Out Of Date Php Apache Openssl

  1. Home
  2. VULNERABILITIES

Title:

Out-of-date Version (PHP).
Out-of-date Version (Apache)
OpenSSL older version is used

Vulnerability:

Finding usage of older version of PHP or Apache makes it very much easy for an attacker to exploit well known and easily available exploits for PHP or Apache vulnerabilities. Few known older version vulnerabilities for PHP & Apache are as below:
PHP

  • The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP.
  • In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c.
  • Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data.
  • etc

Apache

  • In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.
  • In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.
  • The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.
  • etc

For servers, the focus is on stability ? system admin?s usually don't want to update critical server software to the newest version as soon as it is released; updates can often break things and they want to wait until it is more thoroughly tested before updating, for stability reasons. Thus, it is common practice to only install security updates immediately, and wait a while before upgrading to a newer release.

What is OpenSSL?
OpenSSL is a robust also a general-purpose cryptography library. OpenSSL offers cryptographic functions to support SSL/TLS protocols. In SSL security, websites use digital certificates to prove their legitimacy. Being open source tool there are many vulnerabilities found and exploits written to break the cryptography logic and eavesdrop the communication channel for data stealing. Few vulnerabilities reported are as below:

  • Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
  • Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
  • The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.

Solution:

Update PHP on Ubuntu 14
sudo apt-add-repository ppa:ondrej/php5-5.6
then
sudo apt-get install php5
This will trigger the PPA upgrade system
Update PHP in Xampp

  • Go to phpinfo(), press ctrl+f, and type thread to check the value.
  • If it is enabled download the non thread safe version, otherwise download the thread safe version (zip).
  • Extract it, and rename the folder to php.
  • Go to your xampp folder rename the default php folder to something else.
  • Copy the extracted (renamed php) folder in xampp directory.
  • Copy the php.ini file from default/old php folder (That you renamed) and paste it into the new php folder.
  • Restart xampp server 

*start command line and try to start httpd.exe, under xampp/apache/bin from there, it will list errors found
Update OpenSSL in Linux
wget http://www.openssl.org/source/openssl-*.*.*g.tar.gz (get the latest)
tar -xvzf openssl-1.0.1g.tar.gz
cd openssl-1.0.1g
./config --prefix=/usr/
make
sudo make install

Content Sniffing Header Vulnerability, Admin Interface Externally Open

Content Sniffing Not Disabled

OWASP Top 10 Security Testing, Content Sniffing Not Disabled

Session Cookie Found Without Secure Flag Set.

Session Cookie Found Without Secure Flag Set, Web App Security Testing Services Company

How To Enable Content Sniffing?

How To Enable Content Sniffing?, Content Sniffing Header Vulnerability

Clickjacking: X-Frame-Options Header Missing

OWASP Top 10 Security Testing , Clickjacking: X-Frame-Options Header Missing

Error Page Discloses Web Server Version

Web App Security Testing Services Company, Clickjacking: X-Frame-Options Header Missing

Error Page Discloses Web Server Version

Error Page Discloses Web Server Version, Content Sniffing Header Vulnerability

How To Disable Web Dav Extensions?

Error Page Discloses Web Server Version, OWASP Top 10 Security Testing

How To Configure Access-Control-Allow-Origin Header?

Web App Security Testing Services Company, How To Disable Web Dav Extensions?

How To Disable Custom Errors At Webroot?