Test Kennung:	1.3.6.1.4.1.25623.1.0.112896
Kategorie:	Web Servers
Titel:	Apache HTTP Server 2.4.0 - 2.4.46 Multiple Vulnerabilities - Windows
Zusammenfassung:	Apache HTTP Server is prone to multiple vulnerabilities.
Beschreibung:	Summary: Apache HTTP Server is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - CVE-2020-13938: Improper Handling of Insufficient Privileges - CVE-2020-35452: mod_auth_digest possible stack overflow by one null byte - CVE-2021-26690: mod_session NULL pointer dereference - CVE-2021-26691: mod_session response handling heap overflow Vulnerability Impact: - CVE-2020-13938: This flaw lets unprivileged local users stop httpd on Windows. - CVE-2020-35452: A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. - CVE-2021-26690: A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service. - CVE-2021-26691: A specially crafted SessionHeader sent by an origin server could cause a heap overflow. Affected Software/OS: Apache HTTP Server versions 2.4.0 to 2.4.46 on Windows. Solution: Update to version 2.4.48 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2020-13938 http://httpd.apache.org/security/vulnerabilities_24.html https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5fdc4fbbc7ddb816c843329a9accdcf284ade86e8d77b8c2a6d9bc30@%3Cannounce.httpd.apache.org%3E https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E http://www.openwall.com/lists/oss-security/2021/06/10/3 Common Vulnerability Exposure (CVE) ID: CVE-2020-35452 https://security.netapp.com/advisory/ntap-20210702-0001/ Debian Security Information: DSA-4937 (Google Search) https://www.debian.org/security/2021/dsa-4937 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/ https://security.gentoo.org/glsa/202107-38 https://www.oracle.com/security-alerts/cpuoct2021.html https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html https://lists.apache.org/thread.html/rccb1b8225583a48c6360edc7a93cc97ae8b0215791e455dc607e7602@%3Cannounce.httpd.apache.org%3E http://www.openwall.com/lists/oss-security/2021/06/10/5 Common Vulnerability Exposure (CVE) ID: CVE-2021-26690 https://lists.apache.org/thread.html/rae406c1d19c0dfd3103c96923dadac2af1cd0bad6905ab1ede153865@%3Cannounce.httpd.apache.org%3E http://www.openwall.com/lists/oss-security/2021/06/10/6 Common Vulnerability Exposure (CVE) ID: CVE-2021-26691 https://www.oracle.com/security-alerts/cpujan2022.html https://lists.apache.org/thread.html/r50cae1b71f1e7421069036b213c26da7d8f47dd59874e3bd956959fe@%3Cannounce.httpd.apache.org%3E http://www.openwall.com/lists/oss-security/2021/06/10/7
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.