State of New Jersey SealOFFICIAL SITE OF THE STATE OF NEW JERSEY

Multiple Vulnerabilities in Apache Web Server Could Allow for Arbitrary Code Execution

MS-ISAC Advisory

Original Release Date: 8/8/2020

Summary

Multiple vulnerabilities have been discovered in Apache web server, the most severe of which could allow for remote code execution. Apache web server is a piece of software developed by the Apache software foundation as a free open source tool used to host websites. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute remote code in the context of the affected application. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

Threat Intelligence

There are currently no reports of these vulnerabilities being exploited in the wild.

Systems Affected

Apache versions 2.4.43 and prior

Risk

Government:

  • Large and medium government entities: High
  • Small government entities: Medium

Businesses:

  • Large and medium government entities: High
    Small government entities: Medium

Home Users: Low

Technical Summary

Multiple vulnerabilities have been discovered in Apache web server, the most severe of which could allow for remote code execution. These vulnerabilities can be triggered when specially crafted packets are submitted for processing to an affected web server. Details of the vulnerabilities are as follows:

  • A possible remote code execution vulnerability due to a buffer overflow with the mod_uwsgi module. (CVE-2020-11984)
  • A denial of service vulnerability triggered when trace/debugging is enabled. (CVE-2020-11993)
  • A denial of service vulnerability triggered when a PUSH packet is sent using the ‘Cache-Digest’ header. (CVE-2020-9490)

Recommendations

We recommend the following actions be taken:

  • Apply updates provided by Apache to vulnerable systems immediately after appropriate testing.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Configure the application as suggested by Apache to help mitigate the vulnerability.

Reference

Apache

Reporting

We encourage recipients who discover signs of malicious cyber activity to contact us via the cyber incident report form by clicking here.

Join & Subscribe

Never miss an update! Sign up for a no cost membership today! Receive up-to-date content and more in our weekly bulletin.

Sign Up

Featured Content

New Jersey Cybersecurity & Communications Integration Cell

2 Schwarzkopf Dr, Ewing Township, NJ 08628

njccic@cyber.nj.gov

OUR COMMITMENT

The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.

Agency Seals of State of NJ, NJOHSP and NJCCIC

STAY CONNECTED:

View our Privacy Policy here.

View our Site Index here.