Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS2-2021-1674

Related Vulnerabilities: CVE-2019-17567   CVE-2020-13938   CVE-2020-13950   CVE-2020-35452   CVE-2021-26690   CVE-2021-26691   CVE-2021-30641  

A flaw was found in Apache httpd. The mod_proxy_wstunnel module tunnels non-upgraded connections. (CVE-2019-17567) A flaw was found in HTTPd. In some Apache HTTP Server versions, unprivileged local users can stop HTTPd on Windows. The highest threat from this vulnerability is to system availability. (CVE-2020-13938) A flaw was found In Apache httpd. The mod_proxy has a NULL pointer dereference. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-13950) A flaw was found in Apache httpd. The mod_auth_digest has a single zero byte stack overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-35452) A NULL pointer dereference was found in Apache httpd mod_session. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-26690) A heap overflow flaw was found In Apache httpd mod_session. The highest threat from this vulnerability is to system availability. (CVE-2021-26691) A flaw was found in Apache httpd. A possible regression from an earlier security fix broke behavior of MergeSlashes. The highest threat from this vulnerability is to data integrity. (CVE-2021-30641)

Source

ALAS2-2021-1674

Amazon Linux 2 Security Advisory: ALAS-2021-1674
Advisory Release Date: 2021-07-01 00:59 Pacific
Advisory Updated Date: 2021-07-01 20:28 Pacific
Severity: Medium
Issue Overview:

A flaw was found in Apache httpd. The mod_proxy_wstunnel module tunnels non-upgraded connections. (CVE-2019-17567)

A flaw was found in HTTPd. In some Apache HTTP Server versions, unprivileged local users can stop HTTPd on Windows. The highest threat from this vulnerability is to system availability. (CVE-2020-13938)

A flaw was found In Apache httpd. The mod_proxy has a NULL pointer dereference. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-13950)

A flaw was found in Apache httpd. The mod_auth_digest has a single zero byte stack overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-35452)

A NULL pointer dereference was found in Apache httpd mod_session. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-26690)

A heap overflow flaw was found In Apache httpd mod_session. The highest threat from this vulnerability is to system availability. (CVE-2021-26691)

A flaw was found in Apache httpd. A possible regression from an earlier security fix broke behavior of MergeSlashes. The highest threat from this vulnerability is to data integrity. (CVE-2021-30641)


Affected Packages:

httpd


Issue Correction:
Run yum update httpd to update your system.

New Packages:
aarch64:
    httpd-2.4.48-2.amzn2.aarch64
    httpd-devel-2.4.48-2.amzn2.aarch64
    httpd-tools-2.4.48-2.amzn2.aarch64
    mod_ssl-2.4.48-2.amzn2.aarch64
    mod_md-2.4.48-2.amzn2.aarch64
    mod_proxy_html-2.4.48-2.amzn2.aarch64
    mod_ldap-2.4.48-2.amzn2.aarch64
    mod_session-2.4.48-2.amzn2.aarch64
    httpd-debuginfo-2.4.48-2.amzn2.aarch64

i686:
    httpd-2.4.48-2.amzn2.i686
    httpd-devel-2.4.48-2.amzn2.i686
    httpd-tools-2.4.48-2.amzn2.i686
    mod_ssl-2.4.48-2.amzn2.i686
    mod_md-2.4.48-2.amzn2.i686
    mod_proxy_html-2.4.48-2.amzn2.i686
    mod_ldap-2.4.48-2.amzn2.i686
    mod_session-2.4.48-2.amzn2.i686
    httpd-debuginfo-2.4.48-2.amzn2.i686

noarch:
    httpd-manual-2.4.48-2.amzn2.noarch
    httpd-filesystem-2.4.48-2.amzn2.noarch

src:
    httpd-2.4.48-2.amzn2.src

x86_64:
    httpd-2.4.48-2.amzn2.x86_64
    httpd-devel-2.4.48-2.amzn2.x86_64
    httpd-tools-2.4.48-2.amzn2.x86_64
    mod_ssl-2.4.48-2.amzn2.x86_64
    mod_md-2.4.48-2.amzn2.x86_64
    mod_proxy_html-2.4.48-2.amzn2.x86_64
    mod_ldap-2.4.48-2.amzn2.x86_64
    mod_session-2.4.48-2.amzn2.x86_64
    httpd-debuginfo-2.4.48-2.amzn2.x86_64

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started