidzwe kuwanikwa kuburikidza neproxy, kana kune chepfu yemukati memukati. Kuti kusavimbika kuratidzike, zvinodikanwa kuti mitemo yekunyorazve chikumbiro ishandise data kubva kuURL, inozoiswa panzvimbo yechikumbiro chinotumirwa mberi. Semuenzaniso: RewriteEngine paRewriteRule β^/here/(.*)β Β» http://example.com:8080/elsewhere?$1β³ http://example.com:8080/elsewhere ; [P] ProxyPassReverse /here/ http://example.com:8080/ http://example.com:8080/
Pakati pezvisiri zvekuchengetedza shanduko:
- Mureza we "-T" wakawedzerwa kune iyo rotatelogs utility, iyo inobvumira, kana ichitenderedza matanda, kudzikisa anotevera elogi mafaira pasina kudzikisa yekutanga faira regi.
- mod_ldap inobvumira hunhu husina kunaka mune iyo LDAPConnectionPoolTTL dhairekitori kugadzirisa kushandiswazve kwechero hukama hwekare.
- Iyo mod_md module, inoshandiswa kugadzirisa risiti nekuchengetedza zvitupa uchishandisa ACME (Automatic Certificate Management Environment) protocol, kana yaunganidzwa ne libressl 3.5.0+, inosanganisira tsigiro yeED25519 yedhijitari siginecha scheme uye accounting yeruzhinji ruzivo log log (CT , Certificate Transparency). Iyo MDChallengeDns01 dhairekitori inobvumira tsananguro yezvigadziriso zvemadomasi ega.
- mod_proxy_uwsgi yakasimbisa kutarisa uye kupatsanurwa kwemhinduro kubva kuHTTP backends.
Source: opennet.ru