Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2021-2832)

The remote host is missing an update for the Huawei EulerOS 'httpd' package(s) announced via the EulerOS-SA-2021-2832 advisory.

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service.(CVE-2021-26690) Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow.(CVE-2020-35452) In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow.(CVE-2021-26691) Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.(CVE-2021-34798) A crafted request uri-path can cause mod_proxy to forward the request to an origin server chosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.(CVE-2021-40438) ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.(CVE-2021-39275)

'httpd' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0.

Checks if a vulnerable package version is present on the target host.

Please install the updated package(s).