SB2018040502 - Arch Linux update for apache
Published: April 5, 2018 Updated: April 5, 2018
Security Bulletin ID
SB2018040502
Severity
Medium
Patch available
YES
Number of vulnerabilities
7
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 7 secuirty vulnerabilities.
1) Improper access control (CVE-ID: CVE-2018-1283)
The vulnerability allows a remote attacker to modify data on the target system.The weakness exists on systems with mod_session configured with SessionEnv on to forward session data to CGI applications due to improper input validation. A remote attacker can send a specially crafted 'Session' header value to potentially modify mod_session data.
2) Out-of-bounds read (CVE-ID: CVE-2018-1301)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to improper validation of user-supplied input. A remote attacker can send a specially crafted HTTP request to trigger an out-of-bounds memory access error after a header size limit has been reached to cause the target service to crash.
3) Null pointer dereference (CVE-ID: CVE-2018-1302)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to improper destruction of an HTTP/2 stream after being handled. A remote attacker can send a specially crafted HTTP/2 stream, write a NULL pointer value to an already freed memory space and cause the service to crash.
4) Out-of-bounds read (CVE-ID: CVE-2018-1303)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in Apache HTTPD mod_cache_socache due to improper validation of user-supplied input. A remote attacker can send a specially crafted HTTP request header, trigger an out-of-bounds memory read error in mod_cache_socache and cause the target service to crash.
5) Security restrictions bypass (CVE-ID: CVE-2018-1312)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.The weakness exists in Apache HTTPD mod_auth_digest due to improper generation of HTTP Digest authentication nonce. A remote attacker can replay HTTP requests across the cluster without detection by the target server(s) and bypass replay protection.
6) Out-of-bounds write (CVE-ID: CVE-2017-15710)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in HTTPD mod_authnz_ldap due to improper validation of user-supplied input. A remote attacker can send a specially crafted Accept-Language header value, trigger an out-of-bounds memory write error and potentially cause the target service to crash.
7) Security restrictions bypass (CVE-ID: CVE-2017-15715)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.The weakness exists on systems that allow uploading of user-specified filenames due to the '<FilesMatch>' expression may not correctly match characters in a filename. A remote attacker can supply a specially crafted filename to potentially bypass security controls that use the '<FilesMatch>' directive.
Remediation
Install update from vendor's website.