漏洞类别:Web server
漏洞等级: 
漏洞信息
Apache HTTP Server is an HTTP web server application.
Apache HTTP Server is exposed to following vulnerabilities:
- Apache HTTP Request Parsing Whitespace Defects (CVE-2016-8743). - HTTP/2 CONTINUATION denial of service (CVE-2016-8740). - DoS vulnerability in mod_auth_digest (CVE-2016-2161). - Padding Oracle in Apache mod_session_crypto (CVE-2016-0736) - HTTP_PROXY environment variable "httpoxy" mitigation (CVE-2016-5387) Affected Versions:
Apache HTTP Server versions 2.4.x prior to 2.4.25 QID Detection Logic (Unauthenticated):
This QID matches vulnerable versions based on the exposed banner information under the HTTP service
漏洞危害
Successfully exploiting these vulnerabilities might allow a remote attacker to bypass intended access restrictions or cause denial of service.
解决方案
These vulnerabilities have been patched in Apache. Refer to Apache httpd 2.4.25 Changelog or your Linux distro for further details.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论