CVE-2019-0197 – httpd: mod_http2: possible crash on late upgrade
https://notcve.org/view.php?id=CVE-2019-0197
A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set "H2Upgrade on" are unaffected by this issue. Una vulnerabilidad fue encontrada en Apache HTTP Server 2.4.34 hasta 2.4.38 y clasificada como problemática. Cuando se habilitó HTTP / 2 para un http: host o H2Upgrade se habilitó para h2 en un https: host, una solicitud de actualización de http / 1.1 a http / 2 que no fue la primera solicitud en una conexión podría provocar una mala configuración y un fallo. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html http://www.openwall.com/lists/oss-security/2019/04/02/2 http://www.securityfocus.com/bid/107665 https://access.redhat.com/errata/RHSA-2019:3932 https://access.redhat.com/errata/RHSA-2019:3933 https://access.redhat.com/errata/RHSA-2019:3935 https://httpd.apac • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVE-2019-0211 – Apache HTTP Server Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-0211
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected. En Apache HTTP Server 2.4, versiones 2.4.17 a 2.4.38, con el evento MPM, worker o prefork, el código ejecutándose en procesos hijo (o hilos) menos privilegiados (incluyendo scripts ejecutados por un intérprete de scripts en proceso) podría ejecutar código arbitrario con los privilegios del proceso padre (normalmente root) manipulando el marcador. Los sistemas que no son Unix no se ven afectados. A flaw was found in Apache where code executing in a less-privileged child process or thread could execute arbitrary code with the privilege of the parent process (usually root). • https://www.exploit-db.com/exploits/46676 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html http://packetstormsecurity.com/files/152386/Apache-2.4.38-Root-Privilege-Escalation.html http://packetstormsecurity.com/files/152415/Slackware-Security-Advisory-httpd-Updates.html http://packetstormsecurity.com/files/152441/CARPE-DIEM-Apache-2.4.x • CWE-250: Execution with Unnecessary Privileges CWE-416: Use After Free •
CVE-2018-17189 – httpd: mod_http2: DoS via slow, unneeded request bodies
https://notcve.org/view.php?id=CVE-2018-17189
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections. En Apache HTTP Server, en sus versiones 2.4.37 y anteriores, mediante el envío de cuerpos de respuesta mediante la técnica del "slow loris" a recursos planos, la transmisión h2 para esa petición ocupó de forma innecesaria un hilo de servidor que limpiaba tales datos entrantes. Esto afecta solo a las conexiones HTTP/2 (mod_http2). • http://www.securityfocus.com/bid/106685 https://access.redhat.com/errata/RHSA-2019:3932 https://access.redhat.com/errata/RHSA-2019:3933 https://access.redhat.com/errata/RHSA-2019:3935 https://access.redhat.com/errata/RHSA-2019:4126 https://httpd.apache.org/security/vulnerabilities_24.html https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache • CWE-400: Uncontrolled Resource Consumption •
CVE-2016-5387 – HTTPD: sets environmental variable based on user supplied Proxy request header
https://notcve.org/view.php?id=CVE-2016-5387
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability. El Apache HTTP Server hasta la versión 2.4.23 sigue a RFC 3875 sección 4.1.18 y por lo tanto no protege aplicaciones de la presencia de datos de clientes no confiables en ambiente variable de HTTP_PROXY, lo que puede permitir a atacantes remotos redireccionar el tráfico HTTP saliente de aplicación a un servidor proxy arbitrario a través de una cabecera Proxy manipulada en una petición HTTP, también conocido como problema "httpoxy". NOTA: el vendedor afirma "Se ha asignado a esta mitigación el identificador CVE-2016-5387"; en otras palabras, esto no es un CVE ID para una vulnerabilidad. It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. • http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html http://rhn.redhat.com/errata/RHSA-2016-1624.html http://rhn.redhat.com/errata/RHSA-2016-1625.html http://rhn.redhat.com/errata/RHSA-2016-1648.html http://rhn.redhat.com/errata/RHSA-2016-1649.html http://rhn.redhat.com/errata/RHSA-2016-1650.html http://www.debian.org/security/2016/dsa-3623 http://www.kb.cert.org/vuls/id/797896 http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html • CWE-20: Improper Input Validation •
CVE-2007-1352 – Multiple font integer overflows (CVE-2007-1352)
https://notcve.org/view.php?id=CVE-2007-1352
Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow. Desbordamiento de entero en la función FontFileInitTable en X.Org libXfont versiones anteriores a 20070403 permite a usuarios remotos autenticados ejecutar código de su elección mediante una primera línea larga en el fichero fonts.dir, lo cual resulta en un desbordamiento de montón. • http://issues.foresightlinux.org/browse/FL-223 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=502 http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html http://rhn.redhat.com/errata/RHSA-2007-0125.html http://secunia.com/advisories/24741 http://secunia.com/advisories/24745 http://secunia.com/advisories/ •