Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-53998

/Security/CVE-2020-11984-httpd-mod_proxy_uwsgi-buffer-overflow failing

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • rhel-10.0.beta
    • httpd
    • None
    • No
    • None
    • rhel-sst-cs-stacks
    • ssg_core_services
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None

      What were you trying to do that didn't work?

      /Security/CVE-2020-11984-httpd-mod_proxy_uwsgi-buffer-overflow test is failing

      Please provide the package NVR for which bug is seen:

      httpd-2.4.62-3.el10

      Expected results (rhel-9.5):

      http error code 500

      AH10259: can't send headers to 127.0.0.1:9000: packet size too large (180723)

      (env) curl --header @./hdrs --max-time 10 http://localhost/rhts-uwsgi/app.py
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to complete
your request.</p>
<p>Please contact the server administrator at 
 root@localhost to inform them of the time this error occurred,
 and the actions you performed just before this error.</p>
<p>More information about this error may be available
in the server error log.</p>
</body></html>
(env) cat /var/log/httpd/error_log 
[Mon Aug 12 09:38:57.688841 2024] [core:notice] [pid 8587:tid 8587] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Mon Aug 12 09:38:57.689446 2024] [suexec:notice] [pid 8587:tid 8587] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Mon Aug 12 09:38:57.699866 2024] [lbmethod_heartbeat:notice] [pid 8587:tid 8587] AH02282: No slotmem from mod_heartmonitor
[Mon Aug 12 09:38:57.708546 2024] [mpm_event:notice] [pid 8587:tid 8587] AH00489: Apache/2.4.57 (Red Hat Enterprise Linux) configured -- resuming normal operations
[Mon Aug 12 09:38:57.708562 2024] [core:notice] [pid 8587:tid 8587] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'

[Mon Aug 12 09:40:59.310782 2024] [:error] [pid 8597:tid 8762] [client ::1:42876] AH10259: can't send headers to 127.0.0.1:9000: packet size too large (180723)

(env) cat /var/log/httpd/access_log 
::1 - - [12/Aug/2024:09:40:59 -0400] "GET /rhts-uwsgi/app.py HTTP/1.1" 500 527 "-" "curl/7.76.1"

      Actual results (rhel-10.0.beta):

      http error code 400, no message in error_log

      (env) curl --header @./hdrs --max-time 10 http://localhost/rhts-uwsgi/app.py
curl: (28) Operation timed out after 10002 milliseconds with 0 bytes received

(env) cat /var/log/httpd/error_log 
[Mon Aug 12 09:34:57.997111 2024] [suexec:notice] [pid 8076:tid 8076] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Mon Aug 12 09:34:58.007200 2024] [lbmethod_heartbeat:notice] [pid 8076:tid 8076] AH02282: No slotmem from mod_heartmonitor
[Mon Aug 12 09:34:58.007898 2024] [systemd:notice] [pid 8076:tid 8076] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Mon Aug 12 09:34:58.015883 2024] [mpm_event:notice] [pid 8076:tid 8076] AH00489: Apache/2.4.62 (Red Hat Enterprise Linux) configured -- resuming normal operations
[Mon Aug 12 09:34:58.015899 2024] [core:notice] [pid 8076:tid 8076] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'

(env) cat /var/log/httpd/access_log
::1 - - [12/Aug/2024:09:37:26 -0400] "GET /rhts-uwsgi/app.py HTTP/1.1" 400 226 "-" "curl/8.6.0"

              luhliari@redhat.com Lubos Uhliarik
              bnater@redhat.com Branislav Náter
              Lubos Uhliarik Lubos Uhliarik
              rhel-cs-infra-services-qe rhel-cs-infra-services-qe rhel-cs-infra-services-qe rhel-cs-infra-services-qe
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: