Mailing List Archive

svn commit: r1075782 - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_24.html
Author: buildbot
Date: Tue Jun 15 08:35:58 2021
New Revision: 1075782

Log:
Staging update by buildbot for httpd

Modified:
websites/staging/httpd/trunk/content/ (props changed)
websites/staging/httpd/trunk/content/security/json/CVE-2021-31618.json
websites/staging/httpd/trunk/content/security/vulnerabilities_24.html

Propchange: websites/staging/httpd/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Tue Jun 15 08:35:58 2021
@@ -1 +1 @@
-1890771
+1890801

Modified: websites/staging/httpd/trunk/content/security/json/CVE-2021-31618.json
==============================================================================
--- websites/staging/httpd/trunk/content/security/json/CVE-2021-31618.json (original)
+++ websites/staging/httpd/trunk/content/security/json/CVE-2021-31618.json Tue Jun 15 08:35:58 2021
@@ -31,8 +31,8 @@
"version_data": [.
{
"version_name": "",
- "version_affected": "<",
- "version_value": "2.4.48",
+ "version_affected": "=",
+ "version_value": "2.4.47",
"platform": ""
}
]
@@ -59,7 +59,7 @@
"description": {
"description_data": [.
{
- "value": "Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected.\n\nThis rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server.\n\nThis affected versions prior to 2.4.48",
+ "value": "Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected.\n\nThis rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server.\n\nThis issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released.",
"lang": "eng"
}
]

Modified: websites/staging/httpd/trunk/content/security/vulnerabilities_24.html
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities_24.html (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities_24.html Tue Jun 15 08:35:58 2021
@@ -172,12 +172,12 @@ h2:hover > .headerlink, h3:hover > .head
</table></dd>
<dt><h3 id="CVE-2021-31618">important: <name name="CVE-2021-31618">NULL pointer dereference on specially crafted HTTP/2 request</name>
(<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618">CVE-2021-31618</a>)</h3></dt>
-<dd><p>Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected.</p><p></p><p>This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server.</p><p></p><p>This affected versions prior to 2.4.48</p>
+<dd><p>Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected.</p><p></p><p>This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server.</p><p></p><p>This issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released.</p>
<p>Acknowledgements: Apache HTTP server would like to thank LI ZHI XIN from NSFoucs for reporting this.</p>
<table class="cve"><tr><td class="cve-header">Reported to security team</td><td class="cve-value">2021-04-22</td></tr>
<tr><td class="cve-header">Issue public</td><td class="cve-value">2021-06-01</td></tr>
<tr><td class="cve-header">Update 2.4.48 released</td><td class="cve-value">2021-06-01</td></tr>
-<tr><td class="cve-header">Affects</td><td class="cve-value"><2.4.48</td></tr>
+<tr><td class="cve-header">Affects</td><td class="cve-value">2.4.47</td></tr>
</table></dd>
</dl></br/>