openembedded-devel@lists.openembedded.org | [meta-webserver][dunfell][PATCH] httpd: CVE-2022-36760 mod_proxy_ajp: Possible request smuggling

Home Messages Hashtags Subgroups

Date Date 1 - 1 of 1

[meta-webserver][dunfell][PATCH] httpd: CVE-2022-36760 mod_proxy_ajp: Possible request smuggling

Hitendra Prajapati #100870 Upstream-Status: Backport from https://github.com/apache/httpd/commit/d93e61e3e9622bacff746772cb9c97fdcaed8baf Signed-off-by: Hitendra Prajapati <hprajapati@...> --- .../apache2/apache2/CVE-2022-36760.patch \| 37 +++++++++++++++++++ .../recipes-httpd/apache2/apache2_2.4.54.bb \| 1 + 2 files changed, 38 insertions(+) create mode 100644 meta-webserver/recipes-httpd/apache2/apache2/CVE-2022-36760.patch diff --git a/meta-webserver/recipes-httpd/apache2/apache2/CVE-2022-36760.patch b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2022-36760.patch new file mode 100644 index 0000000000..afa6e398cf --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2022-36760.patch @@ -0,0 +1,37 @@ +From d93e61e3e9622bacff746772cb9c97fdcaed8baf Mon Sep 17 00:00:00 2001 +From: Eric Covener <covener@...> +Date: Tue, 10 Jan 2023 13:20:55 +0000 +Subject: [PATCH] CVE-2022-36760 + +SECURITY: CVE-2022-36760 (cve.mitre.org) + +Ensure connection closure for an invalid Transfer-Encoding header, +to prevent HTTP request smuggling attack with an AJP proxy. + +cleanup on error + +git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1906542 13f79535-47bb-0310-9956-ffa450edef68 + +Upstream-Status: Backport [https://github.com/apache/httpd/commit/d93e61e3e9622bacff746772cb9c97fdcaed8baf] +CVE: CVE-2022-36760 +Signed-off-by: Hitendra Prajapati <hprajapati@...> +--- + modules/proxy/mod_proxy_ajp.c \| 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/modules/proxy/mod_proxy_ajp.c b/modules/proxy/mod_proxy_ajp.c +index 226ad9b..1449aca 100644 +--- a/modules/proxy/mod_proxy_ajp.c ++++ b/modules/proxy/mod_proxy_ajp.c +@@ -257,6 +257,8 @@ static int ap_proxy_ajp_request(apr_pool_t p, request_rec r, + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10396) + "%s Transfer-Encoding is not supported", + tenc); ++ /* We had a failure: Close connection to backend */ ++ conn->close = 1; + return HTTP_INTERNAL_SERVER_ERROR; + } + } else { +-- +2.25.1 + diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.54.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.54.bb index 2fdf926292..2bda18d2d2 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.54.bb +++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.54.bb @@ -15,6 +15,7 @@ SRC_URI = "${APACHE_MIRROR}/httpd/httpd-${PV}.tar.bz2 \ file://0007-apache2-allow-to-disable-selinux-support.patch \ file://0008-Fix-perl-install-directory-to-usr-bin.patch \ file://0009-support-apxs.in-force-destdir-to-be-empty-string.patch \ + file://CVE-2022-36760.patch \ " SRC_URI:append:class-target = " \ -- 2.25.1
More All Messages By This Member

1 - 1 of 1

1

Previous Topic Next Topic

Home Hashtags Subgroups Terms