{"id":16955,"date":"2019-08-23T17:02:11","date_gmt":"2019-08-23T08:02:11","guid":{"rendered":"http:\/\/www.skyarch.net\/blog\/?p=16955"},"modified":"2019-08-23T17:02:11","modified_gmt":"2019-08-23T08:02:11","slug":"apache-http-server-2-4-%e3%81%a7%e8%a4%87%e6%95%b0%e3%81%ae%e8%84%86%e5%bc%b1%e6%80%a7%e3%81%8c%e5%85%ac%e8%a1%a8%e3%81%95%e3%82%8c%e3%81%be%e3%81%97%e3%81%9f%e3%80%82cve-2019-10092%e3%80%81cve-2019-1","status":"publish","type":"post","link":"https:\/\/www.skyarch.net\/blog\/apache-http-server-2-4-%e3%81%a7%e8%a4%87%e6%95%b0%e3%81%ae%e8%84%86%e5%bc%b1%e6%80%a7%e3%81%8c%e5%85%ac%e8%a1%a8%e3%81%95%e3%82%8c%e3%81%be%e3%81%97%e3%81%9f%e3%80%82cve-2019-10092%e3%80%81cve-2019-1\/","title":{"rendered":"Apache HTTP Server 2.4 \u3067\u8907\u6570\u306e\u8106\u5f31\u6027\u304c\u516c\u8868\u3055\u308c\u307e\u3057\u305f\u3002CVE-2019-10092\u3001CVE-2019-10098\u3001CVE-2019-10082\u3001CVE-2019-10081\u3001CVE-2019-9517\u3001CVE-2019-10097"},"content":{"rendered":"<p>Apache 2.4.41 \u304c 2019\u5e748\u670814\u65e5\u306b\u30ea\u30ea\u30fc\u30b9\u3055\u308c\u3001\u8907\u6570\u306e\u8106\u5f31\u6027\u306b\u5bfe\u3057\u3066\u306e\u4fee\u6b63\u304c\u53d6\u308a\u8fbc\u307e\u308c\u3066\u3044\u307e\u3059\u3002\u5404\u30d9\u30f3\u30c0\u3067\u306e\u4fee\u6b63\u53d6\u308a\u8fbc\u307f\u72b6\u6cc1\u306a\u3069\u8a18\u4e8b\u57f7\u7b46\u6642\u70b9\uff088\u670820\u65e5\uff09\u3067\u306f\u516c\u8868\u3055\u308c\u3066\u3044\u306a\u3044\u3082\u306e\u304c\u591a\u3044\u305f\u3081\u3001\u78ba\u8a8d\u51fa\u6765\u6b21\u7b2c\u8ffd\u8a18\u3057\u3066\u3044\u304d\u305f\u3044\u3068\u601d\u3044\u307e\u3059\u3002<\/p>\n<p>\u4ee5\u4e0b\u306e6\u3064\u306eCVE\u304c\u767a\u884c\u3001\u3082\u3057\u304f\u306f\u4e88\u7d04\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<ul>\n<li>CVE-2019-10092: mod_proxy \u306e\u30a8\u30e9\u30fc\u30da\u30fc\u30b8\u306b\u304a\u3044\u3066\u9650\u5b9a\u7684\u306a\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0 - low<\/li>\n<li>CVE-2019-10098: mod_rewrite \u3067\u6f5c\u5728\u7684\u306a\u30aa\u30fc\u30d7\u30f3\u30ea\u30c0\u30a4\u30ec\u30af\u30c8 - low<\/li>\n<li>CVE-2019-10082: mod_http2 \u3067 h2 \u63a5\u7d9a\u5207\u65ad\u6642\u306b read-after-free - moderate<\/li>\n<li>CVE-2019-10081: mod_http2 \u3067 early pushes \u6642\u306b\u30e1\u30e2\u30ea\u7834\u58ca - moderate<\/li>\n<li>CVE-2019-9517: mod_http2 \u3067 h2 \u30ef\u30fc\u30ab\u30fc\u3092\u4f7f\u3044\u5c3d\u304f\u3059\u4e8b\u306b\u3088\u308b DoS \u653b\u6483 - moderate<\/li>\n<li>CVE-2019-1009: mod_remoteip\u3067\u30b9\u30bf\u30c3\u30af\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u3068 NULL \u30dd\u30a4\u30f3\u30bf\u53c2\u7167 - moderate<\/li>\n<\/ul>\n<p>\u4ee5\u4e0b <a href=\"https:\/\/httpd.apache.org\/security\/vulnerabilities_24.html\">Apache HTTP Server 2.4 \u306e\u8106\u5f31\u6027\u60c5\u5831<\/a>\u304b\u3089\u5f15\u7528\u3057\u307e\u3059\u3002<\/p>\n<h2 id=\"cve-2019-10092-mod_proxy-\u306e\u30a8\u30e9\u30fc\u30da\u30fc\u30b8\u306b\u304a\u3044\u3066\u9650\u5b9a\u7684\u306a\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0---low\"><a href=\"http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2019-10092\">CVE-2019-10092<\/a>: mod_proxy \u306e\u30a8\u30e9\u30fc\u30da\u30fc\u30b8\u306b\u304a\u3044\u3066\u9650\u5b9a\u7684\u306a\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0 - low<\/h2>\n<p>mod_proxy \u306e\u30a8\u30e9\u30fc\u30da\u30fc\u30b8\u306b\u5f71\u97ff\u3092\u4e0e\u3048\u308b\u9650\u5b9a\u7684\u306a\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0\u554f\u984c\u304c\u5831\u544a\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u653b\u6483\u8005\u306f\u4e0d\u6b63\u306a\u30a8\u30e9\u30fc\u30da\u30fc\u30b8\u3078\u306e\u30ea\u30f3\u30af\u3092\u901a\u3058\u3066\u4efb\u610f\u306e\u30da\u30fc\u30b8\u3078\u3068\u8a98\u5c0e\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<p>\u30d7\u30ed\u30ad\u30b7\u30fc\u304c\u6709\u52b9\u306b\u306a\u3063\u3066\u3044\u3066\u304b\u3064\u3001\u30d7\u30ed\u30ad\u30b7\u30fc\u30a8\u30e9\u30fc\u30da\u30fc\u30b8\u304c\u8868\u793a\u3055\u308c\u308b\u3088\u3046\u306a\u8aa4\u3063\u305f\u8a2d\u5b9a\u304c\u3055\u308c\u3066\u3044\u308b\u5834\u5408\u306b\u653b\u6483\u306b\u5229\u7528\u3055\u308c\u307e\u3059\u3002<\/p>\n<dl>\n<dt>\u5f71\u97ff\u306e\u3042\u308b\u30d0\u30fc\u30b8\u30e7\u30f3<\/dt>\n<dd>2.4.39, 2.4.38, 2.4.37, 2.4.35, 2.4.34, 2.4.33, 2.4.30, 2.4.29, 2.4.28, 2.4.27, 2.4.26, 2.4.25, 2.4.23, 2.4.20, 2.4.18, 2.4.17, 2.4.16, 2.4.12, 2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1, 2.4.0\n<\/dd>\n<\/dl>\n<h2 id=\"cve-2019-10098-mod_rewrite-\u3067\u6f5c\u5728\u7684\u306a\u30aa\u30fc\u30d7\u30f3\u30ea\u30c0\u30a4\u30ec\u30af\u30c8---low\"><a href=\"http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2019-10098\">CVE-2019-10098<\/a>: mod_rewrite \u3067\u6f5c\u5728\u7684\u306a\u30aa\u30fc\u30d7\u30f3\u30ea\u30c0\u30a4\u30ec\u30af\u30c8 - low<\/h2>\n<p>mod_rewrite \u306b\u3088\u308a\u81ea\u5df1\u53c2\u7167\u3059\u308b\u3088\u3046\u306b\u8a2d\u5b9a\u3055\u308c\u305f\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u306b\u5bfe\u3057\u3066\u3001\u30a8\u30f3\u30b3\u30fc\u30c9\u3055\u308c\u305f\u6539\u884c\u3068\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u306b\u3088\u3063\u3066\u30ea\u30af\u30a8\u30b9\u30c8URL\u5185\u306e\u4e88\u671f\u3057\u306a\u3044 URL \u306b\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3055\u308c\u308b\u5834\u5408\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<dl>\n<dt>\u5f71\u97ff\u306e\u3042\u308b\u30d0\u30fc\u30b8\u30e7\u30f3<\/dt>\n<dd>2.4.39, 2.4.38, 2.4.37, 2.4.35, 2.4.34, 2.4.33, 2.4.30, 2.4.29, 2.4.28, 2.4.27, 2.4.26, 2.4.25, 2.4.23, 2.4.20, 2.4.18, 2.4.17, 2.4.16, 2.4.12, 2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1, 2.4.0\n<\/dd>\n<\/dl>\n<h2 id=\"cve-2019-10082-mod_http2-\u3067-h2-\u63a5\u7d9a\u5207\u65ad\u6642\u306b-read-after-free---moderate\"><a href=\"http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2019-10082\">CVE-2019-10082<\/a>: mod_http2 \u3067 h2 \u63a5\u7d9a\u5207\u65ad\u6642\u306b read-after-free - moderate<\/h2>\n<p>\u4e0d\u6b63\u306a\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30a4\u30f3\u30d7\u30c3\u30c8\u3092\u5229\u7528\u3057\u3066\u3001 http\/2 \u306e\u30bb\u30c3\u30b7\u30e7\u30f3\u30cf\u30f3\u30c9\u30ea\u30f3\u30b0\u306b\u63a5\u7d9a\u5207\u65ad\u6642\u306b\u89e3\u653e\u5f8c\u306e\u30e1\u30e2\u30ea\u3092\u8aad\u307f\u51fa\u3059\u3088\u3046\u306b\u3055\u305b\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<dl>\n<dt>\u5f71\u97ff\u306e\u3042\u308b\u30d0\u30fc\u30b8\u30e7\u30f3<\/dt>\n<dd>2.4.39, 2.4.38, 2.4.37, 2.4.35, 2.4.34, 2.4.33, 2.4.32, 2.4.29, 2.4.28, 2.4.27, 2.4.26, 2.4.25, 2.4.23, 2.4.20, 2.4.18\n<\/dd>\n<\/dl>\n<h2 id=\"cve-2019-10081-mod_http2-\u3067\u521d\u671f\u30d7\u30c3\u30b7\u30e5\u6642\u306b\u30e1\u30e2\u30ea\u7834\u58ca---moderate\"><a href=\"http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2019-10081\">CVE-2019-10081<\/a>: mod_http2 \u3067\u521d\u671f\u30d7\u30c3\u30b7\u30e5\u6642\u306b\u30e1\u30e2\u30ea\u7834\u58ca - moderate<\/h2>\n<p>HTTP\/2 \u3067\u6700\u521d\u671f\u306e\u30d7\u30c3\u30b7\u30e5\u3001\u4f8b\u3048\u3070 \"H2PushResource\" \u3067\u8a2d\u5b9a\u3055\u308c\u3066\u3044\u308b\u5834\u5408\u306a\u3069\u306b\u30d7\u30c3\u30b7\u30f3\u30b0\u30ea\u30af\u30a8\u30b9\u30c8\u30d7\u30fc\u30eb\u5185\u306e\u30e1\u30e2\u30ea\u3092\u4e0a\u66f8\u304d\u3059\u308b\u3053\u3068\u3067\u30af\u30e9\u30c3\u30b7\u30e5\u3092\u5f15\u304d\u8d77\u3053\u3059\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u304b\u3089\u9001\u4fe1\u3055\u308c\u305f\u30c7\u30fc\u30bf\u3067\u306f\u306a\u304f\u3001\u8a2d\u5b9a\u3055\u308c\u305f\u30d7\u30c3\u30b7\u30e5\u30ea\u30f3\u30af\u30d8\u30c3\u30c0\u306e\u5024\u304c\u30e1\u30e2\u30ea\u306b\u30b3\u30d4\u30fc\u3055\u308c\u307e\u3059\u3002<\/p>\n<dl>\n<dt>\u5f71\u97ff\u306e\u3042\u308b\u30d0\u30fc\u30b8\u30e7\u30f3<\/dt>\n<dd>2.4.39, 2.4.38, 2.4.37, 2.4.35, 2.4.34, 2.4.33, 2.4.32, 2.4.29, 2.4.28, 2.4.27, 2.4.26, 2.4.25, 2.4.23, 2.4.20\n<\/dd>\n<\/dl>\n<h2 id=\"cve-2019-9517-mod_http2-\u3067-h2-\u30ef\u30fc\u30ab\u30fc\u3092\u4f7f\u3044\u5c3d\u304f\u3059\u4e8b\u306b\u3088\u308b-dos-\u653b\u6483---moderate\"><a href=\"http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2019-9517\">CVE-2019-9517<\/a>: mod_http2 \u3067 h2 \u30ef\u30fc\u30ab\u30fc\u3092\u4f7f\u3044\u5c3d\u304f\u3059\u4e8b\u306b\u3088\u308b DoS \u653b\u6483 - moderate<\/h2>\n<p>\u60aa\u610f\u306e\u3042\u308b\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u304c\u5927\u91cf\u306e\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u4f34\u3063\u305f\u63a5\u7d9a\u3092\u5b9f\u65bd\u3057\u3001TCP\u30b3\u30cd\u30af\u30b7\u30e7\u30f3\u4e0a\u306e\u30ec\u30b9\u30dd\u30f3\u30b9\u3092\u57fa\u672c\u7684\u306b\u6c7a\u3057\u3066\u8aad\u307e\u306a\u3044\u3053\u3068\u306b\u3088\u3063\u3066 DoS \u653b\u6483\u3092\u5b9f\u65bd\u3067\u304d\u307e\u3059\u3002h2 \u30ef\u30fc\u30ab\u6570\u306e\u8a2d\u5b9a\u306b\u3088\u3063\u3066\u3001\u6bd4\u8f03\u7684\u5c11\u6570\u306e\u3053\u306e\u3088\u3046\u306a\u653b\u6483\u3092\u9632\u3050\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<dl>\n<dt>\u5f71\u97ff\u306e\u3042\u308b\u30d0\u30fc\u30b8\u30e7\u30f3<\/dt>\n<dd>2.4.39, 2.4.38, 2.4.37, 2.4.35, 2.4.34, 2.4.33, 2.4.32, 2.4.29, 2.4.28, 2.4.27, 2.4.26, 2.4.25, 2.4.23, 2.4.20\n<\/dd>\n<\/dl>\n<h2 id=\"cve-2019-1009-mod_remoteip\u3067\u30b9\u30bf\u30c3\u30af\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u3068-null-\u30dd\u30a4\u30f3\u30bf\u53c2\u7167---moderate\"><a href=\"http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2019-10097\">CVE-2019-1009<\/a>: mod_remoteip\u3067\u30b9\u30bf\u30c3\u30af\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u3068 NULL \u30dd\u30a4\u30f3\u30bf\u53c2\u7167 - moderate<\/h2>\n<p>mod_remoteip \u304c\u4fe1\u7528\u3067\u304d\u308b\u4e2d\u9593\u30d7\u30ed\u30ad\u30b7\u30fc\u30b5\u30fc\u30d0\u3092 \u201d\u30d7\u30ed\u30ad\u30b7\u30fc\u201d\u30d7\u30ed\u30c8\u30b3\u30eb\u3092\u5229\u7528\u3059\u308b\u3088\u3046\u306b\u8a2d\u5b9a\u3055\u308c\u3066\u3044\u308b\u5834\u5408\u3001\u7279\u5225\u306b\u4f5c\u3089\u308c\u305f \u30d7\u30ed\u30ad\u30b7\u30fc\u30d8\u30c3\u30c0\u306b\u3088\u3063\u3066\u30b9\u30bf\u30c3\u30af\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u3084 NULL \u30dd\u30a4\u30f3\u30bf\u53c2\u7167\u3092\u5f15\u304d\u8d77\u3053\u3057\u307e\u3059\u3002\u3053\u306e\u8106\u5f31\u6027\u306f\u4fe1\u983c\u3067\u304d\u306a\u3044 HTTP \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3067\u306f\u306a\u304f\u3001\u4fe1\u983c\u3067\u304d\u308b\u30d7\u30ed\u30ad\u30b7\u306b\u3088\u3063\u3066\u5f15\u304d\u8d77\u3053\u3055\u308c\u307e\u3059\u3002<\/p>\n<dl>\n<dt>\u5f71\u97ff\u306e\u3042\u308b\u30d0\u30fc\u30b8\u30e7\u30f3<\/dt>\n<dd>2.4.38, 2.4.37, 2.4.35, 2.4.34, 2.4.33\n<\/dd>\n<\/dl>\n<p>\u53d6\u308a\u6025\u304e\u3053\u3053\u307e\u3067\u3002\u307e\u305f\u8a73\u7d30\u7b49\u5224\u660e\u3057\u307e\u3057\u305f\u3089\u3001\u66f4\u65b0\u3057\u305f\u3044\u3068\u601d\u3044\u307e\u3059\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Apache 2.4.41 \u304c 2019\u5e748\u670814\u65e5\u306b\u30ea\u30ea\u30fc\u30b9\u3055\u308c\u3001\u8907\u6570\u306e\u8106\u5f31\u6027\u306b\u5bfe\u3057\u3066\u306e\u4fee\u6b63\u304c\u53d6\u308a\u8fbc\u307e\u308c\u3066\u3044\u307e\u3059\u3002\u5404\u30d9\u30f3\u30c0\u3067\u306e\u4fee\u6b63\u53d6\u308a\u8fbc\u307f\u72b6\u6cc1\u306a\u3069\u8a18\u4e8b\u57f7\u7b46\u6642\u70b9\uff088\u670820\u65e5\uff09\u3067\u306f\u516c\u8868\u3055\u308c\u3066\u3044\u306a\u3044\u3082\u306e\u304c\u591a\u3044\u305f\u3081\u3001\u78ba\u8a8d\u51fa\u6765\u6b21&#8230;<\/p>\n","protected":false},"author":1,"featured_media":16792,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_locale":"ja","_original_post":"16955","footnotes":""},"categories":[90,29,18,35,7],"tags":[767],"class_list":{"0":"post-16955","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-apache","8":"category-linux","9":"category-os","10":"category-web-linux","11":"category-security","12":"tag-apache-http-server","13":"ja"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/posts\/16955","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/comments?post=16955"}],"version-history":[{"count":7,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/posts\/16955\/revisions"}],"predecessor-version":[{"id":16977,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/posts\/16955\/revisions\/16977"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/media\/16792"}],"wp:attachment":[{"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/media?parent=16955"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/categories?post=16955"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/tags?post=16955"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}