ID

VAR-201706-0996

CVE

CVE-2017-7668

TITLE

Apache httpd Input validation vulnerability

DESCRIPTION

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value. Apache httpd Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Apache HTTP Server is prone to a denial-of-service vulnerability. Attackers may leverage this issue to cause a denial-of-service condition, denying service to legitimate users. Apache HTTP Server 2.2.32 and 2.4.25 are vulnerable. ========================================================================== Ubuntu Security Notice USN-3373-1 July 31, 2017 apache2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 ESM Summary: Several security issues were fixed in Apache HTTP Server. This update adds a new ap_get_basic_auth_components() function for use by third-party modules. (CVE-2017-3167) Vasileios Panopoulos discovered that the Apache mod_ssl module may crash when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port. (CVE-2017-3169) Javier JimA(c)nez discovered that the Apache HTTP Server incorrectly handled parsing certain requests. (CVE-2017-7679) David Dennerline and RA(c)gis Leroy discovered that the Apache HTTP Server incorrectly handled unusual whitespace when parsing requests, contrary to specifications. This update may introduce compatibility issues with clients that do not strictly follow HTTP protocol specifications. A new configuration option "HttpProtocolOptions Unsafe" can be used to revert to the previous unsafe behaviour in problematic environments. (CVE-2016-8743) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM: A apache2.2-binA A A A A A A A A A A A A A A A A A A 2.2.22-1ubuntu1.12 In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201710-32 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Apache: Multiple vulnerabilities Date: October 29, 2017 Bugs: #622240, #624868, #631308 ID: 201710-32 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Apache, the worst of which may result in the loss of secrets. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/apache < 2.4.27-r1 >= 2.4.27-r1 Description =========== Multiple vulnerabilities have been discovered in Apache. Please review the referenced CVE identifiers for details. Impact ====== The Optionsbleed vulnerability can leak arbitrary memory from the server process that may contain secrets. Workaround ========== There is no known workaround at this time. Resolution ========== All Apache users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.27-r1" References ========== [ 1 ] CVE-2017-3167 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3167 [ 2 ] CVE-2017-3169 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3169 [ 3 ] CVE-2017-7659 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7659 [ 4 ] CVE-2017-7668 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7668 [ 5 ] CVE-2017-7679 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7679 [ 6 ] CVE-2017-9788 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9788 [ 7 ] CVE-2017-9789 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9789 [ 8 ] CVE-2017-9798 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201710-32 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . 7) - x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: httpd24-httpd security update Advisory ID: RHSA-2017:2483-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2017:2483 Issue date: 2017-08-16 CVE Names: CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7668 CVE-2017-7679 CVE-2017-9788 ===================================================================== 1. Summary: An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Security Fix(es): * It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788) * It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167) * A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169) * A NULL pointer dereference flaw was found in the mod_http2 module of httpd. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP/2 request. (CVE-2017-7659) * A buffer over-read flaw was found in the httpd's ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. (CVE-2017-7668) * A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1463194 - CVE-2017-3167 httpd: ap_get_basic_auth_pw() authentication bypass 1463197 - CVE-2017-3169 httpd: mod_ssl NULL pointer dereference 1463199 - CVE-2017-7659 httpd: mod_http2 NULL pointer dereference 1463205 - CVE-2017-7668 httpd: ap_find_token() buffer overread 1463207 - CVE-2017-7679 httpd: mod_mime buffer overread 1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection in mod_auth_digest 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: httpd24-httpd-2.4.25-9.el6.1.src.rpm noarch: httpd24-httpd-manual-2.4.25-9.el6.1.noarch.rpm x86_64: httpd24-httpd-2.4.25-9.el6.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.25-9.el6.1.x86_64.rpm httpd24-httpd-devel-2.4.25-9.el6.1.x86_64.rpm httpd24-httpd-tools-2.4.25-9.el6.1.x86_64.rpm httpd24-mod_ldap-2.4.25-9.el6.1.x86_64.rpm httpd24-mod_proxy_html-2.4.25-9.el6.1.x86_64.rpm httpd24-mod_session-2.4.25-9.el6.1.x86_64.rpm httpd24-mod_ssl-2.4.25-9.el6.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: httpd24-httpd-2.4.25-9.el6.1.src.rpm noarch: httpd24-httpd-manual-2.4.25-9.el6.1.noarch.rpm x86_64: httpd24-httpd-2.4.25-9.el6.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.25-9.el6.1.x86_64.rpm httpd24-httpd-devel-2.4.25-9.el6.1.x86_64.rpm httpd24-httpd-tools-2.4.25-9.el6.1.x86_64.rpm httpd24-mod_ldap-2.4.25-9.el6.1.x86_64.rpm httpd24-mod_proxy_html-2.4.25-9.el6.1.x86_64.rpm httpd24-mod_session-2.4.25-9.el6.1.x86_64.rpm httpd24-mod_ssl-2.4.25-9.el6.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: httpd24-httpd-2.4.25-9.el6.1.src.rpm noarch: httpd24-httpd-manual-2.4.25-9.el6.1.noarch.rpm x86_64: httpd24-httpd-2.4.25-9.el6.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.25-9.el6.1.x86_64.rpm httpd24-httpd-devel-2.4.25-9.el6.1.x86_64.rpm httpd24-httpd-tools-2.4.25-9.el6.1.x86_64.rpm httpd24-mod_ldap-2.4.25-9.el6.1.x86_64.rpm httpd24-mod_proxy_html-2.4.25-9.el6.1.x86_64.rpm httpd24-mod_session-2.4.25-9.el6.1.x86_64.rpm httpd24-mod_ssl-2.4.25-9.el6.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: httpd24-httpd-2.4.25-9.el7.1.src.rpm noarch: httpd24-httpd-manual-2.4.25-9.el7.1.noarch.rpm x86_64: httpd24-httpd-2.4.25-9.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.25-9.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.25-9.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.25-9.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.25-9.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.25-9.el7.1.x86_64.rpm httpd24-mod_session-2.4.25-9.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.25-9.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3): Source: httpd24-httpd-2.4.25-9.el7.1.src.rpm noarch: httpd24-httpd-manual-2.4.25-9.el7.1.noarch.rpm x86_64: httpd24-httpd-2.4.25-9.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.25-9.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.25-9.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.25-9.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.25-9.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.25-9.el7.1.x86_64.rpm httpd24-mod_session-2.4.25-9.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.25-9.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: httpd24-httpd-2.4.25-9.el7.1.src.rpm noarch: httpd24-httpd-manual-2.4.25-9.el7.1.noarch.rpm x86_64: httpd24-httpd-2.4.25-9.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.25-9.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.25-9.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.25-9.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.25-9.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.25-9.el7.1.x86_64.rpm httpd24-mod_session-2.4.25-9.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.25-9.el7.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-3167 https://access.redhat.com/security/cve/CVE-2017-3169 https://access.redhat.com/security/cve/CVE-2017-7659 https://access.redhat.com/security/cve/CVE-2017-7668 https://access.redhat.com/security/cve/CVE-2017-7679 https://access.redhat.com/security/cve/CVE-2017-9788 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFZlNCpXlSAg2UNWIIRArzwAJwNfAuroR6X18rUh+zmjiMy5iBkdwCeJF6e 4v4GwWYC+5xG0xxXzTEQyAg= =UV+2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 7.3) - ppc64, ppc64le, s390x, x86_64 3. (CVE-2017-7679) * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. (CVE-2017-9798) Red Hat would like to thank Hanno BAPck for reporting CVE-2017-9798

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

buffer error

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Javier Jim&amp;eacute;nez

SOURCES

LAST UPDATE DATE

2024-09-18T23:09:10.344000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE