Rewterz Threat Alert – GCleaner Malware – Active IOCs
January 18, 2023Rewterz Threat Alert – DarkComet RAT (Remote Access Trojan) – Active IOCs
January 18, 2023Severity
Medium
Analysis Summary
CVE-2022-37436 CVSS:6.1
Apache HTTP Server is vulnerable to HTTP response splitting attacks, caused by the use of a malicious backend by mod_proxy. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information.
CVE-2022-36760 CVSS:7.5
Apache HTTP Server is vulnerable to HTTP request smuggling, caused by an inconsistent interpretation of HTTP Requests vulnerability in mod_proxy_ajp. An attacker could exploit this vulnerability to smuggle requests to the AJP server it forwards requests to.
CVE-2006-20001 CVSS:5.3
Apache HTTP Server is vulnerable to a denial of service, caused by an out-of-bounds read or write of zero in mod_dav. By sending a specially crafted If: request header, an attacker could exploit this vulnerability to cause the process to crash.
Impact
- Unauthorized Access
- Denial of Service
Indicators Of Compromise
CVE
- CVE-2022-37436
- CVE-2022-36760
- CVE-2006-20001
Affected Vendors
Apache
Affected Products
- Apache HTTP Server 2.4.0
- Apache HTTP Server 2.4.1
- Apache HTTP Server 2.4.2
- Apache HTTP Server 2.4.18
- Apache HTTP Server 2.4.20
- Apache HTTP Server 2.4.23
- Apache HTTP Server 2.4.29
- Apache HTTP Server 2.2.24
Remediation
Upgrade to the latest version of Apache HTTP Server, available from the Apache Web site.