ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Vulnerable Apache httpd version 2.4.x < 2.4.52 in SEPM (CVE-2021-44790 and CVE-2021-44224)

book

Article ID: 238447

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

There is a finding related to Apache httpd version  2.4.51.701  in SEPM in Qualys vulnerability scan.


"Apache 2.4.x < 2.4.52 Multiple Vulnerabilities"

CVE-2021-44790 and CVE-2021-44224

 

Cause

Apache 2.4.x < 2.4.52 Multiple Vulnerabilities 

The version of Apache httpd installed on the remote host is prior to 2.4.52. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.52 advisory.

A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

NASL Family
Web Servers

Reference: https://vulners.com/nessus/APACHE_2_4_52.NASL
 

Environment

The version of Apache httpd installed on the remote host is prior to 2.4.52(SEPM prior 14.3 RU5)

 

Resolution

SEPM is not vulnerable for both of them:

CVE-2021-44790
Not vulnerable. mod_lua is not deployed with SEPM.

CVE-2021-44224
Not vulnerable. Forward proxy is not a default configuration for SEPM.
* However if the customer changes the default configuration and enables forward proxy for their own use, then their site may become vulnerable since our Apache httpd versions are affected.
* We have a KB for using SEPM Apache as a reverse proxy (https://knowledge.broadcom.com/external/article/181483/enabling-mac-and-linux-clients-to-downlo.html), and that is also not affected.

The scanner only reports on versions of httpd installed, SEPM is not impacted.

However, if you still want to perform the httpd version upgrade, 2.4.52+ version will be available in 14.3 RU5+ releases