4837 Total CVEs
26 Years
GitHub
Home / 2020 / CVE-2020-11984
README.md
Rendering markdown...
POC / Dockerfile
⬇ Raw GitHub ✕ Close 
FROM debian:bullseye-slim AS builder
ENV HTTPD_VERSION 2.4.32
ENV APR_VERSION 1.6.3
ENV APR_UTIL_VERSION 1.6.1
RUN apt-get update && apt-get install -y --no-install-recommends \
    build-essential wget ca-certificates libpcre3-dev libssl-dev zlib1g-dev libexpat1-dev \
    && rm -rf /var/lib/apt/lists/*
WORKDIR /usr/src
RUN wget --no-verbose "https://archive.apache.org/dist/httpd/httpd-${HTTPD_VERSION}.tar.gz" && \
    wget --no-verbose "https://archive.apache.org/dist/apr/apr-${APR_VERSION}.tar.gz" && \
    wget --no-verbose "https://archive.apache.org/dist/apr/apr-util-${APR_UTIL_VERSION}.tar.gz" && \
    tar xzf "httpd-${HTTPD_VERSION}.tar.gz" && tar xzf "apr-${APR_VERSION}.tar.gz" && tar xzf "apr-util-${APR_UTIL_VERSION}.tar.gz" && \
    mv "apr-${APR_VERSION}" "httpd-${HTTPD_VERSION}/srclib/apr" && mv "apr-util-${APR_UTIL_VERSION}" "httpd-${HTTPD_VERSION}/srclib/apr-util"
WORKDIR /usr/src/httpd-${HTTPD_VERSION}
RUN ./configure --prefix=/usr/local/apache2 --enable-mods-shared=all --enable-deflate \
    --enable-proxy --enable-proxy-balancer --enable-proxy-http --with-included-apr
RUN make && make install

FROM debian:bullseye-slim

RUN apt-get update && apt-get install -y --no-install-recommends \
    libpcre3 libapr1 libaprutil1 libssl1.1 zlib1g libexpat1 \
    supervisor python3 uwsgi uwsgi-plugin-python3 \
    && rm -rf /var/lib/apt/lists/*

COPY --from=builder /usr/local/apache2 /usr/local/apache2

RUN mkdir -p /var/www
COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
COPY upstream.py /var/www/upstream.py

RUN ln -sf /dev/stdout /usr/local/apache2/logs/access_log && \
    ln -sf /dev/stderr /usr/local/apache2/logs/error_log

RUN groupadd --system --gid 80 apache && \
    useradd --system --gid apache --uid 80 --shell /bin/false --home /usr/local/apache2 apache

RUN sed -i \
    -e 's/^User daemon/User apache/' -e 's/^Group daemon/Group apache/' \
    -e 's/^#ServerName www.example.com:80/ServerName localhost/' \
    -e 's/^LogLevel warn/LogLevel info/' \
    -e '\!LoadModule proxy_module modules/mod_proxy.so!s!^#\s*!!' \
    -e '/LoadModule proxy_module modules\/mod_proxy.so/a LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so' \
    /usr/local/apache2/conf/httpd.conf

RUN <<EOF cat >> /usr/local/apache2/conf/httpd.conf
<VirtualHost *:80>
    ProxyPass "/" "uwsgi://127.0.0.1:8080/"
    LimitRequestFieldSize 1048576
</VirtualHost>
EOF

ENV PATH /usr/local/apache2/bin:$PATH
EXPOSE 80

CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]