{"id":104673,"date":"2022-04-22T13:04:19","date_gmt":"2022-04-22T15:04:19","guid":{"rendered":"https:\/\/teknomers.com\/fr\/qnap-conseille-aux-utilisateurs-de-mettre-a-jour-le-firmware-du-nas-pour-corriger-les-vulnerabilites-http-dapache\/"},"modified":"2022-04-22T13:04:30","modified_gmt":"2022-04-22T15:04:30","slug":"qnap-conseille-aux-utilisateurs-de-mettre-a-jour-le-firmware-du-nas-pour-corriger-les-vulnerabilites-http-dapache","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/qnap-conseille-aux-utilisateurs-de-mettre-a-jour-le-firmware-du-nas-pour-corriger-les-vulnerabilites-http-dapache\/","title":{"rendered":"QNAP conseille aux utilisateurs de mettre \u00e0 jour le firmware du NAS pour corriger les vuln\u00e9rabilit\u00e9s HTTP d&#8217;Apache"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both\"><\/div>\n<p>Le fabricant d&#8217;appareils de stockage en r\u00e9seau (NAS) QNAP a d\u00e9clar\u00e9 jeudi qu&#8217;il enqu\u00eatait sur sa gamme pour un impact potentiel r\u00e9sultant de deux vuln\u00e9rabilit\u00e9s de s\u00e9curit\u00e9 qui ont \u00e9t\u00e9 corrig\u00e9es dans le serveur HTTP Apache le mois dernier.<\/p>\n<p>Les d\u00e9fauts critiques, suivis comme <a rel=\"nofollow noopener\" href=\"https:\/\/dlcdn.apache.org\/httpd\/CHANGES_2.4\" target=\"_blank\">CVE-2022-22721 et CVE-2022-23943<\/a>sont not\u00e9s 9,8 pour la gravit\u00e9 sur le syst\u00e8me de notation CVSS et ont un impact sur les versions 2.4.52 et ant\u00e9rieures du serveur HTTP Apache &#8211;<\/p>\n<ul>\n<li><a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-22721\" target=\"_blank\">CVE-2022-22721<\/a> &#8211; D\u00e9bordement de tampon possible avec LimitXMLRequestBody tr\u00e8s grand ou illimit\u00e9<\/li>\n<li><a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-23943\" target=\"_blank\">CVE-2022-23943<\/a> &#8211; Vuln\u00e9rabilit\u00e9 d&#8217;\u00e9criture hors limites dans mod_sed d&#8217;Apache HTTP Server<\/li>\n<\/ul>\n<p>Les deux vuln\u00e9rabilit\u00e9s, aux c\u00f4t\u00e9s de CVE-2022-22719 et CVE-2022-22720, ont \u00e9t\u00e9 corrig\u00e9es par les mainteneurs du projet dans le cadre de <a rel=\"nofollow noopener\" href=\"https:\/\/downloads.apache.org\/httpd\/Announcement2.4.html\" target=\"_blank\">version 2.4.53<\/a>qui a \u00e9t\u00e9 exp\u00e9di\u00e9 le 14 mars 2022.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/crowdsec-tour-d\" target=\"_blank\" title=\"CyberSecurity\"><img loading=\"lazy\" decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/04\/1650021915_454_Haskers-Gang-donne-gratuitement-le-logiciel-malveillant-ZingoStealer-a-dautres.jpg\" width=\"728\" height=\"90\" \/><\/a><\/div>\n<p>&#8220;Alors que CVE-2022-22719 et CVE-2022-22720 n&#8217;affectent pas les produits QNAP, CVE-2022-22721 affecte les mod\u00e8les de NAS QNAP 32 bits et CVE-2022-23943 affecte les utilisateurs qui ont activ\u00e9 mod_sed dans Apache HTTP Server sur leur appareil QNAP&#8221;, la soci\u00e9t\u00e9 ta\u00efwanaise <a rel=\"nofollow noopener\" href=\"https:\/\/www.qnap.com\/en\/security-advisory\/qsa-22-11\" target=\"_blank\">mentionn\u00e9<\/a> dans une alerte publi\u00e9e cette semaine.<\/p>\n<p>En l&#8217;absence de mises \u00e0 jour de s\u00e9curit\u00e9 facilement disponibles, QNAP a propos\u00e9 des solutions de contournement, notamment \u00ab conserver la valeur par d\u00e9faut \u00ab 1M \u00bb pour LimitXMLRequestBody \u00bb et d\u00e9sactiver mod_sed, ajoutant que la fonctionnalit\u00e9 mod_sed est d\u00e9sactiv\u00e9e par d\u00e9faut dans Apache HTTP Server sur les appareils NAS ex\u00e9cutant QTS. syst\u00e8me.<\/p>\n<p>L&#8217;avis intervient pr\u00e8s d&#8217;un mois apr\u00e8s avoir r\u00e9v\u00e9l\u00e9 qu&#8217;il travaillait \u00e0 r\u00e9soudre une vuln\u00e9rabilit\u00e9 de boucle infinie dans OpenSSL (CVE-2022-0778, score CVSS\u00a0: 7,5) et publi\u00e9 des correctifs pour la faille Dirty Pipe Linux (CVE-2022-0847, score CVSS : 7.8).<\/p>\n<p><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2022\/04\/qnap-advises-users-to-update-nas.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Le fabricant d&#8217;appareils de stockage en r\u00e9seau (NAS) QNAP a d\u00e9clar\u00e9 jeudi qu&#8217;il enqu\u00eatait sur sa gamme pour un impact potentiel r\u00e9sultant de deux vuln\u00e9rabilit\u00e9s de s\u00e9curit\u00e9 qui ont \u00e9t\u00e9 corrig\u00e9es dans le serveur HTTP Apache le mois dernier. Les d\u00e9fauts critiques, suivis comme CVE-2022-22721 et CVE-2022-23943sont not\u00e9s 9,8 pour la gravit\u00e9 sur le syst\u00e8me [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":104674,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[507,4168,4482,25646,4158,4165,4161,54102,54100,54101,3995,4157,4159,4171,4170,65,4167,6454,4160,5266,4163,4162,185,27510,4172,4169,7529,4166,4164,12365],"class_list":["post-104673","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-aux","tag-comment-pirater","tag-conseille","tag-corriger","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-dapache","tag-firmware","tag-http","tag-jour","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-les","tag-logiciel-malveillant-de-ransomware","tag-mettre","tag-mises-a-jour-de-la-cybersecurite","tag-nas","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-pour","tag-qnap","tag-securite-informatique","tag-securite-internet","tag-utilisateurs","tag-violation-de-donnees","tag-vulnerabilite-logicielle","tag-vulnerabilites"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/104673","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=104673"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/104673\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/104674"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=104673"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=104673"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=104673"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}