=====================================================================

                             CERT-Renater

                 Note d'Information No. 2023/VULN007

_____________________________________________________________________

DATE                : 18/01/2023

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache HTTP Server versions prior
                                      to 2.4.55.

=====================================================================
https://httpd.apache.org/security/vulnerabilities_24.html
_____________________________________________________________________


Fixed in Apache HTTP Server 2.4.55


moderate: mod_dav out of bounds read, or write of zero byte
(CVE-2006-20001)

A carefully crafted If: request header can cause a memory read,
or write of a single zero byte, in a pool (heap) memory location
beyond the header value sent. This could cause the process to
crash.

This issue affects Apache HTTP Server 2.4.54 and earlier.

Described in first edition of "The Art of Software Security
Assessment"	2006-10-31
Reported to security team       2022-08-10
Update 2.4.55 released          2023-01-17
Affects                         <=2.4.54


moderate: Apache HTTP Server: mod_proxy_ajp Possible request
smuggling (CVE-2022-36760)

Inconsistent Interpretation of HTTP Requests ('HTTP Request
Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server
allows an attacker to smuggle requests to the AJP server it
forwards requests to. This issue affects Apache HTTP Server
Apache HTTP Server 2.4 version 2.4.54 and prior versions.

Acknowledgements: finder: ZeddYu_Lu from Qi'anxin Research
Institute of Legendsec at Qi'anxin Group

Reported to security team       2022-07-12
Update 2.4.55 released          2023-01-17
Affects                         <=2.4.54


moderate: Apache HTTP Server: mod_proxy prior to 2.4.55
allows a backend to trigger HTTP response splitting
(CVE-2022-37436)

Prior to Apache HTTP Server 2.4.55, a malicious backend can
cause the response headers to be truncated early, resulting
in some headers being incorporated into the response body.
If the later headers have any security purpose, they will
not be interpreted by the client.


Acknowledgements: finder: Dimas Fariski Setyawan Putra
(@nyxsorcerer)


Reported to security team       2022-07-14
Update 2.4.55 released          2023-01-17
Affects                         <2.4.55


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================