Skip to content

GitLab

aports
aports
Closed
Opened by Natanael Copa@ncopa
Report abuse New issue

[v2.2] apache2 < 2.2.22: Various vulnerabilities (CVE-2012-0021, CVE-2012-0031, CVE-2012-0053, CVE-2011-3368)

low: mod_log_config crash CVE-2012-0021

A flaw was found in mod_log_config. If the ‘%{cookiename}C’ log format string is in use, a remote attacker could send a specific cookie causing a crash. This crash would only be a denial of service if using a threaded MPM.
Reported to security team: 30th December 2011
Issue public: 28th November 2011
Update released: 31st January 2012
Affected: 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17

low: scoreboard parent DoS CVE-2012-0031

A flaw was found in the handling of the scoreboard. An unprivileged child process could cause the parent process to crash at shutdown rather than terminate cleanly.

Acknowledgements: This issue was reported by halfdog
Reported to security team: 30th December 2011
Issue public: 11th January 2012
Update released: 31st January 2012
Affected: 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0

moderate: error responses can expose cookies CVE-2012-0053

A flaw was found in the default error response for status code 400. This flaw could be used by an attacker to expose “httpOnly” cookies when no custom ErrorDocument is specified.

Acknowledgements: This issue was reported by Norman Hippert
Reported to security team: 15th January 2012
Issue public: 23rd January 2012
Update released: 31st January 2012
Affected: 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0

moderate: mod_proxy reverse proxy exposure CVE-2011-3368

An exposure was found when using mod_proxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to attacker.

Acknowledgements: This issue was reported by Context Information Security Ltd
Reported to security team: 16th September 2011
Issue public: 5th October 2011
Update released: 31st January 2012
Affected: 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0

http://httpd.apache.org/security/vulnerabilities\_22.html

Solution: upgrade to 2.2.22

(from redmine: issue id 984, created on 2012-02-01, closed on 2012-02-01)

  • Changesets:
    • Revision 8473281f by Natanael Copa on 2012-02-01T08:01:39Z:
main/apache2: security upgrade to 2.2.22 (CVE-2012-0021, CVE-2012-0031, CVE-2012-0053, CVE-2011-3368)

low: mod_log_config crash CVE-2012-0021
low: scoreboard parent DoS CVE-2012-0031
moderate: error responses can expose cookies CVE-2012-0053
moderate: mod_proxy reverse proxy exposure CVE-2011-3368

This release also include the previosly patched:
low: mod_setenvif .htaccess privilege escalation CVE-2011-3607
moderate: mod_proxy reverse proxy exposure CVE-2011-4317

fixes #984

The one place for your designs

To enable design management, you'll need to meet the requirements. If you need help, reach out to our support team for assistance.