Amazon Linux AMI : httpd24 (ALAS-2019-1189)

high Nessus Plugin ID 123958

Synopsis

The remote Amazon Linux AMI host is missing a security update.

Description

In Apache HTTP Server with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. (CVE-2019-0211)

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.(CVE-2019-0220)

In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.(CVE-2019-0215)

A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38.
Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.(CVE-2019-0196)

A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set 'H2Upgrade on' are unaffected by this issue.(CVE-2019-0197)

A race condition was found in mod_auth_digest when the web server was running in a threaded MPM configuration. It could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.(CVE-2019-0217)

Solution

Run 'yum update httpd24' to update your system.

See Also

https://alas.aws.amazon.com/ALAS-2019-1189.html

Plugin Details

Severity: High

ID: 123958

File Name: ala_ALAS-2019-1189.nasl

Version: 1.10

Type: local

Agent: unix

Published: 4/10/2019

Updated: 12/6/2022

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2019-0211

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:mod24_md, p-cpe:/a:amazon:linux:mod24_ssl, p-cpe:/a:amazon:linux:httpd24-devel, p-cpe:/a:amazon:linux:httpd24-debuginfo, p-cpe:/a:amazon:linux:mod24_ldap, p-cpe:/a:amazon:linux:mod24_proxy_html, p-cpe:/a:amazon:linux:httpd24-tools, p-cpe:/a:amazon:linux:mod24_session, p-cpe:/a:amazon:linux:httpd24-manual, p-cpe:/a:amazon:linux:httpd24, cpe:/o:amazon:linux

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/5/2019

Vulnerability Publication Date: 4/8/2019

CISA Known Exploited Vulnerability Due Dates: 5/3/2022

Reference Information

CVE: CVE-2019-0196, CVE-2019-0197, CVE-2019-0211, CVE-2019-0215, CVE-2019-0217, CVE-2019-0220

ALAS: 2019-1189