httpd-2.4.6-99.1.0.9.el7.AXS7
エラータID: AXSA:2025-10586:06
リリース日:
2025/07/25 Friday - 11:42
題名:
httpd-2.4.6-99.1.0.9.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Apache HTTP Server の mod_lua には、認証処理が不足している問題
があるため、ローカルの攻撃者により、アクセス制限の回避を可能とする
脆弱性が存在します。(CVE-2014-8109)
- Apache HTTP サーバーには、プロキシエラーページが表示されるような
誤ったプロキシサーバーの設定を行っている場合、攻撃者がエラーページ
上のリンクの形式を細工し、代わりに任意のページを挿入する制限された
クロスサイトスクリプティングの脆弱性があります。(CVE-2019-10092)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2014-8109
mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory.
mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory.
CVE-2019-10092
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.
追加情報:
N/A
ダウンロード:
Asianux Server 7 for x86_64
- httpd-2.4.6-99.1.0.9.el7.AXS7.x86_64.rpm
MD5: 7ca61d22c3f8f6831df51afc53a5cdbd
SHA-256: 42eddbaeddcbab2ae9c3e42dae15886cf0148137f9064e85cdc5278800e7bf7f
Size: 1.20 MB - httpd-devel-2.4.6-99.1.0.9.el7.AXS7.x86_64.rpm
MD5: a41749482b928b074e7b3eb4b7175557
SHA-256: 53fcbf9ef85cbd6aa2964ecbcffd6cd1d85e879681c9aa86266054e5a7ba0360
Size: 202.61 kB - httpd-manual-2.4.6-99.1.0.9.el7.AXS7.noarch.rpm
MD5: b668ed98fc2dc4b98b27f7fd3250831f
SHA-256: d293b2198d2d4497c0a3cf2d5b3e9595a87e486d02283eaa6c91e3247b161d5e
Size: 1.35 MB - httpd-tools-2.4.6-99.1.0.9.el7.AXS7.x86_64.rpm
MD5: 1d7dc8cd30f1188452962722486445f3
SHA-256: 4199a93b593bcb3c2e8c4f0e014edc0072f6e03ad2d345706f110c57f522772d
Size: 95.56 kB - mod_session-2.4.6-99.1.0.9.el7.AXS7.x86_64.rpm
MD5: dd5e5e4c97f1d8b574d2e7f615d34be3
SHA-256: d3ac229b51fc3821ae12b144236141813180f5ae7bcc041d08ee74c4eb2077fc
Size: 65.63 kB - mod_ssl-2.4.6-99.1.0.9.el7.AXS7.x86_64.rpm
MD5: caae9b68dc118d259cae8ea26dd460cf
SHA-256: f526c6b91e9a44d92d98c9167f0e24756f6aea0f6789861db2f8d6cb22a6acca
Size: 116.73 kB
English