Apache 2.4.52

[damador]

2 CVE's updates this version


*) SECURITY: CVE-2021-44790: Possible buffer overflow when parsing
multipart content in mod_lua of Apache HTTP Server 2.4.51 and
earlier (cve.mitre.org)
A carefully crafted request body can cause a buffer overflow in
the mod_lua multipart parser (rarsebody() called from Lua
scripts).
The Apache httpd team is not aware of an exploit for the
vulnerabilty though it might be possible to craft one.
This issue affects Apache HTTP Server 2.4.51 and earlier.
Credits: Chamal

*) SECURITY: CVE-2021-44224: Possible NULL dereference or SSRF in
forward proxy configurations in Apache HTTP Server 2.4.51 and
earlier (cve.mitre.org)
A crafted URI sent to httpd configured as a forward proxy
(ProxyRequests on) can cause a crash (NULL pointer dereference)
or, for configurations mixing forward and reverse proxy
declarations, can allow for requests to be directed to a
declared Unix Domain Socket endpoint (Server Side Request
Forgery).
This issue affects Apache HTTP Server 2.4.7 up to 2.4.51
(included).
Credits: 漂亮鼠
TengMA(@Te3t123)

https://downloads.apache.org/httpd/CHANGES_2.4.52

 

[ikkeben]

Some links to problems after updating.

Again for those who want to update more places found with info's but not one only simple to find place to discuss , you have again to use search and hopes you get what you need.

Please put / enhance a forum part updates and there version nr , then the Forumrule , user have to post there if after that update problem, also solution from support should be there as example!


And a forum admin should put those topics / threads about the same problem(s) and versions together in one, this also helps a lot to i think!

@DirectAdmin Support

possible vuln to patch in Apache HTTP Server? (version 2.4.51 and earlier)

Hi, are these two new vulnerabilities of any concern for plain vanilla installs of standard DA? (Apache+NGINX for httpd) https://threatpost.com/apache-httpd-server-bugs-rce-dos/177234/ CVE-2021-44790: Possible buffer overflow when parsing a carefully crafted request in the mod_lua multipart...

forum.directadmin.com

apache 2.4.49,2.4.52 strange unreachable after pass few hours

Do you have CSF firewall running on your server? All our servers are installed with CSF by default, so yes

forum.directadmin.com

 

[smtalk]

DirectAdmin does not use mod_lua and any forward proxying by default.

 

[stefantriep]

I see a downgrade back to 2.4.51, anyone some info?

 

[Richard G]

anyone some info?

You could try to check the forums, the related topic was still in the top 10 posts at this moment, on the right side of the forum with the reason.

apache 2.4.49,2.4.52 strange unreachable after pass few hours

Do you have CSF firewall running on your server? All our servers are installed with CSF by default, so yes

forum.directadmin.com

 

[stefantriep]

You could try to check the forums, the related topic was still in the top 10 posts at this moment, on the right side of the forum with the reason.

apache 2.4.49,2.4.52 strange unreachable after pass few hours

Do you have CSF firewall running on your server? All our servers are installed with CSF by default, so yes

forum.directadmin.com

Thanks Richard!