Detections
Analytics

RHEL 6 / 7 : httpd24 (RHSA-2018:3558)

critical Nessus Plugin ID 194113

Language:

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3558 advisory.

 The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module.

 The following packages have been upgraded to a later upstream version: httpd24-httpd (2.4.34), httpd24-curl (7.61.1). (BZ#1590833, BZ#1648928)

 Security Fix(es):

 * httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications (CVE-2018-1283)

 * httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause DoS (CVE-2018-1303)

 * httpd: mod_http2: Too much time allocated to workers, possibly leading to DoS (CVE-2018-1333)

 * httpd: DoS for HTTP/2 connections by continuous SETTINGS frames (CVE-2018-11763)

 * httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values (CVE-2017-15710)

 * httpd: <FilesMatch> bypass with a trailing newline in the file name (CVE-2017-15715)

 * httpd: Out of bounds access after failure in reading the HTTP request (CVE-2018-1301)

 * httpd: Weak Digest auth nonce generation in mod_auth_digest (CVE-2018-1312)

 * curl: Multiple security issues were fixed in httpd24-curl (CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, CVE-2016-7141, CVE-2016-7167, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625, CVE-2016-9586, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000254, CVE-2017-1000257, CVE-2017-7407, CVE-2017-8816, CVE-2017-8817, CVE-2018-1000007, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, CVE-2018-1000301, CVE-2018-14618)

 For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

 Red Hat would like to thank the Curl project for reporting CVE-2017-8816, CVE-2017-8817, CVE-2017-1000254, CVE-2017-1000257, CVE-2018-1000007, CVE-2018-1000120, CVE-2018-1000122, CVE-2018-1000301, CVE-2016-9586, CVE-2017-1000100, CVE-2017-1000101, CVE-2018-14618, and CVE-2018-1000121. Upstream acknowledges Alex Nichols as the original reporter of CVE-2017-8816; the OSS-Fuzz project as the original reporter of CVE-2017-8817 and CVE-2018-1000301; Max Dymond as the original reporter of CVE-2017-1000254 and CVE-2018-1000122; Brian Carpenter and the OSS-Fuzz project as the original reporters of CVE-2017-1000257;
 Craig de Stigter as the original reporter of CVE-2018-1000007; Duy Phan Thanh as the original reporter of CVE-2018-1000120; Even Rouault as the original reporter of CVE-2017-1000100; Brian Carpenter as the original reporter of CVE-2017-1000101; Zhaoyang Wu as the original reporter of CVE-2018-14618; and Dario Weisser as the original reporter of CVE-2018-1000121.

 Bug Fix(es):

 * Previously, the Apache HTTP Server from the httpd24 Software Collection was unable to handle situations when static content was repeatedly requested in a browser by refreshing the page. As a consequence, HTTP/2 connections timed out and httpd became unresponsive. This bug has been fixed, and HTTP/2 connections now work as expected in the described scenario. (BZ#1518737)

 Enhancement(s):

 * This update adds the mod_md module to the httpd24 Software Collection. This module enables managing domains across virtual hosts and certificate provisioning using the Automatic Certificate Management Environment (ACME) protocol. The mod_md module is available only for Red Hat Enterprise Linux 7.
 (BZ#1640722)

 Additional Changes:

 For detailed information on changes in this release, see the Red Hat Software Collections 3.2 Release Notes linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?2bedbc08

https://access.redhat.com/security/updates/classification/#moderate

http://www.nessus.org/u?67615582

https://bugzilla.redhat.com/show_bug.cgi?id=1362183

https://bugzilla.redhat.com/show_bug.cgi?id=1362190

https://bugzilla.redhat.com/show_bug.cgi?id=1362199

https://bugzilla.redhat.com/show_bug.cgi?id=1373229

https://bugzilla.redhat.com/show_bug.cgi?id=1375906

https://bugzilla.redhat.com/show_bug.cgi?id=1388370

https://bugzilla.redhat.com/show_bug.cgi?id=1388371

https://bugzilla.redhat.com/show_bug.cgi?id=1388377

https://bugzilla.redhat.com/show_bug.cgi?id=1388378

https://bugzilla.redhat.com/show_bug.cgi?id=1388379

https://bugzilla.redhat.com/show_bug.cgi?id=1388382

https://bugzilla.redhat.com/show_bug.cgi?id=1388385

https://bugzilla.redhat.com/show_bug.cgi?id=1388386

https://bugzilla.redhat.com/show_bug.cgi?id=1388388

https://bugzilla.redhat.com/show_bug.cgi?id=1388390

https://bugzilla.redhat.com/show_bug.cgi?id=1388392

https://bugzilla.redhat.com/show_bug.cgi?id=1406712

https://bugzilla.redhat.com/show_bug.cgi?id=1439190

https://bugzilla.redhat.com/show_bug.cgi?id=1478309

https://bugzilla.redhat.com/show_bug.cgi?id=1478310

https://bugzilla.redhat.com/show_bug.cgi?id=1495541

https://bugzilla.redhat.com/show_bug.cgi?id=1503705

https://bugzilla.redhat.com/show_bug.cgi?id=1515757

https://bugzilla.redhat.com/show_bug.cgi?id=1515760

https://bugzilla.redhat.com/show_bug.cgi?id=1518737

https://bugzilla.redhat.com/show_bug.cgi?id=1537125

https://bugzilla.redhat.com/show_bug.cgi?id=1540167

https://bugzilla.redhat.com/show_bug.cgi?id=1552628

https://bugzilla.redhat.com/show_bug.cgi?id=1552631

https://bugzilla.redhat.com/show_bug.cgi?id=1553398

https://bugzilla.redhat.com/show_bug.cgi?id=1558450

https://bugzilla.redhat.com/show_bug.cgi?id=1560395

https://bugzilla.redhat.com/show_bug.cgi?id=1560399

https://bugzilla.redhat.com/show_bug.cgi?id=1560599

https://bugzilla.redhat.com/show_bug.cgi?id=1560614

https://bugzilla.redhat.com/show_bug.cgi?id=1560634

https://bugzilla.redhat.com/show_bug.cgi?id=1560643

https://bugzilla.redhat.com/show_bug.cgi?id=1575536

https://bugzilla.redhat.com/show_bug.cgi?id=1605048

https://bugzilla.redhat.com/show_bug.cgi?id=1622707

https://bugzilla.redhat.com/show_bug.cgi?id=1628389

https://bugzilla.redhat.com/show_bug.cgi?id=1633260

https://bugzilla.redhat.com/show_bug.cgi?id=1633399

https://bugzilla.redhat.com/show_bug.cgi?id=1634830

https://bugzilla.redhat.com/show_bug.cgi?id=1640722

https://bugzilla.redhat.com/show_bug.cgi?id=1646937

https://bugzilla.redhat.com/show_bug.cgi?id=1648928

https://access.redhat.com/errata/RHSA-2018:3558

Plugin Details

Severity: Critical

ID: 194113

File Name: redhat-RHSA-2018-3558.nasl

Version: 1.1

Type: local

Agent: unix

Published: 4/27/2024

Updated: 3/16/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2018-14618

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:httpd24-curl, p-cpe:/a:redhat:enterprise_linux:httpd24-mod_md, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:httpd24-httpd-manual, p-cpe:/a:redhat:enterprise_linux:httpd24-libcurl, p-cpe:/a:redhat:enterprise_linux:httpd24-mod_ldap, cpe:/o:redhat:enterprise_linux:6, p-cpe:/a:redhat:enterprise_linux:httpd24-libnghttp2-devel, p-cpe:/a:redhat:enterprise_linux:httpd24-httpd-devel, p-cpe:/a:redhat:enterprise_linux:httpd24-mod_session, p-cpe:/a:redhat:enterprise_linux:httpd24-mod_ssl, p-cpe:/a:redhat:enterprise_linux:httpd24-mod_proxy_html, p-cpe:/a:redhat:enterprise_linux:httpd24-nghttp2, p-cpe:/a:redhat:enterprise_linux:httpd24-libcurl-devel, p-cpe:/a:redhat:enterprise_linux:httpd24-libnghttp2, p-cpe:/a:redhat:enterprise_linux:httpd24-httpd-tools, p-cpe:/a:redhat:enterprise_linux:httpd24-httpd

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 11/13/2018

Vulnerability Publication Date: 8/3/2016

Reference Information

CVE: CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, CVE-2016-7141, CVE-2016-7167, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625, CVE-2016-9586, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000254, CVE-2017-1000257, CVE-2017-15710, CVE-2017-15715, CVE-2017-7407, CVE-2017-8816, CVE-2017-8817, CVE-2018-1000007, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, CVE-2018-1000301, CVE-2018-11763, CVE-2018-1283, CVE-2018-1301, CVE-2018-1303, CVE-2018-1312, CVE-2018-1333, CVE-2018-14618

CWE: 120, 122, 125, 190, 20, 200, 287, 295, 305, 400, 416, 476, 787, 99

RHSA: 2018:3558