Bug 33286

Summary: apache2: Multiple issues (3.2)
Product: UCS Reporter: Moritz Muehlenhoff <jmm>
Component: Security updatesAssignee: Stefan Gohmann <gohmann>
Status: CLOSED FIXED QA Contact: Janek Walkenhorst <walkenhorst>
Severity: normal    
Priority: P3 CC: gohmann, requate
Version: UCS 3.0Flags: requate: Patch_Available+
Target Milestone: UCS 3.2-7-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:

Description Moritz Muehlenhoff univentionstaff 2013-11-12 11:25:23 CET 
+++ This bug was initially created as a clone of Bug #31300 +++

mod_write doesn't filter log file data for non-printable character (CVE-2013-1862)

Denial of service in mod_dav (CVE-2013-1896)
Comment 1 Moritz Muehlenhoff univentionstaff 2014-03-18 07:03:55 CET 
Denial of service in mod_log_config (CVE-2014-0098)
Denial of service in mod_dav (CVE-2013-6438)
Comment 2 Moritz Muehlenhoff univentionstaff 2014-04-30 14:51:31 CEST 
(In reply to Moritz Muehlenhoff from comment #0)
> +++ This bug was initially created as a clone of Bug #31300 +++
> 
> mod_write doesn't filter log file data for non-printable character
> (CVE-2013-1862)
> 
> Denial of service in mod_dav (CVE-2013-1896)

These two issues were fixed with the update to Squeeze 6.0.9 (Bug 34588), the other issues remain unfixed.
Comment 3 Moritz Muehlenhoff univentionstaff 2014-05-30 15:08:01 CEST 
(In reply to Moritz Muehlenhoff from comment #1)
> Denial of service in mod_log_config (CVE-2014-0098)

The vulnerable code isn't present yet in the version in UCS 3.x
Comment 4 Moritz Muehlenhoff univentionstaff 2014-07-09 11:29:13 CEST 
Currrently only this issue is open:
Denial of service in mod_dav (CVE-2013-6438)
Comment 5 Moritz Muehlenhoff univentionstaff 2014-07-23 16:31:57 CEST 
Denial of service in mod_proxy (CVE-2014-0117)
Heap overflow in mod_status scoreboard handling (CVE-2014-0226)
Denial of service in mod_deflate (CVE-2014-0118)
Denial of service in mod_cgid (CVE-2014-0231)
Comment 6 Moritz Muehlenhoff univentionstaff 2014-10-04 11:04:45 CEST 
Denial of service in mod_cache (CVE-2014-3581)
Comment 7 Moritz Muehlenhoff univentionstaff 2014-11-19 13:26:39 CET 
Denial of service through malicious fcgi scripts (CVE-2014-3583)
Comment 8 Moritz Muehlenhoff univentionstaff 2014-11-25 07:26:23 CET 
Incorrect handling of chunked trailer fields in mod_headers (CVE-2013-5704)
Comment 9 Moritz Muehlenhoff univentionstaff 2014-12-10 08:28:32 CET 
(In reply to Moritz Muehlenhoff from comment #5)
> Denial of service in mod_proxy (CVE-2014-0117)

This doesn't affect UCS 3.x
Comment 10 Moritz Muehlenhoff univentionstaff 2015-01-05 09:31:11 CET 
(In reply to Moritz Muehlenhoff from comment #7)
> Denial of service through malicious fcgi scripts (CVE-2014-3583)

This only affects Apache 2.4
Comment 11 Moritz Muehlenhoff univentionstaff 2015-01-05 09:31:45 CET 
(In reply to Moritz Muehlenhoff from comment #7)
> Denial of service through malicious fcgi scripts (CVE-2014-3583)

This only affects Apache 2.4
Comment 12 Arvid Requate univentionstaff 2015-08-03 12:43:00 CEST 
* HTTP request smuggling attack against chunked request parser, allowing cache poisoning or credential hijacking if an intermediary proxy is in use (CVE-2015-3183)

Fixed upstream in Debian package version 2.2.16-6+squeeze15
Comment 13 Stefan Gohmann univentionstaff 2015-08-29 20:50:49 CEST 
2.2.16-6+squeeze15 has been imported.

YAML: 2015-08-29-apache2.yaml
Comment 14 Stefan Gohmann univentionstaff 2015-08-31 08:34:00 CEST 
My tests were successful.
Comment 15 Janek Walkenhorst univentionstaff 2015-09-04 18:47:40 CEST 
Advisory: OK
Changelog: OK
Tests (amd64): OK
Comment 16 Janek Walkenhorst univentionstaff 2015-09-09 11:31:14 CEST 
<http://errata.software-univention.de/ucs/3.2/365.html>