Security restrictions bypass in apache2 (Alpine package)

1) Security restrictions bypass

EUVDB-ID: #VU17178

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-17199

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to mod_session checks the session expiry time before decoding the session. A remote attacker сan cause session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded and reuse old session credentials or session IDs, which the attacker could use to access web pages previously accessed by a targeted user. 

Mitigation

Install update from vendor's website.

Vulnerable software versions

apache2 (Alpine package): 2.4.4-r0 - 2.4.37-r1

CPE2.3

• cpe:2.3:o:alpine:apache2_alpine_package:2.4.4-r0:*:*:*:*:alpine_linux:*:2.4
• cpe:2.3:o:alpine:apache2_alpine_package:2.4.4-r1:*:*:*:*:alpine_linux:*:2.4
• cpe:2.3:o:alpine:apache2_alpine_package:2.4.6-r0:*:*:*:*:alpine_linux:*:2.4

External links

https://git.alpinelinux.org/aports/commit/?id=9d23763439dabef4a81c7cc9c061b69048df9708
https://git.alpinelinux.org/aports/commit/?id=1d9e0b6cf8ba241e0cc1da807a574470b5aab156
https://git.alpinelinux.org/aports/commit/?id=86686eac58e8b2cd03eb04fdcdab2afdd4871e0c
https://git.alpinelinux.org/aports/commit/?id=b49cc47cb0358234399a4dee1ad276828120df5b
https://git.alpinelinux.org/aports/commit/?id=e82176fd8bf8ac0c0089a9b3daedcd2c52dafea3

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.