Google Researcher Reported 3 Flaws in Apache Web Server Software

2020-08-24 23:52

Apache recently fixed multiple vulnerabilities in its web server software that could have potentially led to the execution of arbitrary code and, in specific scenarios, even could allow attackers to cause a crash and denial of service.

The first of the three issues involve a possible remote code execution vulnerability due to a buffer overflow with the "Mod uwsgi" module, potentially allowing an adversary to view, change, or delete sensitive data depending on the privileges associated with an application running on the server.

"[A] Malicious request may result in information disclosure or of an existing file on the server running under a malicious process environment," Apache noted.

Cache Digest is part of a now-abandoned web optimization feature that aims to address an issue with server pushes - which allows a server to preemptively send responses to a client ahead of time - by allowing the clients to inform the server of their freshly cached contents so that bandwidth is not wasted in sending resources that are already in the client's cache.

On unpatched servers, this issue can be resolved by turning the HTTP/2 server push feature off.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/cYGctiJhlX8/apache-webserver-security.html

#apache #google #researcher #server #WEB

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Google		141	995	4854	2783	1620	10252
Apache		295	59	847	633	289	1828