summaryrefslogtreecommitdiffstats
path: root/CHANGES
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-08-05 09:59:47 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-08-05 09:59:47 +0000
commitdb3acad040f4369109cb222a370f839d2ce9d42a (patch)
tree280747280299f9f85e876e7958bfa9041da653ab /CHANGES
parentAdding debian version 2.4.60-1. (diff)
downloadapache2-db3acad040f4369109cb222a370f839d2ce9d42a.tar.xz
apache2-db3acad040f4369109cb222a370f839d2ce9d42a.zip
Merging upstream version 2.4.61.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'CHANGES')
-rw-r--r--CHANGES85
1 files changed, 85 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index a1cf74d..eea1e55 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,91 @@
-*- coding: utf-8 -*-
+Changes with Apache 2.4.61
+
Changes with Apache 2.4.60
+ *) SECURITY: CVE-2024-39573: Apache HTTP Server: mod_rewrite proxy
+ handler substitution (cve.mitre.org)
+ Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and
+ earlier allows an attacker to cause unsafe RewriteRules to
+ unexpectedly setup URL's to be handled by mod_proxy.
+ Credits: Orange Tsai (@orange_8361) from DEVCORE
+
+ *) SECURITY: CVE-2024-38477: Apache HTTP Server: Crash resulting in
+ Denial of Service in mod_proxy via a malicious request
+ (cve.mitre.org)
+ null pointer dereference in mod_proxy in Apache HTTP Server
+ 2.4.59 and earlier allows an attacker to crash the server via a
+ malicious request.
+ Credits: Orange Tsai (@orange_8361) from DEVCORE
+
+ *) SECURITY: CVE-2024-38476: Apache HTTP Server may use
+ exploitable/malicious backend application output to run local
+ handlers via internal redirect (cve.mitre.org)
+ Vulnerability in core of Apache HTTP Server 2.4.59 and earlier
+ are vulnerably to information disclosure, SSRF or local script
+ execution via backend applications whose response headers are
+ malicious or exploitable.
+
+ Note: Some legacy uses of the 'AddType' directive to connect a
+ request to a handler must be ported to 'AddHandler' after this fix.
+
+ Credits: Orange Tsai (@orange_8361) from DEVCORE
+
+ *) SECURITY: CVE-2024-38475: Apache HTTP Server weakness in
+ mod_rewrite when first segment of substitution matches
+ filesystem path. (cve.mitre.org)
+ Improper escaping of output in mod_rewrite in Apache HTTP Server
+ 2.4.59 and earlier allows an attacker to map URLs to filesystem
+ locations that are permitted to be served by the server but are
+ not intentionally/directly reachable by any URL, resulting in
+ code execution or source code disclosure.
+ Substitutions in server context that use a backreferences or
+ variables as the first segment of the substitution are affected.
+ Some unsafe RewiteRules will be broken by this change and the
+ rewrite flag "UnsafePrefixStat" can be used to opt back in once
+ ensuring the substitution is appropriately constrained.
+ Credits: Orange Tsai (@orange_8361) from DEVCORE
+
+ *) SECURITY: CVE-2024-38474: Apache HTTP Server weakness with
+ encoded question marks in backreferences (cve.mitre.org)
+ Substitution encoding issue in mod_rewrite in Apache HTTP Server
+ 2.4.59 and earlier allows attacker to execute scripts in
+ directories permitted by the configuration but not directly
+ reachable by any URL or source disclosure of scripts meant to
+ only to be executed as CGI.
+
+ Note: Some RewriteRules that capture and substitute unsafely will now
+ fail unless rewrite flag "UnsafeAllow3F" is specified.
+
+ Credits: Orange Tsai (@orange_8361) from DEVCORE
+
+ *) SECURITY: CVE-2024-38473: Apache HTTP Server proxy encoding
+ problem (cve.mitre.org)
+ Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and
+ earlier allows request URLs with incorrect encoding to be sent
+ to backend services, potentially bypassing authentication via
+ crafted requests.
+ Credits: Orange Tsai (@orange_8361) from DEVCORE
+
+ *) SECURITY: CVE-2024-38472: Apache HTTP Server on WIndows UNC SSRF
+ (cve.mitre.org)
+ SSRF in Apache HTTP Server on Windows allows to potentially leak
+ NTML hashes to a malicious server via SSRF and malicious
+ requests or content
+
+ Note: Existing configurations that access UNC paths
+ will have to configure new directive "UNCList" to allow access
+ during request processing.
+
+ Credits: Orange Tsai (@orange_8361) from DEVCORE
+
+ *) SECURITY: CVE-2024-36387: Apache HTTP Server: DoS by Null
+ pointer in websocket over HTTP/2 (cve.mitre.org)
+ Serving WebSocket protocol upgrades over a HTTP/2 connection
+ could result in a Null Pointer dereference, leading to a crash
+ of the server process, degrading performance.
+ Credits: Marc Stern (<marc.stern AT approach-cyber.com>)
+
*) mod_proxy: Fix DNS requests and connections closed before the
configured addressTTL. BZ 69126. [Yann Ylavic]