Ubuntu Security Notice 5487-1 - It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash or expose sensitive information.
860ae55cf114ac7087a571ee5ee1f0fecc2575519481edd586ad7e933ae883ad
=========================================================================
Ubuntu Security Notice USN-5487-1
June 21, 2022
apache2 vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in Apache HTTP Server.
Software Description:
- apache2: Apache HTTP server
Details:
It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled
certain crafted request. A remote attacker could possibly use this issue to
perform an HTTP Request Smuggling attack. (CVE-2022-26377)
It was discovered that Apache HTTP Server incorrectly handled certain
request. An attacker could possibly use this issue to cause a denial
of service. (CVE-2022-28614)
It was discovered that Apache HTTP Server incorrectly handled certain request.
An attacker could possibly use this issue to cause a crash or expose
sensitive information. (CVE-2022-28615)
It was discovered that Apache HTTP Server incorrectly handled certain request.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-29404)
It was discovered that Apache HTTP Server incorrectly handled certain
request. An attacker could possibly use this issue to cause a crash.
(CVE-2022-30522)
It was discovered that Apache HTTP Server incorrectly handled certain request.
An attacker could possibly use this issue to execute arbitrary code or cause
a crash. (CVE-2022-30556)
It was discovered that Apache HTTP Server incorrectly handled certain request.
An attacker could possibly use this issue to bypass IP based authentication.
(CVE-2022-31813)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS:
apache2 2.4.52-1ubuntu4.1
apache2-bin 2.4.52-1ubuntu4.1
Ubuntu 21.10:
apache2 2.4.48-3.1ubuntu3.5
apache2-bin 2.4.48-3.1ubuntu3.5
Ubuntu 20.04 LTS:
apache2 2.4.41-4ubuntu3.12
apache2-bin 2.4.41-4ubuntu3.12
Ubuntu 18.04 LTS:
apache2 2.4.29-1ubuntu4.24
apache2-bin 2.4.29-1ubuntu4.24
Ubuntu 16.04 ESM:
apache2 2.4.18-2ubuntu3.17+esm6
apache2-bin 2.4.18-2ubuntu3.17+esm6
Ubuntu 14.04 ESM:
apache2 2.4.7-1ubuntu4.22+esm5
apache2-bin 2.4.7-1ubuntu4.22+esm5
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5487-1
CVE-2022-26377, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404,
CVE-2022-30522, CVE-2022-30556, CVE-2022-31813
Package Information:
https://launchpad.net/ubuntu/+source/apache2/2.4.52-1ubuntu4.1
https://launchpad.net/ubuntu/+source/apache2/2.4.48-3.1ubuntu3.5
https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.12
https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.24