ืื ืึทืคึผืึทืืฉื ืืืืคึผ ืกืขืจืืืขืจ 2.4.49 ืืื ืจืขืืขืึทืกืขื, ืื ืืจืึธืืืืกืื ื 27 ืขื ืืขืจืื ืืขื ืืื ืืืืืึทื ืืืืื ื 5 ืืืึทืื ืขืจืึทืืืืืืื:
- CVE-2021-33193 - mod_http2 ืืื ืกืึทืกืขืคึผืืึทืืึทื ืฆื ืึท ื ืืึทืข ืืืึทืจืืึทื ื ืคืื ืื "HTTP Request Smuggling" ืืึทืคืึทืื, ืืืึธืก ืึทืืึทืื, ืืืจื ืฉืืงื ืกืคึผืขืฉืื ืืืืืื ื ืงืืืขื ื ืจืืงืืืขืก, ืฆื ืืืขืืืฉ ืืื ืืื ืื ืืื ืืึทืื ืคืื ืจืืงืืืขืก ืคืื ืื ืืขืจืข ืืืืขืจื ืืจืึทื ืกืืืืืขื ืืืจื mod_proxy (ืืืฉื, ืืืจ ืงืขื ืขื ืืขืจืืจืืืื ืื ืื ืกืขืจืฉืึทื ืคืื ืืืืืข ืืืฉืึทืืืึทืกืงืจืืคึผื ืงืึธื ืืื ืื ืกืขืกืืข ืคืื โโืื ืื ืืขืจ ืืึทื ืืฆืขืจ ืคืื ืืขื ืคึผืืึทืฅ).
- CVE-2021-40438 ืืื ืึท ืืืึทืื ืขืจืึทืืืืืื ืคืื SSRF (Server Side Request Forgery) ืืื mod_proxy, ืืืึธืก ืึทืืึทืื ืื ืืงืฉื ืฆื ืืืื ืจืืืขืจืขืงืืื ืฆื ืึท ืกืขืจืืืขืจ ืืืืกืืขืจืืืืืื ืืืจื ืื ืึทืืึทืงืขืจ ืืืจื ืฉืืงื ืึท ืกืคึผืขืฆืืขื ืงืจืึทืคืืขื ืืจื-ืคึผืึทื ืืขืื.
- CVE-2021-39275 - ืืึทืคืขืจ ืึธืืืืขืจืคืืึธื ืืื ืื ap_escape_quotes ืคืื ืงืฆืืข. ืื ืืืึทืื ืขืจืึทืืืืืื ืืื ืื ืืขืฆืืืื ื ืืื ืืื ืืืืึทื ืึทืืข ื ืึธืจืืึทื ืืึทืืืฉืืื ืืึธื ื ืื ืคืึธืจื ืคืื ืืจืืืกื ืืืง ืืึทืื ืฆื ืืขื ืคึฟืื ืงืฆืืข. ืืืขืจ ืขืก ืืื ืืขืึธืจืขืืืฉ ืืขืืืขื ืึทื ืขืก ืืขื ืขื ืืจืื-ืคึผืึทืจืืื ืืึทืืืฉืืื ืืืจื ืืืึธืก ืึท ืืึทืคืึทืื ืงืขื ืขื ืืืื ืืืจืืืขืงืึธืื.
- CVE-2021-36160 - ืึทืจืืืก-ืคืื-ืืืืื ืืืืขื ื ืืื ืื mod_proxy_uwsgi ืืึธืืืืข ืงืึธืืื ื ืึท ืงืจืึทื.
- CVE-2021-34798 - ื NULL ืืืึทืื ืืืคืขืจืึทื ืกืื ืืืึธืก ืคืึทืจืฉืึทืคื ืึท ืคึผืจืึธืฆืขืก ืงืจืึทื ืืืขื ืคึผืจืึทืกืขืกืื ื ืกืคึผืขืฆืืขื ืงืจืึทืคืืขื ืจืืงืืืขืก.
ืื ืืขืจืกื ื ืึธืืืึทืืึทื ื ืื-ืืืืขืจืืืื ืขื ืืขืจืื ืืขื ืืขื ืขื:
- ืืึทื ืฅ ืึท ืคึผืืึทืฅ ืคืื ืื ืขืจืืขื ืขื ืืขืจืื ืืขื ืืื mod_ssl. ืื ืกืขืืืื ืืก "ssl_engine_set", "ssl_engine_disable" ืืื "ssl_proxy_enable" ืืขื ืขื ืืจืืืขืจืืขืคืืจื ืคืื ืืึธื_ืกืกื ืฆื ืื ืืืืคึผื ืคืืืื ื (ืืึทืจืฅ). ืขืก ืืื ืืขืืืขื ืฆื ื ืืฆื ืึธืืืขืจื ืึทืืืื ืกืกื ืืึทืืืฉืืื ืฆื ืืึทืฉืืฆื ืงืึทื ืขืงืฉืึทื ื ืืืจื ืืึธื_ืคึผืจืึธืงืกื. ืฆืืืขืืขืื ืื ืคืืืืงืืื ืฆื ืงืืึธืฅ ืคึผืจืืืืึทื ืฉืืืกืืขื, ืืืึธืก ืงืขื ืขื ืืืื ืืขืืืืื ื ืืื ืืืืจืขืฉืึทืจืง ืฆื ืึทื ืึทืืืื ืื ืงืจืืคึผืืื ืคืึทืจืงืขืจ.
- ืืื ืืึธื_ืคึผืจืึธืงืกื, ืื ืคึผืึทืจืกืื ื ืคืื ืืื ืืงืก ืืึธืืขื ืคึผืึทืืก ืืืจืืืขืืื ืืขื ืืื ืื "ืคึผืจืึธืงืกื:" URL ืืื ืึทืงืกืขืืขืจืืืืื.
- ืื ืงืืืคึผืึทืืืืึทืืื ืคืื ืื ืืึธื_ืื ืืึธืืืืข, ืืขื ืืฆื ืฆื ืึธืืึทืืืื ืื ืงืึทืืึธืืข ืืื ืืืฉืึทืื ืคืื ืกืขืจืืืคืืงืึทืฅ ื ืืฆื ืื ACME (Automatic Certificate Management Environment) ืคึผืจืึธืืึธืงืึธื, ืืขื ืขื ืืงืกืคึผืึทื ืืื. ืขืก ืืื ืขืจืืืืื ืฆื ืึทืจืืืจืื ืืืขื ืืึธืืืืื ื ืืื ืงืืืึธืืขืก ืืื ืืื ืฆืืืขืฉืืขืื ืฉืืืฆื ืคึฟืึทืจ tls-alpn-01 ืคึฟืึทืจ ืคืขืื ื ืขืืขื ืืืึธืก ืืขื ืขื ื ืืฉื ืคืืจืืื ืื ืืื ืืืืจืืืึทื ืืื ืืช.
- ืฆืืืขืืขืื ืื StrictHostCheck ืคึผืึทืจืึทืืขืืขืจ, ืืืึธืก ืคึผืจืึธืืืืืึทืฅ ืกืคึผืขืฆืืคืืฆืืจื ืึทื ืงืึทื ืคืืืืขืจื ืืึธืกืื ืึทืืขืก ืฆืืืืฉื ืื "ืืึธืื" ืจืฉืืื ืึทืจืืืืขื ืื.
ืืงืืจ: opennet.ru