ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2021.0439
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2021-0439)
Resumen:	The remote host is missing an update for the 'apache' package(s) announced via the MGASA-2021-0439 advisory.
Descripción:	Summary: The remote host is missing an update for the 'apache' package(s) announced via the MGASA-2021-0439 advisory. Vulnerability Insight: A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. (CVE-2021-33193) Malformed requests may cause the server to dereference a NULL pointer. (CVE-2021-34798) A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). (CVE-2021-36160) ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. (CVE-2021-39275) A crafted request uri-path can cause mod_proxy to forward the request to an origin server chosen by the remote user. (CVE-2021-40438) Affected Software/OS: 'apache' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2021-33193 Cisco Security Advisory: 20211124 Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ https://security.netapp.com/advisory/ntap-20210917-0004/ https://www.tenable.com/security/tns-2021-17 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSM6UWQICBJ2TU727RENU3HBKEAFLT6T/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EUVJVRJRBW5QVX4OY3NOHZDQ3B3YOTSG/ https://security.gentoo.org/glsa/202208-20 https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c.patch https://portswigger.net/research/http2 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujan2022.html https://lists.debian.org/debian-lts-announce/2023/03/msg00002.html https://lists.apache.org/thread.html/ree7519d71415ecdd170ff1889cab552d71758d2ba2904a17ded21a70@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re4162adc051c1a0a79e7a24093f3776373e8733abaff57253fef341d@%3Ccvs.httpd.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2021-34798 https://kc.mcafee.com/corporate/index?page=content&id=SB10379 https://security.netapp.com/advisory/ntap-20211008-0004/ Debian Security Information: DSA-4982 (Google Search) https://www.debian.org/security/2021/dsa-4982 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/ http://httpd.apache.org/security/vulnerabilities_24.html https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3Cusers.httpd.apache.org%3E https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3Cusers.httpd.apache.org%3E https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3Cusers.httpd.apache.org%3E https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3Cusers.httpd.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2021-36160 https://lists.debian.org/debian-lts-announce/2021/09/msg00016.html https://lists.debian.org/debian-lts-announce/2021/10/msg00016.html https://lists.apache.org/thread.html/r73260f6ba9fb52e43d860905fc90462ba5a814afda2d011f32bbd41c@%3Cbugs.httpd.apache.org%3E https://lists.apache.org/thread.html/ra1c05a392587bfe34383dffe1213edc425de8d4afc25b7cefab3e781@%3Cbugs.httpd.apache.org%3E https://lists.apache.org/thread.html/r7f2746e916ed370239bc1a1025e5ebbf345f79df9ea0ea39e44acfbb@%3Cbugs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37@%3Cbugs.httpd.apache.org%3E https://lists.apache.org/thread.html/r94a61a1517133a19dcf40016e87454ea86e355d06a0cec4c778530f3@%3Cbugs.httpd.apache.org%3E https://lists.apache.org/thread.html/ra87a69d0703d09dc52b86e32b08f8d7327af10acdd5f577a4e82596a@%3Cbugs.httpd.apache.org%3E https://lists.apache.org/thread.html/rb2341c8786d0f9924f5b666e82d8d170b4804f50a523d750551bef1a@%3Cbugs.httpd.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2021-39275 https://httpd.apache.org/security/vulnerabilities_24.html Common Vulnerability Exposure (CVE) ID: CVE-2021-40438 https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00@%3Cusers.httpd.apache.org%3E https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a@%3Cusers.httpd.apache.org%3E
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.