CVE-2024-39864 – Apache CloudStack: Integration API service uses dynamic port when disabled
https://notcve.org/view.php?id=CVE-2024-39864
The CloudStack integration API service allows running its unauthenticated API server (usually on port 8096 when configured and enabled via integration.api.port global setting) for internal portal integrations and for testing purposes. By default, the integration API service port is disabled and is considered disabled when integration.api.port is set to 0 or negative. Due to an improper initialisation logic, the integration API service would listen on a random port when its port value is set to 0 (default value). An attacker that can access the CloudStack management network could scan and find the randomised integration API service port and exploit it to perform unauthorised administrative actions and perform remote code execution on CloudStack managed hosts and result in complete compromise of the confidentiality, integrity, and availability of CloudStack managed infrastructure. Users are recommended to restrict the network access on the CloudStack management server hosts to only essential ports. Users are recommended to upgrade to version 4.18.2.1, 4.19.0.2 or later, which addresses this issue. • http://www.openwall.com/lists/oss-security/2024/07/05/1 https://cloudstack.apache.org/blog/security-release-advisory-4.19.0.2-4.18.2.1 https://lists.apache.org/thread/6l51r00csrct61plkyd3qg3fj99215d1 https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-1-and-4-19-0-2 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-665: Improper Initialization •
CVE-2024-39884 – Apache HTTP Server: source code disclosure with handlers configured via AddType
https://notcve.org/view.php?id=CVE-2024-39884
A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted. Users are recommended to upgrade to version 2.4.61, which fixes this issue. Una regresión en el núcleo de Apache HTTP Server 2.4.60 ignora parte del uso de la configuración de controladores heredada basada en el tipo de contenido. "AddType" y configuraciones similares, en algunas circunstancias en las que los archivos se solicitan indirectamente, dan como resultado la divulgación del código fuente del contenido local. • http://www.openwall.com/lists/oss-security/2024/07/17/6 https://httpd.apache.org/security/vulnerabilities_24.html https://security.netapp.com/advisory/ntap-20240712-0002 •
CVE-2024-34750 – Apache Tomcat: HTTP/2 excess header handling DoS
https://notcve.org/view.php?id=CVE-2024-34750
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue. Manejo inadecuado de condiciones excepcionales, vulnerabilidad de consumo incontrolado de recursos en Apache Tomcat. Al procesar una secuencia HTTP/2, Tomcat no manejó correctamente algunos casos de encabezados HTTP excesivos. • https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l https://access.redhat.com/security/cve/CVE-2024-34750 https://bugzilla.redhat.com/show_bug.cgi?id=2295651 • CWE-400: Uncontrolled Resource Consumption CWE-755: Improper Handling of Exceptional Conditions •
CVE-2024-39573 – Apache HTTP Server: mod_rewrite proxy handler substitution
https://notcve.org/view.php?id=CVE-2024-39573
Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue. El potencial SSRF en mod_rewrite en Apache HTTP Server 2.4.59 y versiones anteriores permite a un atacante provocar que RewriteRules inseguras configuren inesperadamente URL para que sean manejadas por mod_proxy. Se recomienda a los usuarios actualizar a la versión 2.4.60, que soluciona este problema. A flaw was found in the mod_rewrite module of httpd. A potential SSRF allows an attacker to cause unsafe rules used in the RewriteRule directive to unexpectedly set up URLs to be handled by the mod_proxy module. • https://httpd.apache.org/security/vulnerabilities_24.html https://security.netapp.com/advisory/ntap-20240712-0001 https://access.redhat.com/security/cve/CVE-2024-39573 https://bugzilla.redhat.com/show_bug.cgi?id=2295022 • CWE-20: Improper Input Validation •
CVE-2024-38477 – Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request
https://notcve.org/view.php?id=CVE-2024-38477
null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue. La desreferencia del puntero nulo en mod_proxy en Apache HTTP Server 2.4.59 y versiones anteriores permite a un atacante bloquear el servidor mediante una solicitud maliciosa. Se recomienda a los usuarios actualizar a la versión 2.4.60, que soluciona este problema. A flaw was found in the mod_proxy module of httpd. A NULL pointer dereference can be triggered when processing a specially crafted HTTP request, causing the httpd server to crash, and resulting in a denial of service. • https://httpd.apache.org/security/vulnerabilities_24.html https://security.netapp.com/advisory/ntap-20240712-0001 https://access.redhat.com/security/cve/CVE-2024-38477 https://bugzilla.redhat.com/show_bug.cgi?id=2295016 • CWE-476: NULL Pointer Dereference •