SB2024012939 - HP-UX update for Apache Web Server

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Resource management error (CVE-ID: CVE-2023-45802)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the server when handling HTTP/2 requests. A remote attacker can send multiple requests to the server and perform a denial of service (DoS) attack.

2) Resource management error (CVE-ID: CVE-2023-43622)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the server when processing HTTP/2 connections with window size of 0. A remote attacker can exhaust available workers on the server and perform a denial of service (DoS) attack.

3) Out-of-bounds read (CVE-ID: CVE-2023-31122)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within mod_macro module. A remote attacker can send specially crafted requests to the server, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.

4) Buffer overflow (CVE-ID: CVE-2006-20001)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the mod_dav module when handling HTTP requests. A remote attacker can send a specially crafted HTTP request, trigger a one byte buffer overflow and perform a denial of service (DoS) attack.

5) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2022-36760)

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests in mod_proxy_ajp. A remote attacker can send a specially crafted HTTP request to the web server and smuggle arbitrary HTTP headers to the AJP server it forwards requests to.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.

6) HTTP response splitting (CVE-ID: CVE-2022-37436)

The vulnerability allows a remote attacker to perform HTTP splitting attacks.

The vulnerability exists due to software does not correctly process CRLF character sequences within the mod_proxy module. A remote attacker can send specially crafted request containing CRLF sequence and make the application to send a split HTTP response.

Successful exploitation of the vulnerability may allow an attacker perform cache poisoning attack.

7) HTTP response splitting (CVE-ID: CVE-2023-25690)

The vulnerability allows a remote attacker to perform HTTP splitting attacks.

The vulnerability exists due to software does not correclty process CRLF character sequences in mod_rewrite and mod_proxy. A remote attacker can send specially crafted request containing CRLF sequence and make the application to send a split HTTP response.

Successful exploitation of the vulnerability may allow an attacker perform cache poisoning attack.

8) HTTP response splitting (CVE-ID: CVE-2023-27522)

The vulnerability allows a remote attacker to perform HTTP splitting attacks.

The vulnerability exists due to software does not correclty process CRLF character sequences in mod_proxy_uwsgi. A remote attacker can send specially crafted request containing CRLF sequence and make the application to send a split HTTP response.

Successful exploitation of the vulnerability may allow an attacker perform cache poisoning attack.

Remediation

Install update from vendor's website.

References

• https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbux04589en_us