[ad_1]
Supply: Apache HTTP Server Undertaking
Weaponized vulnerabilities result in nice threat
Not solely has the variety of whole Apache HTTP Server vulnerabilities gone up, however so has the variety of weaponized vulnerabilities.
Pattern Micro detected that a minimum of 15 of the 57 vulnerabilities discovered previously 5 years had been weaponized and utilized in malicious actions. The commonest varieties of assault embody denial of service (DoS), path traversal, server-side request forgery (SSRF), and distant code execution (RCE). A number of vulnerabilities present in 2021 are confirmed to have been actively exploited.
Desk 1: The 15 vulnerabilities weaponized since 2017
CVE ID
cvss3 rating
Description
CVE-2021-42013
9.8
Path Traversal and Distant Code Execution in Apache HTTP Server 2.4.49 and a couple of.4.50 (incomplete repair of CVE-2021-41773)
CVE-2021-41773
7.5
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
CVE-2021-40438
9
mod_proxy SSRF
CVE-2020-11984
9.8
mod_proxy_uwsgi buffer overflow
CVE-2019-10098
6.1
mod_rewrite potential open redirect
CVE-2019-10097
7.2
CVE-2019-10097 mod_remoteip Stack buffer overflow and NULL pointer dereference
CVE-2019-0190
7.5
mod_ssl 2.4.37 distant DoS when used with OpenSSL 1.1.1
CVE-2018-8011
7.5
mod_md, DoS by way of Coredumps on specifically crafted requests
CVE-2018-1303
7.5
Potential out of sure learn in mod_cache_socache
CVE-2018-11763
5.9
DoS for HTTP/2 connections by steady SETTINGS
CVE-2017-9798
7.5
Use-after-free when utilizing <Restrict > with an unrecognized technique in .htaccess (“OptionsBleed”)
CVE-2017-9788
9.1
Uninitialized reminiscence reflection in mod_auth_digest
CVE-2017-7668
9.8
ap_find_token() Buffer Overread
CVE-2017-7659
7.5
mod_http2 Null Pointer Dereference
CVE-2017-15715
8.1
<FilesMatch> bypass with a trailing newline within the file identify
Supply: Apache HTTP Server Undertaking, Pattern Micro Inc., NVD
CVE-2021-41773 and CVE-2021-42013, the 2 crucial vulnerabilities, are good examples of how attackers exploit the vulnerabilities within the Apache HTTP Server.
As Pattern Micro reported, these two are path traversal vulnerabilities that permit attackers to map URLs to recordsdata/directories exterior of the webroot. In sure configurations the place Widespread Gateway Interface (CGI) scripts are enabled for these paths, attackers can obtain RCE on the weak server.
Each found in early October 2021, CVE-2021-41773 and CVE-2021-42013 had been detected with greater than 4 million exploits by the top of 2021.
One other Apache HTTP Server vulnerability, CVE-2021-40438, exhibits how nice the impression might be when the vulnerability will get exploited.
CVE-2021-40438 is a vulnerability present within the mod_proxy module and vulnerable to SSRF. This flaw permits a distant, unauthenticated attacker to make the httpd server ahead requests to an arbitrary server. The attacker may get, modify, or delete sources on different companies which may be behind a firewall and inaccessible in any other case. The impression of this flaw varies based mostly on what companies and sources can be found on the httpd community.
CVE-2021-40438 has a huge effect on merchandise from Cisco, IBM QRadar SIEM, Debian Linux, F5 Os, Crimson Hat and extra. On December 1, 2021, CISA added CVE-2021-40438 to its listing of identified exploited vulnerabilities.
Schemes behind the assaults
The assaults that concentrate on open-source internet servers may result in monumental threats. As soon as any internet server vulnerability will get exploited and hacked, the sufferer server might be taken over and used for malicious actions.
The commonest actions embody utilizing sufferer servers to ship out spam mail or launching assaults towards different servers at the price of the sufferer server’s reminiscence and bandwidth. Attackers may also set up a phishing web site on the sufferer server to realize entry to any information that passes by means of it.
Nonetheless, the most well-liked utility of assaults lately is cryptojacking: hackers exploit the vulnerability and secretly use the sufferer server’s computing energy to mine common cryptocurrencies. Pattern Micro revealed how cyber actors used the vulnerabilities and abuse of GitHub and Netlify repositories to mine Monero.
For cybercriminals, Apache HTTP Server is at all times a favourite goal: It serves 24.63% of the million busiest web sites based on Netcraft stats. Main internet service suppliers akin to Slack, Linkedin, The New York Instances, GrubHub, and extra depend on Apache HTTP Server. For IT professionals, it’s difficult to patch such an important service and to not hurt person satisfaction.
Moreover, the complexity of the software program provide chain these days exacerbates the abuse of open-source software program vulnerabilities. Cyber attackers may compromise software program parts of third-party suppliers by inserting malicious code inconspicuously. In comparison with the normal provide chain, the software program provide chain requires extra layers of verification to make sure its safety.
Defend your internet server towards potential hurt
To mitigate the potential threat of assaults from open-source software program, software program composition evaluation (SCA) has turn into an efficient strategy. SCA identifies and lists all of the components and variations current within the code. It additionally checks every particular service and appears for outdated or weak libraries which will pose safety dangers to the applying. These instruments may also test for authorized points concerning using open-source software program with totally different licensing phrases and circumstances. Pattern Micro revealed a whitepaper on easy methods to stop provide chain assaults within the age of cloud computing in 2020 October.
Growing a risk-based strategy to patch administration will help organizations establish and prioritize which vulnerabilities they should take care of now. This strategy consists of:
Repeatedly conducting publicity assessments to find out what CVEs – previous and current – are in your atmosphere always.
Assessing the criticality of these programs that comprise these CVEs.
Conducting a steady however easy threat evaluation:
Assessing the chance that these recognized CVEs are or will likely be exploited within the wild towards the impression of these CVEs utilized in an assault.i. Is a POC availableii. Is it within the wild
In the event you battle with patch administration, you might have a look at digital patching or IPS expertise to assist as these might be deployed to detect/block exploits of a vulnerability and permit you time to correctly patch the vulnerability with the seller’s patch. Pattern Micro’s Zero Day Initiative bug bounty program and our vulnerability analysis groups assist us establish new vulnerabilities and develop digital patches for our Cloud One, TippingPoint, Apex One, and Fear Free Companies clients. In some circumstances, we now have digital patches out months forward of the seller patch.
Malicious actors will proceed to use weak purposes, working programs, and units of their efforts to assault organizations. Bettering your understanding of key purposes like Apache will help you higher perceive the place you’ll be able to decrease your threat of assault.
[ad_2]