1、Apache安全漏洞
Apache HTTP Server拒绝服务漏洞(CVE-2018-1303)Apache HTTP Server 安全漏洞(CVE-2018-17199)Apache HTTP Server 内存破坏漏洞(CVE-2017-9788)Apache httpd 信息泄露漏洞(CVE-2017-9798)Apache HTTP Server mod_ssl空指针间接引用漏洞(CVE-2017-3169)Apache HTTP Server ap_get_basic_auth_pw身份验证绕过漏洞(CVE-2017-3167)Apache HTTP Server mod_mime缓冲区溢出漏洞(CVE-2017-7679)Apache HTTP Server远程安全限制绕过漏洞(CVE-2018-1312)OpenSSL 安全漏洞(CVE-2018-0732)Apache httpd 安全漏洞(CVE-2017-15715)Apache HTTP Server mod_authnz_ldap拒绝服务漏洞(CVE-2017-15710)Apache HTTP Server远程拒绝服务漏洞(CVE-2014-0231)Apache HTTP Server远程拒绝服务漏洞(CVE-2014-0118)Apache HTTP Server远程拒绝服务漏洞(CVE-2014-3523)Apache HTTP Server 'mod_status'远程代码执行漏洞(CVE-2014-0226)OpenSSL 信息泄露漏洞(CVE-2017-3736)OpenSSL 安全限制绕过漏洞(CVE-2017-3737)OpenSSL 旁道攻击信息泄露漏洞(CVE-2018-0734)Apache HTTP Server mod_headers模块权限许可和访问控制漏洞(CVE-2013-5704)Apache HTTP Server mod_cache拒绝服务漏洞(CVE-2014-3581)Apache HTTP Server HTTP请求走私漏洞(CVE-2015-3183)Apache HTTP Server 安全漏洞(CVE-2019-0220)Apache HTTP Server ap_some_auth_required函数访问限制绕过漏洞(CVE-2015-3185)Apache HTTP Server mod_lua模块权限许可和访问控制漏洞(CVE-2014-8109)Apache httpd 跨站脚本漏洞(CVE-2019-10092)Apache httpd 输入验证错误漏洞(CVE-2019-10098)Apache HTTP Server HTTP_PROXY环境变量安全漏洞(CVE-2016-5387)OpenSSL 安全漏洞(CVE-2019-1547)OpenSSL 缓冲区错误漏洞(CVE-2019-1551)OpenSSL旁道攻击信息泄露漏洞(CVE-2018-0737)OpenSSL 信息泄露漏洞(CVE-2018-5407)OpenSSL rsaz_1024_mul_avx2溢出信息泄露漏洞(CVE-2017-3738)OpenSSL 安全漏洞(CVE-2017-3735)Apache httpd 安全漏洞 (CVE-2016-8743)Apache httpd 安全漏洞 (CVE-2016-2161)Apache httpd 安全漏洞 (CVE-2016-0736)Apache HTTP Server 'mod_cache'模块远程拒绝服务漏洞(CVE-2013-4352)Apache HTTP Server多个拒绝服务漏洞(CVE-2013-6438)Apache HTTP Server多个拒绝服务漏洞(CVE-2014-0098)Apache HTTP Server HTTP响应分离漏洞(CVE-2016-4975)Apache HTTP Server拒绝服务漏洞(CVE-2018-1301)Apache HTTP Server远程拒绝服务漏洞(CVE-2014-0117)Apache HTTP Server 输入验证错误漏洞(CVE-2020-1927)Apache HTTP Server 安全漏洞(CVE-2020-1934)OpenSSL 信任管理问题漏洞 (CVE-2019-15526)OpenSSL 安全漏洞(CVE-2019-1563)
2、升级Apache
2.1、升级原因
- el7社区、官方等均不维护
- el7 apache 官方版本为2.4.6,过时了
- 第三方平台也缺乏支持
2.2、升级apr
2.2.1 下载
下载网址如下
https://apr.apache.org/download.cgi
下载目前的最新版
wget https://dlcdn.apache.org//apr/apr-1.7.4.tar.bz2
2.2.2 安装rpmbuild等依赖包
yum install autoconf doxygen libtool libuuid-devel openldap-devel lua-devel libxml2-devel expat-devel db4-devel postgresql-devel sqlite-devel unixODBC-devel nss-devel apr-util-devel gcc make rpm-build
2.2.3 准备rpmbuild构建目录
mkdir -p ~/rpmbuild/{BUILD,BUILDROOT,RPMS,SOURCES,SPECS,SRPMS}
2.2.4 编译apr rpm包
cp apr-1.7.4.tar.bz2 ~/rpmbuild/SOURCES
tar -xvf apr-1.7.4.tar.bz2
cp apr-1.7.4/apr.spec ~/rpmbuild/SPECS/
cd ~/rpmbuild/SPECS/
rpmbuild -ba apr.spec
编译完成后查看rpm包:
ls -hl ../RPMS/aarch64/apr-*
-rw-r--r-- 1 root root 103K Jul 19 15:15 ../RPMS/aarch64/apr-1.7.4-1.aarch64.rpm
-rw-r--r-- 1 root root 467K Jul 19 15:15 ../RPMS/aarch64/apr-debuginfo-1.7.4-1.aarch64.rpm
-rw-r--r-- 1 root root 860K Jul 19 15:15 ../RPMS/aarch64/apr-devel-1.7.4-1.aarch64.rpm
2.2.5 安装arp rpm
cd ../RPMS/aarch64yum localinstall apr-1.7.4-1.aarch64.rpm apr-devel-1.7.4-1.aarch64.rpm
2.3、httpd
2.3.1 下载
下载网址如下
https://httpd.apache.org/download.cgi
下载目前的最新版
wget https://dlcdn.apache.org/httpd/httpd-2.4.62.tar.bz2
2.3.2 编译http rpm包
cp httpd-2.4.62.tar.bz2 ~/rpmbuild/SOURCES
tar -xvf httpd-2.4.62.tar.bz2
cp httpd-2.4.62/httpd.spec ~/rpmbuild/SPECS/
cd ~/rpmbuild/SPECS/
rpmbuild -ba httpd.spec
编译完成后查看rpm包:
ls -hl ../RPMS/aarch64/{httpd-*,mod_*}
-rw-r--r-- 1 root root 1.4M Jul 19 15:38 ../RPMS/aarch64/httpd-2.4.62-1.aarch64.rpm
-rw-r--r-- 1 root root 3.8M Jul 19 15:38 ../RPMS/aarch64/httpd-debuginfo-2.4.62-1.aarch64.rpm
-rw-r--r-- 1 root root 209K Jul 19 15:38 ../RPMS/aarch64/httpd-devel-2.4.62-1.aarch64.rpm
-rw-r--r-- 1 root root 4.3M Jul 19 15:38 ../RPMS/aarch64/httpd-manual-2.4.62-1.aarch64.rpm
-rw-r--r-- 1 root root 79K Jul 19 15:38 ../RPMS/aarch64/httpd-tools-2.4.62-1.aarch64.rpm
-rw-r--r-- 1 root root 44K Jul 19 15:38 ../RPMS/aarch64/mod_authnz_ldap-2.4.62-1.aarch64.rpm
-rw-r--r-- 1 root root 45K Jul 19 15:38 ../RPMS/aarch64/mod_lua-2.4.62-1.aarch64.rpm
-rw-r--r-- 1 root root 24K Jul 19 15:38 ../RPMS/aarch64/mod_proxy_html-2.4.62-1.aarch64.rpm
-rw-r--r-- 1 root root 91K Jul 19 15:38 ../RPMS/aarch64/mod_ssl-2.4.62-1.aarch64.rpm
2.3.3 安装http rpm
安装http需要先卸载
yum remove httpd-mmn httpd-tools
安装
cd ../RPMS/aarch64
yum localinstall httpd-2.4.62-1.aarch64.rpm httpd-tools-2.4.62-1.aarch64.rpm httpd-manual-2.4.62-1.aarch64.rpm mod_lua-2.4.62-1.aarch64.rpm mod_proxy_html-2.4.62-1.aarch64.rpm mod_ssl-2.4.62-1.aarch64.rpm
2.3.4 、其他
cd /etc/httpd/conf.modules.d
rm -rf 00-systemd.conf 01-cgi.conf 10-wsgi.conf
2.3.5、启动服务
systemctl start httpd
3、参考文献
https://blog.csdn.net/yuelai_217/article/details/130741234
https://blog.csdn.net/fredricen/article/details/140129540
https://blog.csdn.net/rznice/article/details/121693102
https://blog.csdn.net/weixin_41522108/article/details/134658656