Multiple Vulnerabilities in Apache Web Server Could Allow for Remote Code Execution
by CIRT Team
Apache web server is a common application used as a web application server. Being a open source software, it is extremely common and used throughout almost all the organizations. A specially crafted packet can crash the service and user can gain access and perform Remote Code Execution (RCE) on the server. If the attacker can perform the attack successfully, depending on the access level of the service which it has access to, attacker can view, change or delete data. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.
Multiple vulnerabilities have been discovered in Apache web server, the most severe of which could allow for remote code execution. These vulnerabilities can be triggered when specially crafted packets are submitted for processing to an affected web server. Details of the vulnerabilities are as follows:
• A possible remote code execution vulnerability due to a buffer overflow with the mod_uwsgi module. (CVE-2020-11984)
• A denial of service vulnerability triggered when trace/debugging is enabled. (CVE-2020-11993)
• A denial of service vulnerability triggered when a PUSH packet is sent using the ‘Cache-Digest’ header. (CVE-2020-9490)
Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute remote code in the context of the affected application. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.
Apache Versions: 2.4.43, 2.4.39, 2.4.38, 2.4.37, 2.4.35, 2.4.34, 2.4.33, 2.4.30, 2.4.29, 2.4.28, 2.4.27, 2.4.26, 2.4.25, 2.4.23, 2.4.20
Following actions are recommended to be taken:
• Apply updates provided by Apache to vulnerable systems immediately after appropriate testing.
• Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
• Configure the application as suggested by Apache to help mitigate the vulnerability.