CVE-2017-9788 – httpd: Uninitialized memory reflection in mod_auth_digest
https://notcve.org/view.php?id=CVE-2017-9788
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service. En Apache httpd, en versiones anteriores a la 2.2.34 y en versiones 2.4.x anteriores a la 2.4.27, el valor placeholder en cabeceras [Proxy-]Authorization del tipo 'Digest' no se inicializó o reinició antes de o entre las asignaciones sucesivas key=value por mod_auth_digest. Proporcionar una clave inicial sin asignación "=" podría reflejar el valor obsoleto de la memoria agrupada no inicializada utilizada por la petición anterior. Esto podría dar lugar al filtrado de información potencialmente confidencial y, en otros casos, a un fallo de segmentación que daría como resultado una denegación de servicio (DoS) It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. • http://www.debian.org/security/2017/dsa-3913 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/99569 http://www.securitytracker.com/id/1038906 https://access.redhat.com/errata/RHSA-2017:2478 https://access.redhat.com/errata/RHSA-2017:2479 https://access.redhat.com/errata/RHSA-2017:2483 https://access.redhat.com/errata/RHSA-2017:2708 https://access.redhat.com/errata/RHSA-2017:2709 https://access.redhat.com/errata/RHS • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-456: Missing Initialization of a Variable •
CVE-2017-7668 – httpd: ap_find_token() buffer overread
https://notcve.org/view.php?id=CVE-2017-7668
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value. Los cambios en el análisis sintáctico estricto de HTTP añadidos en las versiones 2.2.32 y 2.4.24 de Apache httpd introdujeron un error en el análisis de listas de tokens. Esto permite que ap_find_token() busque más allá del final de la cadena de entrada. Un atacante puede conseguir causar un fallo de segmentación o forzar a que ap_find_token() devuelva un valor incorrecto mediante la manipulación de una secuencia de cabeceras de peticiones con fines maliciosos. • http://www.debian.org/security/2017/dsa-3896 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/99137 http://www.securitytracker.com/id/1038711 https://access.redhat.com/errata/RHSA-2017:2479 https://access.redhat.com/errata/RHSA-2017:2483 https://access.redhat.com/errata/RHSA-2017:3193 https://access.redhat.com/errata/RHSA-2017:3194 https://lists.apache.org/thread.html/55a068b6a5eec0b3198ae7d96a7cb412352d0ffa7716612c5af3745b%40%3Cdev.httpd. • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVE-2017-3167 – httpd: ap_get_basic_auth_pw() authentication bypass
https://notcve.org/view.php?id=CVE-2017-3167
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. En Apache httpd, en versiones 2.2.x anteriores a la 2.2.33 y versiones 2.4.x anteriores a la 2.4.26, el uso de ap_get_basic_auth_pw() por parte de módulos de terceros fuera de la fase de autenticación puede dar lugar a que se omitan requisitos de autenticación.. It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. • http://www.debian.org/security/2017/dsa-3896 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/99135 http://www.securitytracker.com/id/1038711 https://access.redhat.com/errata/RHSA-2017:2478 https://access.redhat.com/errata/RHSA-2017:2479 https://access.redhat.com/errata/RHSA-2017:2483 https://access.redhat.com/errata/RHSA-2017:3193 https://access.redhat.com/errata/RHSA-2017:3194 https://access.redhat.com/errata/RHS • CWE-287: Improper Authentication •
CVE-2016-10165 – lcms2: Out-of-bounds read in Type_MLU_Read()
https://notcve.org/view.php?id=CVE-2016-10165
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. La función Type_MLU_Read en cmstypes.c en Little CMS (también conocido como lcms2) permite a atacantes remotos obtener información sensible o provocar una denegación de servicio a través de una imagen con un perfil ICC manipulado, lo que desencadena una lectura de memoria dinámica fuera de límites. • http://lists.opensuse.org/opensuse-updates/2017-01/msg00174.html http://rhn.redhat.com/errata/RHSA-2016-2079.html http://rhn.redhat.com/errata/RHSA-2016-2658.html http://www.debian.org/security/2017/dsa-3774 http://www.openwall.com/lists/oss-security/2017/01/23/1 http://www.openwall.com/lists/oss-security/2017/01/25/14 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/95808 http://www.securitytracker.com/id& • CWE-125: Out-of-bounds Read •
CVE-2016-8610 – SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS
https://notcve.org/view.php?id=CVE-2016-8610
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. Se ha encontrado un fallo de denegación de servicio en OpenSSL en las versiones 0.9.8, 1.0.1, 1.0.2 hasta la 1.0.2h y la 1.1.0 en la forma en la que el protocolo TLS/SSL definió el procesamiento de paquetes ALERT durante una negociación de conexión. Un atacante remoto podría emplear este fallo para hacer que un servidor TLS/SSL consuma una cantidad excesiva de recursos de CPU y fracase a la hora de aceptar conexiones de otros clientes. A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. • https://github.com/cujanovic/CVE-2016-8610-PoC http://rhn.redhat.com/errata/RHSA-2017-0286.html http://rhn.redhat.com/errata/RHSA-2017-0574.html http://rhn.redhat.com/errata/RHSA-2017-1415.html http://rhn.redhat.com/errata/RHSA-2017-1659.html http://seclists.org/oss-sec/2016/q4/224 http://www.securityfocus.com/bid/93841 http://www.securitytracker.com/id/1037084 https://access.redhat.com/errata/RHSA-2017:1413 https://access.redhat.com/errata/RHSA-2017:1414 • CWE-400: Uncontrolled Resource Consumption •