SiteMinder Agent for SharePoint ships bundled with an instance of Apache HTTP Server.
SiteMinder Agent for SharePoint 12.52 SP1 CR11: Apache HTTP Server 2.4.46
Product: SiteMinder
Component: Agent for SharePoint
Version: 12.52 SP1 CR11
Operating System: Windows
The following CVE's have been published for Apache HTTP Server 2.4.61 and older.
===============================
CVE-2024-40725: source code disclosure with handlers configured via AddType
SEVERITY: Important
DESCRIPTION: A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.
IMPACTED: <=2.4.61
REDEMIATION: Apache 2.4.62
-------------------------------------
CVE-2024-40898: SSRF with mod_rewrite in server/vhost context on Windows
SEVERITY: Important
DESCRIPTION: SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests.
IMPACTED: <=2.4.61
REDEMIATION: Apache 2.4.62
-------------------------------------
CVE-2024-36387 "Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2"
SEVERITY: low
DESCRIPTION: Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.
IMPACTED: <=2.4.59
REDEMIATION: Apache 2.4.60
-------------------------------------
CVE-2024-38472: "Apache HTTP Server on WIndows UNC SSRF"
SEVERITY: important
DESCRIPTION: SSRF in Apache HTTP Server on Windows allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests or content
IMPACTED: <=2.4.59
REDEMIATION: Apache 2.4.60
-------------------------------------
CVE-2024-38473: "Apache HTTP Server proxy encoding problem"
SEVERITY: moderate
DESCRIPTION: Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests.
IMPACTED: <=2.4.59
REDEMIATION: Apache 2.4.60
-------------------------------------
CVE-2024-38474: "Apache HTTP Server weakness with encoded question marks in backreferences"
SEVERITY: important
DESCRIPTION: Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI.
IMPACTED: <=2.4.59
REDEMIATION: Apache 2.4.60
-------------------------------------
CVE-2024-38475: "Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path"
SEVERITY: important
DESCRIPTION: Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.
IMPACTED: <=2.4.59
REDEMIATION: Apache 2.4.60
-------------------------------------
CVE-2024-38476: "Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect"
SEVERITY: important
DESCRIPTION: Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable.
Note: Some legacy uses of the 'AddType' directive to connect a request to a handler must be ported to 'SetHandler' after this fix.
IMPACTED: <=2.4.59
REDEMIATION: Apache 2.4.60
-------------------------------------
CVE-2024-38477: "Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request"
SEVERITY: important
DESCRIPTION: null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request.
IMPACTED: <=2.4.59
REDEMIATION: Apache 2.4.60
-------------------------------------
CVE-2024-39573: "Apache HTTP Server: mod_rewrite proxy handler substitution"
SEVERITY: Moderate
DESCRIPTION: Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy.
IMPACTED: <=2.4.59
REDEMIATION: Apache 2.4.60
===============================
This KB provides Apache HTTP Server 2.4.62 for the SiteMinder SharePoint Agent 12.52 SP1 CR11.
Apache HTTP Server 2.4 vulnerabilities
Upgrading to Apache HTTP Server 2.4.62 will remediate the following CVE's:
CVE-2024-40898
CVE-2024-40725
CVE-2024-40898
CVE-2023-38709
CVE-2024-36387
CVE-2024-24795
CVE-2024-27316
CVE-2023-31122
CVE-2023-43622
CVE-2023-45802
CVE-2023-25690
CVE-2023-27522
CVE-2006-20001
CVE-2022-36760
CVE-2022-37436
CVE-2022-26377
CVE-2022-28330
CVE-2022-28614
CVE-2022-28615
CVE-2022-29404
CVE-2022-30522
CVE-2022-30556
CVE-2022-31813
CVE-2022-22719
CVE-2022-22720
CVE-2022-22721
CVE-2022-23943
CVE-2021-44224
CVE-2021-44790
CVE-2021-42013
CVE-2021-41524
CVE-2021-41773
CVE-2021-33193
CVE-2021-34798
CVE-2021-36160
CVE-2021-39275
CVE-2021-40438
CVE-2019-17567
CVE-2020-13938
CVE-2020-13950
CVE-2020-35452
CVE-2021-26690
CVE-2021-26691
CVE-2021-30641
CVE-2021-31618
CVE-2020-11984
CVE-2020-11993
CVE-2020-9490