cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

easyTravel security updates

Karolina_Linda
Community Team
Community Team

Apache updated to 2.4.53, SSL updated to 1.1.1n

Fixed in in easyTravel 2.0.0.3374

Apache:

Fixed CVE-2022-22721, CVE-2022-23943, CVE-2022-22720, CVE-2022-22719

SSL:

Fixed CVE-2022-0778

See: https://cve.mitre.org/index.html for details

Apache updated to 2.4.52, SSL updated to 1.1.1m

Fixed in in easyTravel 2.0.0.3373

Apache:

The version of Apache httpd installed on the remote host is prior to 2.4.52. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.52 advisory.

- A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)

- A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

 

OpenSSL in Apache updated to 1.1.1l and PHP updated to 7.3.30

Fixed in in easyTravel 2.0.0.3355

 

Apache updated to 2.4.48 with OpenSSL/1.1.1k and PHP updated to 7.3.28

Fixed in easyTravel 2.0.0.3331

Apache:

The version of Apache httpd installed on the remote host is prior to 2.4.48. It is, therefore, affected by a vulnerability as referenced in the 2.4.48 changelog.
- mod_http2: Fix a potential NULL pointer dereference (CVE-2021-31618)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Apache httpd installed on the remote host is prior to 2.4.47. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.47 changelog:

- Unexpected <Location> section matching with 'MergeSlashes OFF' (CVE-2021-30641)

- mod_auth_digest: possible stack overflow by one nul byte while validating the Digest nonce. (CVE-2020-35452)

- mod_session: Fix possible crash due to NULL pointer dereference, which could be used to cause a Denial of Service with a malicious backend server and SessionHeader. (CVE-2021-26691)

- mod_session: Fix possible crash due to NULL pointer dereference, which could be used to cause a Denial of Service.

(CVE-2021-26690)

- mod_proxy_http: Fix possible crash due to NULL pointer dereference, which could be used to cause a Denial of Service. (CVE-2020-13950)

- Windows: Prevent local users from stopping the httpd process (CVE-2020-13938)

- mod_proxy_wstunnel, mod_proxy_http: Handle Upgradable protocols end-to-end negotiation. (CVE-2019-17567)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

 

PHP updated to 7.3.27

Fixed in easyTravel 2.0.0.3314

The version of PHP installed on the remote host is 7.3.x prior to 7.3.26, 7.4.x prior to 7.4.14, or 8.x prior to 8.0.1.
It is, therefore, affected by an input validation error due to insufficient validation of a URL, as specified by the changelogs of the respective fixed releases. An unauthenticated, remote attacker can exploit this, by including an '@' character, in order to bypass the URL filter.

 

PHP updated to 7.3.26

Fixed in easyTravel 2.0.0.3302

The version of PHP installed on the remote host is 7.3.x prior to 7.3.26, 7.4.x prior to 7.4.14, or 8.x prior to 8.0.1.
It is, therefore, affected by an input validation error due to insufficient validation of a URL, as specified by the changelogs of the respective fixed releases. An unauthenticated, remote attacker can exploit this, by including an '@' character, in order to bypass the URL filter.

 

Openssl in apache updated to 1.1.1i

Fixed in easyTravel 2.0.0.3302

Openssl module used in apache was updated.

 

PHP update to 7.3.25

Fixed in easyTravel 2.0.0.3282

According to its self-reported version number, the version of PHP running on the remote web server is prior to 7.3.24. It is, therefore affected by multiple vulnerabilities

According to its self-reported version number, the version of PHP running on the remote web server is 7.2.x prior to 7.2.34, 7.3.x prior to 7.3.23 or 7.4.x prior to 7.4.11. It is, therefore, affected by multiple vulnerabilties:
- A weak cryptography vulnerability exists in PHP's openssl_encrypt function due to a failure to utilize all provided IV bytes. An unauthenticated, remote attacker could exploit this to reduce the level of security provided by the encryption scheme or affect the integrity of the encrypted data (CVE-2020-7069).
- A cookie forgery vulnerability exists in PHP's HTTP processing functionality. An unauthenticated, remote could expoit this to forge HTTP cookies which were supposed to be secure. (CVE-2020-7070)

 

Apache updated to 2.4.46 and PHP updated to 7.3.22

Fixed in easyTravel 2.0.0.3266

Apache

The version of Apache httpd installed on the remote host is prior to 2.4.44. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.46 advisory.

- Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE (CVE-2020-11984)
- Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above info will mitigate this vulnerability for unpatched servers. (CVE-2020-11993)
- Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards.
Configuring the HTTP/2 feature via H2Push off will mitigate this vulnerability for unpatched servers.
(CVE-2020-9490)

 

PHP

According to its self-reported version number, the version of PHP running on the remote web server is 7.3.x prior to 7.3.21. It is, therefore affected by a use-after-free vulnerability in the phar_parse function due to mishandling of the actual_alias variable. An unauthenticated, remote attacker could exploit this issue by dereferencing a freed pointer which could lead to arbitrary code execution.

 

Apache mod_status /server-status Information Disclosure

Fixed in easyTravel  2.0.0.3262

A remote unauthenticated attacker can obtain an overview of the remote Apache web server's activity and performance by requesting the URL '/server-status'. This overview includes information such as current hosts and requests being processed, the number of workers idle and service requests, and CPU utilization.

 

MongoDB Service Without Authentication

Fixed in docker images for easyTravel in version 2.0.0.3250

Docker images available on docker hub: https://hub.docker.com/r/dynatrace/easytravel-mongodb. See updated docker.compose on https://github.com/Dynatrace/easyTravel-Docker

The issue didn't exist in normal easyTravel builds.

 

Apache Tomcat Default Files

Fixed in easyTravel 2.0.0.3221

Fixed in docker images 2.0.0.3256

The default error page, default index page, example JSPs, and/or example servlets are installed on the remote Apache Tomcat server. These files should be removed as they may help an attacker uncover information about the remote Tomcat install or host itself.

NOTE: this issue is not fixed in docker images for easytravel

 

OpenSSL 1.1.1 < 1.1.1g

Fixed in easyTravel 2.0.0.3242

SSL library used to build Apache and modules was outdated. New Apache server binary provided.

Keep calm and build Community!
0 REPLIES 0