SB2022120609 - Multiple vulnerabilities in HPE HP-UX Apache Web Server

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022120609

SB2022120609 - Multiple vulnerabilities in HPE HP-UX Apache Web Server

Published: December 6, 2022 Updated: June 28, 2024

Security Bulletin ID SB2022120609
Severity
Medium
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 60% Low 40%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Improper Authentication (CVE-ID: CVE-2022-31813)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in mod_proxy implementation, where the web server may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. A remote attacker can bypass IP based authentication on the origin server/application and gain access to otherwise restricted functionality.


2) Resource exhaustion (CVE-ID: CVE-2022-30522)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to mod_sed does not properly control consumption of internal resources, if the web server is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


3) Out-of-bounds read (CVE-ID: CVE-2022-28615)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the ap_strcmp_match() function when processing an extremely large input buffer. A remote attacker can send a specially crafted HTTP request to the web server, trigger an out-of-bounds read error and read contents of memory on the system.

Note, the code distributed with the Apache HTTP Server cannot be coerced into such a call. The vulnerability can affect third-party modules or lua scripts that use ap_strcmp_match().


4) Out-of-bounds read (CVE-ID: CVE-2022-28614)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the ap_rwrite() function. A remote attacker can with the ability to force the server to reflect a very large input using ap_rwrite() or ap_rputs() (such as with mod_luas r:puts() function) can trigger an out-of-bounds read error and read read unintended memory on the system.


5) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2022-26377)

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests in mod_proxy_ajp. A remote attacker can send a specially crafted HTTP request to the server and smuggle requests to the AJP server it forwards requests to.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.


Remediation

Install update from vendor's website.

References