正文

Apache 安全漏洞

admin
admin V管理员 /0 评论 /6 阅读
1231
此篇文章发布距今已超过1281天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

Apache 安全漏洞

  • CNNVD编号:CNNVD-200412-526
    • <!--
  • 危害等级: 高危-->
  • 危害等级: 高危
  • CVE编号: CVE-2004-0811
  • 漏洞类型: 其他
  • 发布时间: 2004-09-23
  • 威胁类型: 远程
  • 更新时间: 2021-06-07
  • 厂        商: apache
  • 漏洞来源: Rici Lake※ rici@ri...

漏洞简介

Apache是一款开放源代码WEB服务程序。Apache Web Server中存在访问控制绕过漏洞,起因是在合并Satisfy命令时的未明错误。远程攻击者可以利用这个漏洞绕过访问控制,非授权访问受限的资源。

漏洞公告

临时解决方法:

如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:

--- httpd-2.0/server/core.c 2004/08/31 08:16:56 1.225.2.27

+++ httpd-2.0/server/core.c 2004/09/21 13:21:16 1.225.2.28

@@ -351,9 +351,13 @@

/* Otherwise we simply use the base->sec_file array

*/

+ /* use a separate ->satisfy[] array either way */

+ conf->satisfy = apr_palloc(a, sizeof(*conf->satisfy) * METHODS);

for (i = 0; i

if (new->satisfy[i] != SATISFY_NOSPEC) {

conf->satisfy[i] = new->satisfy[i];

+ } else {

+ conf->satisfy[i] = base->satisfy[i];

}

}

厂商补丁:

Apache Group

------------

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://httpd.apache.org/download.cgi" target="_blank">

http://httpd.apache.org/download.cgi

参考网址

来源:httpd.apache.org%3E

链接:httpd.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.

来源:XF

链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/17473

来源:MLIST

链接:https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab@%3Ccvs.

来源:FEDORA

链接:http://fedoranews.org/updates/FEDORA-2004-313.shtml

来源:MLIST

链接:https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.

来源:MLIST

链接:https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3@%3Ccvs.

来源:MLIST

链接:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.

来源:MLIST

链接:https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8@%3Ccvs.

来源:MLIST

链接:https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.

来源:MLIST

链接:https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.

来源:BID

链接:https://www.securityfocus.com/bid/11239

来源:MLIST

链接:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.

来源:httpd

链接:httpd/patches/apply_to_2.0.51/CAN-2004-0811.patch

来源:CONFIRM

链接:http://www.apache.org/dist/

来源:TRUSTIX

链接:http://www.trustix.org/errata/2004/0049

来源:MLIST

链接:https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.

来源:MLIST

链接:https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.

来源:CONFIRM

链接:http://www.apacheweek.com/features/security-20

来源:GENTOO

链接:http://security.gentoo.org/glsa/glsa-200409-33.xml

来源:MLIST

链接:https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.

受影响实体

  • Apache Http_server:2.0.51  
    <!--
    2000-1-1
    -->

补丁

  • Apache 安全漏洞的修复措施
    <!--
    2004-9-23
    -->