Apache HTTP·þÎñ×é¼þÌáȨ·ì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2019-04-03

·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-0211£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ8.2£¬¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


Apache HTTP Server 2.4.38, 2.4.37, 2.4.35, 2.4.34, 2.4.33, 2.4.30, 2.4.29, 2.4.28, 2.4.27, 2.4.26, 2.4.25, 2.4.23, 2.4.20, 2.4.18, 2.4.17


·ì϶¸ÅÊö


Apache¹Ù·½°ä²¼2.4.39°æ±¾µÄ¸üУ¬ÆäÖн¨¸´ÁËÒ»¸ö±àºÅΪCVE-2019-0211µÄÌáȨ·ì϶£¬¾Ý·ÖÎö£¬¸Ã·ì϶ӰÏìÑϳÁ£¬¹¥»÷Õßͨ¹ýÉÏ´«CGI¾ç±¾¿ÉÖ±½ÓÔì³ÉÖ¸±êϵͳµÄÌáȨ¹¥»÷£¬Ó°Ïì*nixƽ̨ϵÄApache 2.4.17µ½2.4.38°æ±¾£¬½¨Ò龡¿ì½øÐÐÆÀ¹À½¨¸´¡£


*nixƽ̨£¬ÔÚApache HTTP×é¼þ2.4.17µ½2.4.38°æ±¾ÖУ¬²»ÂÛÊÇʹÓÃMPM eventÄ£ÐÍ¡¢Workder¡¢»¹ÊÇpreforkģʽ£¬ÔËÐÐÓÚµÍȨÏÞµÄ×Ó¹ý³Ì»òÏ̶߳¼Äܹ»Í¨¹ý°Ñ³Ö¼Æ·Ö°å£¨manipulating the scoreboard£©µÄ·½Ê½À´ÒÔ¸¸¹ý³ÌµÄȨÏÞ£¨Í¨³£ÊÇrootȨÏÞ£©Ö´ÐÐËÁÒâ´úÂë¡£


¹¥»÷³¡¾°ÖУ¬¹¥»÷Õß±ØҪͨ¹ýÉÏ´«¿ÉÖ´Ðо籾µÄ¹¥»÷·½Ê½À´½øÐй¥»÷¡£ÈôÊÇÖ¸±êϵͳÊÇÑ¡È¡Ö÷»ú¹²ÏíµÄ³¡¾°£¬¸Ã·ì϶¿ÉÄÜ¿ÉÖ±½Ó±»ÀûÓá£


½¨¸´½¨Òé


1. *nixƽ̨¾¡¿ìͨ¹ý¸÷×ԵĸüÐÂÇþ·½øÐиüУ¨Ä¿Ç°¸÷¼ÒLinuxÔÚ´¹Î£ÆÀ¹À¸üÐÂÖУ©

2. ×ÔÐбàÒëµÄHTTPÇëͨ¹ýÔ´Âë¸üеķ½Ê½¾¡¿ì½¨¸´


²Î¿¼Á´½Ó


https://access.redhat.com/security/cve/cve-2019-0211
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0211