This week’s digest covers:
- Vulnerability in Apache HTTP Server.
- Linux Kernel Netfilter integer overflow vulnerability.When
- CentOS Web Panel 7 RCE
Apache HTTP Server Vulnerability:
If a carefully crafted request header can perform a single zero-byte memory read or write in a heap memory location beyond the sent header value, it can crash the process. This issue affects Apache HTTP Server 2.4.54 and earlier, upgrade to 2.4.55 for mitigation.
An inconsistent interpretation of HTTP requests (“HTTP request smuggling”) vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server to which they are forwarded. This issue affects Apache HTTP Server 2.4 versions 2.4.54 and earlier, please upgrade to 2.4.55 to patch this vulnerability.
- CVE-2022-37436 – mod_proxy prior to 2.4.55 allows backends to trigger HTTP response splitting
The software does not correctly handle CRLF character sequences that are end-of-line characters. An attacker can send crafted HTTP packets containing CRLF sequences to prematurely truncate response headers and incorporate some headers into the response body. If the later headers have security purposes, they will not be interpreted by the client. This issue affects Apache HTTP Server 2.4.54 and earlier versions, so please upgrade to 2.4.55 to patch this vulnerability.
Linux kernel Netfilter integer overflow vulnerability
CVE-2023-0179 It consists of a stack buffer overflow due to an integer underflow vulnerability in the nft_payload_copy_vlan function called in the nft_payload expression as long as the current socket buffer has a VLAN tag. RedHat gave this vulnerability her CVSS v3 score of 7.8. This affects machines on recent distribution versions such as Ubuntu Jammy, Debian Bullseye, Rocky Linux 9, or with kernel version 5.10 LTS. This vulnerability does not affect Debian Buster.
We mitigate this flaw by disabling namespaces for unauthorized users to prevent exploitation.
sysctl -w kernel.unprivileged_userns_clone = 0
Centos Web Panel 7 Remote Code Execution Vulnerability
CVE-2022-44877 This is a critical vulnerability affecting CWP prior to version 0.9.8.1147 and has been exploited in the wild. This vulnerability exists in CWP’s login/index.php and allows remote attackers to execute arbitrary OS commands via shell metacharacters in login parameters. The researcher has released his PoC of this vulnerability. GitHub When Youtube On January 5, 2023, it led to increased exploitation by attackers. To mitigate this threat, update to the latest version and v0.9.8.1148because this affects Centos Web Panel 7 < v0.9.8.1147 .