Headline
RHSA-2022:8067: Red Hat Security Advisory: httpd security, bug fix, and enhancement update
An update for httpd is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-22719: httpd: mod_lua: Use of uninitialized value of in r:parsebody
- CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody
- CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds
- CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling
- CVE-2022-28614: httpd: Out-of-bounds read via ap_rwrite()
- CVE-2022-28615: httpd: Out-of-bounds read in ap_strcmp_match()
- CVE-2022-29404: httpd: mod_lua: DoS in r:parsebody
- CVE-2022-30522: httpd: mod_sed: DoS vulnerability
- CVE-2022-30556: httpd: mod_lua: Information disclosure with websockets
- CVE-2022-31813: httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism
Synopsis
Moderate: httpd security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for httpd is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
The following packages have been upgraded to a later upstream version: httpd (2.4.53). (BZ#2079939)
Security Fix(es):
- httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943)
- httpd: mod_lua: Use of uninitialized value of in r:parsebody (CVE-2022-22719)
- httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721)
- httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)
- httpd: mod_lua: DoS in r:parsebody (CVE-2022-29404)
- httpd: mod_sed: DoS vulnerability (CVE-2022-30522)
- httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813)
- httpd: Out-of-bounds read via ap_rwrite() (CVE-2022-28614)
- httpd: Out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)
- httpd: mod_lua: Information disclosure with websockets (CVE-2022-30556)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
Fixes
- BZ - 2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds
- BZ - 2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody
- BZ - 2064322 - CVE-2022-22719 httpd: mod_lua: Use of uninitialized value of in r:parsebody
- BZ - 2073459 - Cannot override LD_LIBARY_PATH in Apache HTTPD using SetEnv or PassEnv. Needs documentation.
- BZ - 2075406 - httpd.conf uses icon bomb.gif for all files/dirs ending with core
- BZ - 2079939 - httpd rebase to 2.4.53
- BZ - 2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling
- BZ - 2095002 - CVE-2022-28614 httpd: Out-of-bounds read via ap_rwrite()
- BZ - 2095006 - CVE-2022-28615 httpd: Out-of-bounds read in ap_strcmp_match()
- BZ - 2095012 - CVE-2022-29404 httpd: mod_lua: DoS in r:parsebody
- BZ - 2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability
- BZ - 2095018 - CVE-2022-30556 httpd: mod_lua: Information disclosure with websockets
- BZ - 2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism
- BZ - 2095838 - mod_mime_magic: invalid type 0 in mconvert()
CVEs
- CVE-2022-22719
- CVE-2022-22721
- CVE-2022-23943
- CVE-2022-26377
- CVE-2022-28614
- CVE-2022-28615
- CVE-2022-29404
- CVE-2022-30522
- CVE-2022-30556
- CVE-2022-31813
References
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index
Red Hat Enterprise Linux for x86_64 9
SRPM
httpd-2.4.53-7.el9.src.rpm
SHA-256: 992803c1c807db1fe2eb314e2cc8bb3cc709b0a4784389038628b0d7c1d3b532
x86_64
httpd-2.4.53-7.el9.x86_64.rpm
SHA-256: e84c935e36bbd6b8f21617c911a2963eac6acfddd2548a3aad4a7104d53c419f
httpd-core-2.4.53-7.el9.x86_64.rpm
SHA-256: 3c64d72f6efd22b903d5ffd351dc55bc74a529bf80815626a0897b89cc5fd9e0
httpd-core-debuginfo-2.4.53-7.el9.x86_64.rpm
SHA-256: 0c6ddec1d975706ab63a1e98be6bf501acaf197abd8a949ee97b747128fb4d31
httpd-debuginfo-2.4.53-7.el9.x86_64.rpm
SHA-256: fd44d744138d0f315e707a73c83751bcac94b39cafb62b8ef96ee29edbc89bb1
httpd-debugsource-2.4.53-7.el9.x86_64.rpm
SHA-256: 7615a1f7d55f41b99fd32e043034d01cba1b36472e014bbe2f09a3195dc52d46
httpd-devel-2.4.53-7.el9.x86_64.rpm
SHA-256: 57abfdb1a6e3002cd94ddc8b646ee579f41ed7a1c138bf305798baee1c5a2c8d
httpd-filesystem-2.4.53-7.el9.noarch.rpm
SHA-256: 2f8bb4f2188da2cd22eb065edbb826dc6ff28978f892f99ea727d658edac3d41
httpd-manual-2.4.53-7.el9.noarch.rpm
SHA-256: 7d7f2c6dac4e1a7de634b5bc4f6cdcb73b2eeb0b63397b5f6fbb19fe1f5a8fbb
httpd-tools-2.4.53-7.el9.x86_64.rpm
SHA-256: d00acd013ae2cd5c66b7dc04b271bc14ca5b0566ac16224530cdca8f6f809be5
httpd-tools-debuginfo-2.4.53-7.el9.x86_64.rpm
SHA-256: ad85643095f75f64cbaf3d780d24deb3defa2e5e2b6f7799cdc89e107499253f
mod_ldap-2.4.53-7.el9.x86_64.rpm
SHA-256: 56a9b191250b42dd14af966987da9496e21b72ba0ae880ffcbd6e20609d2741f
mod_ldap-debuginfo-2.4.53-7.el9.x86_64.rpm
SHA-256: 01ccd1c9e803146653ecad99aec027d7a34cd8d88cd62032d35f8006f9103b61
mod_lua-2.4.53-7.el9.x86_64.rpm
SHA-256: 5792dc5500c9704df1b50cadfccac971346690419a44984abaa4f26922a4b23e
mod_lua-debuginfo-2.4.53-7.el9.x86_64.rpm
SHA-256: ed1005a1c971401172e74a41104d9f2622d7f656d064653736f50eef8fab9c4b
mod_proxy_html-2.4.53-7.el9.x86_64.rpm
SHA-256: bc4ec4fc9b414fd514bfd542f36a8a9eb01f41bd4f03a5df5e13963acd071ce1
mod_proxy_html-debuginfo-2.4.53-7.el9.x86_64.rpm
SHA-256: 7a1bee29528cecd2cc2e5601f224fec76af0263be6068e0dcb77d0c90230c969
mod_session-2.4.53-7.el9.x86_64.rpm
SHA-256: 8f37e6efaff89d6384cc79f44f28d1f997f17b4a81937001b74527a7bb1b10bc
mod_session-debuginfo-2.4.53-7.el9.x86_64.rpm
SHA-256: c89140b5a0802ae7549d5a0c41ad9c898bfac16ada9c71b39e80255655bb1dda
mod_ssl-2.4.53-7.el9.x86_64.rpm
SHA-256: 3f0f92df257d00f4b86e52cf27fe8c3a3949bf9de68c0878dc84fe22093c2e67
mod_ssl-debuginfo-2.4.53-7.el9.x86_64.rpm
SHA-256: ad25004576797b306f3402a50ed1badc5b9dd2fcffd70309844d5b0654b29500
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
httpd-2.4.53-7.el9.src.rpm
SHA-256: 992803c1c807db1fe2eb314e2cc8bb3cc709b0a4784389038628b0d7c1d3b532
s390x
httpd-2.4.53-7.el9.s390x.rpm
SHA-256: 99a97f802f04315f80ba1e3bee38078cf1cebbdff8eb2fc9e044e20ac765e02f
httpd-core-2.4.53-7.el9.s390x.rpm
SHA-256: a1cc2284214a73fa8dc29cfed3693dd4267b334eedcbfa17c979220fc300eb77
httpd-core-debuginfo-2.4.53-7.el9.s390x.rpm
SHA-256: cbdf723c4881204670f20bfba131f40bacbeb3f3307d3849d7fe3c1a8486a398
httpd-debuginfo-2.4.53-7.el9.s390x.rpm
SHA-256: 54d37d54830380ad54738c8e7e60baba399b4ed44060ba9db3d958a5bad6579e
httpd-debugsource-2.4.53-7.el9.s390x.rpm
SHA-256: f92fd74eaf2c8b000ec19bb11585d2d624e08bad0a08f5ac0dccfb4439684f10
httpd-devel-2.4.53-7.el9.s390x.rpm
SHA-256: 3d760a727846aacea6cba7918d6b5f8a15e6e6f27ef4b0e4b984a0a1a6e78851
httpd-filesystem-2.4.53-7.el9.noarch.rpm
SHA-256: 2f8bb4f2188da2cd22eb065edbb826dc6ff28978f892f99ea727d658edac3d41
httpd-manual-2.4.53-7.el9.noarch.rpm
SHA-256: 7d7f2c6dac4e1a7de634b5bc4f6cdcb73b2eeb0b63397b5f6fbb19fe1f5a8fbb
httpd-tools-2.4.53-7.el9.s390x.rpm
SHA-256: e55252117f3d4d66f1306bf65c4741bebc721f0a7ba0a9ef7b9a0ec8df543e1d
httpd-tools-debuginfo-2.4.53-7.el9.s390x.rpm
SHA-256: 69f394d8ee32095b127c469964355685c423bcc8d8f42118faaa4492ae92e8e2
mod_ldap-2.4.53-7.el9.s390x.rpm
SHA-256: fb029628d24db64f876b7f60bc290a90f710a0c621ceb9a58d907cc7a1fb0c88
mod_ldap-debuginfo-2.4.53-7.el9.s390x.rpm
SHA-256: 0859b8afe537b33246f1121e1ed102b851fb996123a15315cf2dcc6a0a11fc8b
mod_lua-2.4.53-7.el9.s390x.rpm
SHA-256: 7f11f967e4f9cf1a2fcefde00a832fdc5a6d84166492618895ca6468b280e84c
mod_lua-debuginfo-2.4.53-7.el9.s390x.rpm
SHA-256: ef67376d25aaf746f9b5da6c68de0a80f395d645fe882f03fbd83ea46c4705b8
mod_proxy_html-2.4.53-7.el9.s390x.rpm
SHA-256: c85874a58da84d7c856dad658caebde4a841261d383032d80239bc00d9a75f45
mod_proxy_html-debuginfo-2.4.53-7.el9.s390x.rpm
SHA-256: 689832cb3f3825faa93be12f89b93a934a71a75985b18d91fb956735680f063d
mod_session-2.4.53-7.el9.s390x.rpm
SHA-256: 91e0b195a6da1bfe58529fc77844ebafa2b9fa949bc51b1ecabf3044a6ada07e
mod_session-debuginfo-2.4.53-7.el9.s390x.rpm
SHA-256: 984bbd13503513a40e5b81a31f679aeffcc0bfbde848c057079ef7b8fbd6795d
mod_ssl-2.4.53-7.el9.s390x.rpm
SHA-256: 4c453158bafadf8ae324ae7cc6142535a6aedcc2f1727f4567ebf736bc902bda
mod_ssl-debuginfo-2.4.53-7.el9.s390x.rpm
SHA-256: 45fbbfe8b69c9e67c2858ee790759b185fc43f0b2c81f05148bea6f30a2a9a7e
Red Hat Enterprise Linux for Power, little endian 9
SRPM
httpd-2.4.53-7.el9.src.rpm
SHA-256: 992803c1c807db1fe2eb314e2cc8bb3cc709b0a4784389038628b0d7c1d3b532
ppc64le
httpd-2.4.53-7.el9.ppc64le.rpm
SHA-256: 10e9f1c0a5af6c2d1b22515c2ac0722a770d4c550626a32a6a2ebecd6b33b573
httpd-core-2.4.53-7.el9.ppc64le.rpm
SHA-256: f535037a08dc66e6056d8220690abc5de3d28d03b446056081301053b0e9b864
httpd-core-debuginfo-2.4.53-7.el9.ppc64le.rpm
SHA-256: bd4a2550431ec1c93fe737f1a90bd76a0a12bcbc79bc4cde3814d63986d21987
httpd-debuginfo-2.4.53-7.el9.ppc64le.rpm
SHA-256: 584ad84f2b7c263bc8aa115f3aa1a1b3f6379f456a3ffdf1bc9da1faedca9ab3
httpd-debugsource-2.4.53-7.el9.ppc64le.rpm
SHA-256: 9f45f33113445b688c82234a874ab40b424c713c28e167e8015309fe488e0e34
httpd-devel-2.4.53-7.el9.ppc64le.rpm
SHA-256: d3512ff6ebdf897bab40c373fb393ff58f37f483f3bc464d08c0c70001754c19
httpd-filesystem-2.4.53-7.el9.noarch.rpm
SHA-256: 2f8bb4f2188da2cd22eb065edbb826dc6ff28978f892f99ea727d658edac3d41
httpd-manual-2.4.53-7.el9.noarch.rpm
SHA-256: 7d7f2c6dac4e1a7de634b5bc4f6cdcb73b2eeb0b63397b5f6fbb19fe1f5a8fbb
httpd-tools-2.4.53-7.el9.ppc64le.rpm
SHA-256: 02a3b5560d0daf2bf3bd1b6a483d1d3f6b3e4e0da587cdf6c6af756c58f7018c
httpd-tools-debuginfo-2.4.53-7.el9.ppc64le.rpm
SHA-256: 3149c43f869de7312b7f2ffa427358b4b2f15d757bc972884a6c7d447481e753
mod_ldap-2.4.53-7.el9.ppc64le.rpm
SHA-256: 338c5eb7904424a3cc4fc6eea01d524e4eb9b4682f9f271105ba0b04df2ad298
mod_ldap-debuginfo-2.4.53-7.el9.ppc64le.rpm
SHA-256: c1c4881062f891e0ed44b9ef14f6bdb4ac6605f1f43b6371ef5efcd26f74d6ee
mod_lua-2.4.53-7.el9.ppc64le.rpm
SHA-256: 11c003e95151f9e2fb82ef01d7d3c9f6b07129e4a4b548f0f163d70860977d36
mod_lua-debuginfo-2.4.53-7.el9.ppc64le.rpm
SHA-256: afe9b0e784cfeb6d8a9daf051ee320c9508e7122dccd4e8426d23adc932abc47
mod_proxy_html-2.4.53-7.el9.ppc64le.rpm
SHA-256: 29ddea747ebe3bd50baecb2cfe2c3092bd3075c2ed5eef54c2cbc840519e2225
mod_proxy_html-debuginfo-2.4.53-7.el9.ppc64le.rpm
SHA-256: c8ee216065d00c722e10121bf7f7139e5a78ed970b3b54447f2ad7bdc6be6e52
mod_session-2.4.53-7.el9.ppc64le.rpm
SHA-256: 45425fe5d1a0f78e4207a8f3bdee1bb9f18c1469d0af9f3768f0e12df20c7677
mod_session-debuginfo-2.4.53-7.el9.ppc64le.rpm
SHA-256: ad4718447107f06736f352ecc15cfcb6dc73e4c7cc1e2e5829e6fd50fd0b112f
mod_ssl-2.4.53-7.el9.ppc64le.rpm
SHA-256: 08b1eb3fa94a98ab5abeea6e761c7547bcf4e7e65d41f9ed53c9f68e265106e9
mod_ssl-debuginfo-2.4.53-7.el9.ppc64le.rpm
SHA-256: 0cd94540d4ba6aa418d4ba3f38bcccfac8fe5b5bddb74d6ed728219123813f65
Red Hat Enterprise Linux for ARM 64 9
SRPM
httpd-2.4.53-7.el9.src.rpm
SHA-256: 992803c1c807db1fe2eb314e2cc8bb3cc709b0a4784389038628b0d7c1d3b532
aarch64
httpd-2.4.53-7.el9.aarch64.rpm
SHA-256: 4a6865528856754c7eacadcc88f3e43e0bc570f68b70ba19febf11fbf9285fc6
httpd-core-2.4.53-7.el9.aarch64.rpm
SHA-256: a747f3cbea0da05d0ab254a628cb335a3d4960f107207dad9904d9f119c88782
httpd-core-debuginfo-2.4.53-7.el9.aarch64.rpm
SHA-256: 5e4aa8a08ea7bb69d990284b2d18c2cc6da30001b3ce89c8d68d5934e6cb32d5
httpd-debuginfo-2.4.53-7.el9.aarch64.rpm
SHA-256: 3484ea3f29141be2fdc38053ecad0a74de18d6fc53c9aba1912518a46eb51299
httpd-debugsource-2.4.53-7.el9.aarch64.rpm
SHA-256: 9d76dd0e648e6ca49dfa18d62e6e14a6bb52589dd25ad356cc9897c8a6d11762
httpd-devel-2.4.53-7.el9.aarch64.rpm
SHA-256: 20d800ba70877267be4428d9f7e9381a28501f4bb3b1be63ca0f9eed177c19f7
httpd-filesystem-2.4.53-7.el9.noarch.rpm
SHA-256: 2f8bb4f2188da2cd22eb065edbb826dc6ff28978f892f99ea727d658edac3d41
httpd-manual-2.4.53-7.el9.noarch.rpm
SHA-256: 7d7f2c6dac4e1a7de634b5bc4f6cdcb73b2eeb0b63397b5f6fbb19fe1f5a8fbb
httpd-tools-2.4.53-7.el9.aarch64.rpm
SHA-256: c58f4482db5e90aa0ce8ef83f77ec835749497a2b57b84d4a55d5fc5b67c0de5
httpd-tools-debuginfo-2.4.53-7.el9.aarch64.rpm
SHA-256: 24ff8a840612a039aa6869dc3806fa3658529bd1b93c5f66cf1b420d804cf362
mod_ldap-2.4.53-7.el9.aarch64.rpm
SHA-256: cbe6741d65082f6ceab4e213ad2fb11eacb9c55a782c832c2bb06b206c494058
mod_ldap-debuginfo-2.4.53-7.el9.aarch64.rpm
SHA-256: 2bf47016be2f2ba4686976564f01a5483a22b646ad48d13bbc56c504e1e33e1c
mod_lua-2.4.53-7.el9.aarch64.rpm
SHA-256: c5691058fa673016ee419751da66c048afed33505c270b549645e2c86d1d7955
mod_lua-debuginfo-2.4.53-7.el9.aarch64.rpm
SHA-256: aafecbe1e3bf0c9264e1b09f67a621a4cfc6cfcd4d9a7c30aa65df6e4f6f8ab1
mod_proxy_html-2.4.53-7.el9.aarch64.rpm
SHA-256: c85253f4bb93f71c33a24adf27dd7d65bb13a92b438a258d26f756e66c872a82
mod_proxy_html-debuginfo-2.4.53-7.el9.aarch64.rpm
SHA-256: 3dec07c1d00c1fa6d23e12236618aaa62f739efe8ceef8c4bc8e33868d4c7a86
mod_session-2.4.53-7.el9.aarch64.rpm
SHA-256: 0b7f3dc924498a3ee44134212773611ec00aae51d6db6c0c5b72400901a4b5c5
mod_session-debuginfo-2.4.53-7.el9.aarch64.rpm
SHA-256: 587a4e4f11982c8f6e8077a7ddc0f682617e49dcea9eab476564433caa5805cf
mod_ssl-2.4.53-7.el9.aarch64.rpm
SHA-256: 046204b082d7deff2fe0f60d0bf49f49edac969f6ac72473ace3b71d0cfe6de0
mod_ssl-debuginfo-2.4.53-7.el9.aarch64.rpm
SHA-256: 5a3f4b5f52f5e53ed0e0c246f8ea15fb2c76529e321e6d75fbdcfc2ee2bd5bae
Related news
Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server.
An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component.
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
Dell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled resource consumption vulnerability. A malicious network user with low privileges could potentially exploit this vulnerability in SMB, leading to a potential denial of service.
IBM Aspera Faspex 4.4.1 could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.
Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
Red Hat Security Advisory 2022-8840-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include buffer overflow, bypass, code execution, denial of service, double free, and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-8841-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include buffer over-read, buffer overflow, bypass, code execution, denial of service, double free, integer overflow, out of bounds read, and use-after-free vulnerabilities.
An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1292: openssl: c_rehash script allows command injection * CVE-2022-2068: openssl: the c_rehash script allows command injection * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-2...
An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1292: openssl: c_rehash script allows command injection * CVE-2022-2068: openssl: the c_rehash script allows command injection * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-20...
Red Hat Security Advisory 2022-8067-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include buffer overflow, denial of service, information leakage, and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-7647-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include buffer overflow, denial of service, information leakage, and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-7647-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include buffer overflow, denial of service, information leakage, and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-7647-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include buffer overflow, denial of service, information leakage, and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-7647-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include buffer overflow, denial of service, information leakage, and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-7647-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include buffer overflow, denial of service, information leakage, and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-7647-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include buffer overflow, denial of service, information leakage, and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-7647-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include buffer overflow, denial of service, information leakage, and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-7647-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include buffer overflow, denial of service, information leakage, and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-7647-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include buffer overflow, denial of service, information leakage, and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-7647-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include buffer overflow, denial of service, information leakage, and out of bounds read vulnerabilities.
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22719: httpd: mod_lua: Use of uninitialized value of in r:parsebody * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-2022-28614: httpd: Out-of-bounds read...
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22719: httpd: mod_lua: Use of uninitialized value of in r:parsebody * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-2022-28614: httpd: Out-of-bounds read...
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22719: httpd: mod_lua: Use of uninitialized value of in r:parsebody * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-2022-28614: httpd: Out-of-bounds read...
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22719: httpd: mod_lua: Use of uninitialized value of in r:parsebody * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-2022-28614: httpd: Out-of-bounds read...
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22719: httpd: mod_lua: Use of uninitialized value of in r:parsebody * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-2022-28614: httpd: Out-of-bounds read...
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22719: httpd: mod_lua: Use of uninitialized value of in r:parsebody * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-2022-28614: httpd: Out-of-bounds read...
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22719: httpd: mod_lua: Use of uninitialized value of in r:parsebody * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-2022-28614: httpd: Out-of-bounds read...
baramundi Management Agent (bMA) in baramundi Management Suite (bMS) 2021 R1 and R2 and 2022 R1 allows remote code execution. This is fixed in 2022 R2.
baramundi Management Agent (bMA) in baramundi Management Suite (bMS) 2021 R1 and R2 and 2022 R1 allows remote code execution. This is fixed in 2022 R2.
baramundi Management Agent (bMA) in baramundi Management Suite (bMS) 2021 R1 and R2 and 2022 R1 allows remote code execution. This is fixed in 2022 R2.
baramundi Management Agent (bMA) in baramundi Management Suite (bMS) 2021 R1 and R2 and 2022 R1 allows remote code execution. This is fixed in 2022 R2.
baramundi Management Agent (bMA) in baramundi Management Suite (bMS) 2021 R1 and R2 and 2022 R1 allows remote code execution. This is fixed in 2022 R2.
baramundi Management Agent (bMA) in baramundi Management Suite (bMS) 2021 R1 and R2 and 2022 R1 allows remote code execution. This is fixed in 2022 R2.
baramundi Management Agent (bMA) in baramundi Management Suite (bMS) 2021 R1 and R2 and 2022 R1 allows remote code execution. This is fixed in 2022 R2.
Red Hat Security Advisory 2022-6753-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include buffer overflow, denial of service, information leakage, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities.
Red Hat Security Advisory 2022-6753-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include buffer overflow, denial of service, information leakage, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities.
Red Hat Security Advisory 2022-6753-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include buffer overflow, denial of service, information leakage, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities.
Red Hat Security Advisory 2022-6753-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include buffer overflow, denial of service, information leakage, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities.
Red Hat Security Advisory 2022-6753-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include buffer overflow, denial of service, information leakage, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities.
Red Hat Security Advisory 2022-6753-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include buffer overflow, denial of service, information leakage, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities.
Red Hat Security Advisory 2022-6753-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include buffer overflow, denial of service, information leakage, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities.
Red Hat Security Advisory 2022-6753-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include buffer overflow, denial of service, information leakage, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities.
An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-33193: httpd: Request splitting via HTTP/2 method injection and mod_proxy * CVE-2021-34798: httpd: NULL pointer dereference via malformed requests * CVE-2021-36160: httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path * CVE-2021-39275: httpd: Out-of-bounds write in ap_escape_quotes() via malicious input * CVE-2021-44224: htt...
An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-33193: httpd: Request splitting via HTTP/2 method injection and mod_proxy * CVE-2021-34798: httpd: NULL pointer dereference via malformed requests * CVE-2021-36160: httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path * CVE-2021-39275: httpd: Out-of-bounds write in ap_escape_quotes() via malicious input * CVE-2021-44224: htt...
An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-33193: httpd: Request splitting via HTTP/2 method injection and mod_proxy * CVE-2021-34798: httpd: NULL pointer dereference via malformed requests * CVE-2021-36160: httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path * CVE-2021-39275: httpd: Out-of-bounds write in ap_escape_quotes() via malicious input * CVE-2021-44224: htt...
An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-33193: httpd: Request splitting via HTTP/2 method injection and mod_proxy * CVE-2021-34798: httpd: NULL pointer dereference via malformed requests * CVE-2021-36160: httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path * CVE-2021-39275: httpd: Out-of-bounds write in ap_escape_quotes() via malicious input * CVE-2021-44224: htt...
An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-33193: httpd: Request splitting via HTTP/2 method injection and mod_proxy * CVE-2021-34798: httpd: NULL pointer dereference via malformed requests * CVE-2021-36160: httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path * CVE-2021-39275: httpd: Out-of-bounds write in ap_escape_quotes() via malicious input * CVE-2021-44224: htt...
An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-33193: httpd: Request splitting via HTTP/2 method injection and mod_proxy * CVE-2021-34798: httpd: NULL pointer dereference via malformed requests * CVE-2021-36160: httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path * CVE-2021-39275: httpd: Out-of-bounds write in ap_escape_quotes() via malicious input * CVE-2021-44224: htt...
An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-33193: httpd: Request splitting via HTTP/2 method injection and mod_proxy * CVE-2021-34798: httpd: NULL pointer dereference via malformed requests * CVE-2021-36160: httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path * CVE-2021-39275: httpd: Out-of-bounds write in ap_escape_quotes() via malicious input * CVE-2021-44224: htt...
An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-33193: httpd: Request splitting via HTTP/2 method injection and mod_proxy * CVE-2021-34798: httpd: NULL pointer dereference via malformed requests * CVE-2021-36160: httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path * CVE-2021-39275: httpd: Out-of-bounds write in ap_escape_quotes() via malicious input * CVE-2021-44224: htt...
Gentoo Linux Security Advisory 202208-20 - Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Versions less than 2.4.54 are affected.
Gentoo Linux Security Advisory 202208-20 - Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Versions less than 2.4.54 are affected.
Gentoo Linux Security Advisory 202208-20 - Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Versions less than 2.4.54 are affected.
Gentoo Linux Security Advisory 202208-20 - Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Versions less than 2.4.54 are affected.
Gentoo Linux Security Advisory 202208-20 - Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Versions less than 2.4.54 are affected.
Gentoo Linux Security Advisory 202208-20 - Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Versions less than 2.4.54 are affected.
Gentoo Linux Security Advisory 202208-20 - Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Versions less than 2.4.54 are affected.
Gentoo Linux Security Advisory 202208-20 - Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Versions less than 2.4.54 are affected.
Gentoo Linux Security Advisory 202208-20 - Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Versions less than 2.4.54 are affected.
Gentoo Linux Security Advisory 202208-20 - Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Versions less than 2.4.54 are affected.
Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264.
Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264.
Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264.
Ubuntu Security Notice 5487-3 - USN-5487-1 fixed several vulnerabilities in Apache HTTP Server. Unfortunately it caused regressions. USN-5487-2 reverted the patches that caused the regression in Ubuntu 14.04 ESM for further investigation. This update re-adds the security fixes for Ubuntu 14.04 ESM and fixes two different regressions: one affecting mod_proxy only in Ubuntu 14.04 ESM and another in mod_sed affecting also Ubuntu 16.04 ESM and Ubuntu 18.04 LTS.
Ubuntu Security Notice 5487-3 - USN-5487-1 fixed several vulnerabilities in Apache HTTP Server. Unfortunately it caused regressions. USN-5487-2 reverted the patches that caused the regression in Ubuntu 14.04 ESM for further investigation. This update re-adds the security fixes for Ubuntu 14.04 ESM and fixes two different regressions: one affecting mod_proxy only in Ubuntu 14.04 ESM and another in mod_sed affecting also Ubuntu 16.04 ESM and Ubuntu 18.04 LTS.
Ubuntu Security Notice 5487-3 - USN-5487-1 fixed several vulnerabilities in Apache HTTP Server. Unfortunately it caused regressions. USN-5487-2 reverted the patches that caused the regression in Ubuntu 14.04 ESM for further investigation. This update re-adds the security fixes for Ubuntu 14.04 ESM and fixes two different regressions: one affecting mod_proxy only in Ubuntu 14.04 ESM and another in mod_sed affecting also Ubuntu 16.04 ESM and Ubuntu 18.04 LTS.
Ubuntu Security Notice 5487-3 - USN-5487-1 fixed several vulnerabilities in Apache HTTP Server. Unfortunately it caused regressions. USN-5487-2 reverted the patches that caused the regression in Ubuntu 14.04 ESM for further investigation. This update re-adds the security fixes for Ubuntu 14.04 ESM and fixes two different regressions: one affecting mod_proxy only in Ubuntu 14.04 ESM and another in mod_sed affecting also Ubuntu 16.04 ESM and Ubuntu 18.04 LTS.
Ubuntu Security Notice 5487-2 - USN-5487-1 fixed a vulnerabilities in Apache. Unfortunately, that update introduced a regression when proxying balancer manager connections in some configurations on Ubuntu 14.04 ESM. This update reverts those changes till further fix. It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash or expose sensitive information. Multiple other issues were also originally addressed.
Ubuntu Security Notice 5487-2 - USN-5487-1 fixed a vulnerabilities in Apache. Unfortunately, that update introduced a regression when proxying balancer manager connections in some configurations on Ubuntu 14.04 ESM. This update reverts those changes till further fix. It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash or expose sensitive information. Multiple other issues were also originally addressed.
Ubuntu Security Notice 5487-2 - USN-5487-1 fixed a vulnerabilities in Apache. Unfortunately, that update introduced a regression when proxying balancer manager connections in some configurations on Ubuntu 14.04 ESM. This update reverts those changes till further fix. It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash or expose sensitive information. Multiple other issues were also originally addressed.
Ubuntu Security Notice 5487-2 - USN-5487-1 fixed a vulnerabilities in Apache. Unfortunately, that update introduced a regression when proxying balancer manager connections in some configurations on Ubuntu 14.04 ESM. This update reverts those changes till further fix. It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash or expose sensitive information. Multiple other issues were also originally addressed.
Ubuntu Security Notice 5487-2 - USN-5487-1 fixed a vulnerabilities in Apache. Unfortunately, that update introduced a regression when proxying balancer manager connections in some configurations on Ubuntu 14.04 ESM. This update reverts those changes till further fix. It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash or expose sensitive information. Multiple other issues were also originally addressed.
Ubuntu Security Notice 5487-2 - USN-5487-1 fixed a vulnerabilities in Apache. Unfortunately, that update introduced a regression when proxying balancer manager connections in some configurations on Ubuntu 14.04 ESM. This update reverts those changes till further fix. It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash or expose sensitive information. Multiple other issues were also originally addressed.
Ubuntu Security Notice 5487-2 - USN-5487-1 fixed a vulnerabilities in Apache. Unfortunately, that update introduced a regression when proxying balancer manager connections in some configurations on Ubuntu 14.04 ESM. This update reverts those changes till further fix. It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash or expose sensitive information. Multiple other issues were also originally addressed.
Ubuntu Security Notice 5487-1 - It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash or expose sensitive information.
Ubuntu Security Notice 5487-1 - It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash or expose sensitive information.
Ubuntu Security Notice 5487-1 - It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash or expose sensitive information.
Ubuntu Security Notice 5487-1 - It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash or expose sensitive information.
Ubuntu Security Notice 5487-1 - It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash or expose sensitive information.
Ubuntu Security Notice 5487-1 - It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash or expose sensitive information.
Ubuntu Security Notice 5487-1 - It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash or expose sensitive information.
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.
Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function.
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.
Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.
Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.
Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.
Apple Security Advisory 2022-05-16-4 - Security Update 2022-004 Catalina addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-4 - Security Update 2022-004 Catalina addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-3 - macOS Big Sur 11.6.6 addresses bypass, code execution, denial of service, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-3 - macOS Big Sur 11.6.6 addresses bypass, code execution, denial of service, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-2 - macOS Monterey 12.4 addresses buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-2 - macOS Monterey 12.4 addresses buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.