Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2021-0577)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2021.0577

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2021-0577)

Resumen: The remote host is missing an update for the 'apache' package(s) announced via the MGASA-2021-0577 advisory.

Descripción: Summary:
The remote host is missing an update for the 'apache' package(s) announced via the MGASA-2021-0577 advisory.

Vulnerability Insight:
Updated apache packages fix security vulnerabilities:
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests
on) can cause a crash (NULL pointer dereference) or, for configurations
mixing forward and reverse proxy declarations, can allow for requests to
be directed to a declared Unix Domain Socket endpoint (Server Side Request
Forgery) (CVE-2021-44224).

A carefully crafted request body can cause a buffer overflow in the mod_lua
multipart parser (r:parsebody() called from Lua scripts). The Apache httpd
team is not aware of an exploit for the vulnerability though it might be
possible to craft one (CVE-2021-44790).

Affected Software/OS:
'apache' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2021-44224
https://security.netapp.com/advisory/ntap-20211224-0001/
https://www.tenable.com/security/tns-2022-01
https://www.tenable.com/security/tns-2022-03
Debian Security Information: DSA-5035 (Google Search)
https://www.debian.org/security/2022/dsa-5035
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/
http://seclists.org/fulldisclosure/2022/May/38
http://seclists.org/fulldisclosure/2022/May/35
http://seclists.org/fulldisclosure/2022/May/33
https://security.gentoo.org/glsa/202208-20
http://httpd.apache.org/security/vulnerabilities_24.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
http://www.openwall.com/lists/oss-security/2021/12/20/3
Common Vulnerability Exposure (CVE) ID: CVE-2021-44790
http://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.html
http://www.openwall.com/lists/oss-security/2021/12/20/4

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2021.0577
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2021-0577)
Resumen:	The remote host is missing an update for the 'apache' package(s) announced via the MGASA-2021-0577 advisory.
Descripción:	Summary: The remote host is missing an update for the 'apache' package(s) announced via the MGASA-2021-0577 advisory. Vulnerability Insight: Updated apache packages fix security vulnerabilities: A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery) (CVE-2021-44224). A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one (CVE-2021-44790). Affected Software/OS: 'apache' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2021-44224 https://security.netapp.com/advisory/ntap-20211224-0001/ https://www.tenable.com/security/tns-2022-01 https://www.tenable.com/security/tns-2022-03 Debian Security Information: DSA-5035 (Google Search) https://www.debian.org/security/2022/dsa-5035 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/ http://seclists.org/fulldisclosure/2022/May/38 http://seclists.org/fulldisclosure/2022/May/35 http://seclists.org/fulldisclosure/2022/May/33 https://security.gentoo.org/glsa/202208-20 http://httpd.apache.org/security/vulnerabilities_24.html https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujan2022.html http://www.openwall.com/lists/oss-security/2021/12/20/3 Common Vulnerability Exposure (CVE) ID: CVE-2021-44790 http://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.html http://www.openwall.com/lists/oss-security/2021/12/20/4
Copyright	Copyright (C) 2022 Greenbone AG