Release HTTP Server Apache 2.4.48

Altus Intel
Altus Intel
  • Date Time

published HTTP server Release Apache 2.4.48 (Issue 2.4.47 was missing) in which 39 changes and eliminated 8 vulnerabilities :

  • CVE-2021-30641 – Invalid section triggering in ‘Mergeslashes OFF’ mode;
  • CVE-2020-35452 – stack overflow per zero byte in mod_auth_digest;
  • CVE-2021-31618, CVE-2020-26691, CVE-2020-26690, CVE-2020-13950 – Raming the NULL pointer to MOD_HTTP2, MOD_SESSION and MOD_PROXY_HTTP;
  • CVE-2020-13938 – the ability to stop the HTTPD process unprivileged user in Windows;
  • CVE-2019-17567 – Problems with the approval of the protocols in MOD_PROXY_WSTUNEL and MOD_PROXY_HTTP.

The most notable changes in security:

  • in mod_proxy_wstunnel Added configuration of ProxyWebSocketFallBackToproxyHttp To disable the transition to using mod_proxy_http for WebSocket.
  • The main server API includes SSL-related functions that are now available without MOD_SSL module (for example, allow MOD_MD module to provide keys and certificates).
  • OCSP response processing (Online Certificate Status Protocol) is transferred from mod_ssl / mod_md to the base part, which allows other modules to access the OCSP data and form OCSP responses.
  • in mod_md is allowed to use masks in the MDOMAINS directive, for example, “mdomain * .host.net”. The MDPrivateKeys directive is allowed to specify different types of keys, for example, “MDPrivateKeys SECP384R1 RSA2048” allows you to use ECDSA and RSA certificates. Support support for outdated ACMEV1 protocol.
  • in MOD_LUA Added support for LUA 5.4.
  • updated version of the mod_http2 module. Improved error handling. Added the ‘h2outputbufffering on / off’ option to control the output buffering (default is on).
  • in the mod_dav_v directive Fileetag is implemented “Digest” mode to generate a hash-based ETAG from the contents of the file.
  • in mod_proxy is allowed to limit the application of ProxyerrorOrride with individual status codes.
  • New Readbuffersize, FlushmaxthReshold and FlushMaxpipelined directives are implemented.
  • in mod_rewrite implements the SAMESITE attribute processing when analyzing the flag [CO] (Cookie) in the Rewriterule directive.
  • in MOD_PROXY Hook Check_trans has been added to reject queries at an early stage.
/Media reports.

© 2024 - Altus Intel