Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:1672: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution.
Red Hat Security Data
#vulnerability#web#linux#red_hat#apache#ldap#sap#ssl

Synopsis

Important: httpd:2.4 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

  • httpd: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon will be restarted automatically.

Affected Products

  • Red Hat Enterprise Linux Server - AUS 8.2 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.2 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64

Fixes

  • BZ - 2176209 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy

Red Hat Enterprise Linux Server - AUS 8.2

SRPM

httpd-2.4.37-21.module+el8.2.0+18510+68528e70.6.src.rpm

SHA-256: ccd41894b5685a78f3f4ef48a0322006274c04ff1298ab8def2f4b800390e625

mod_http2-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.src.rpm

SHA-256: c3a323b2a04f7cfb942e765fb5d97d8d5599ba9cf0c78359b88a09396cc04412

mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.src.rpm

SHA-256: ac0b05f049712493b3fcf948e094b58b87ba5687c6efca902e0fa352ca2c184d

x86_64

httpd-filesystem-2.4.37-21.module+el8.2.0+18510+68528e70.6.noarch.rpm

SHA-256: b2caa215a4f8bcd23f17632470e5f06b525bd312ff59728f35aa4c49e51b5aee

httpd-manual-2.4.37-21.module+el8.2.0+18510+68528e70.6.noarch.rpm

SHA-256: 37153dee332fdf4bf68a7439603732c2a34574bb1c4fb8917f2e3ad284c64f13

httpd-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: 10cebf614e03d147fac81effb30531fa1ed5480b50f69b33802dea34728365e2

httpd-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: b5cdeaf0a111de8eb86d27336738e1d235cab2a3ede6fea2dae2bc4eb5a0d691

httpd-debugsource-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: 8b02fa8f55dd8f0e62e4fce01a4ff1e6d8e29e54aa0c05de79047328af3b19d1

httpd-devel-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: 3c5241c3d6148c162bd0993664f57ed96a934a031e5fe3a1c8b28827a5f14e23

httpd-tools-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: 11e3aa89d7989c70dda16a06220b06123bc0e03b300f7d33d83847388a4e33d6

httpd-tools-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: 8879d3c1764c9b855850317856dd6b7529edeff4a2625fe230700c24ec2ed46a

mod_http2-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.x86_64.rpm

SHA-256: ea62a0736052ebb375bcd2fe8e0faa4beb03df60a45abc3adff00130bc9bbbed

mod_http2-debuginfo-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.x86_64.rpm

SHA-256: f826dadc55a1c2b5b72a10583077b33e0c55da23a46f814d17e4def1d0b7aa45

mod_http2-debugsource-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.x86_64.rpm

SHA-256: 4b72e6deda0ee70378772f9814e288e0628a24425324e314b5c8f19692700658

mod_ldap-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: ee56f043532913ef95db22dae527f12624c2f7051a5ae3eedc494322ff469937

mod_ldap-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: c85b654d33eedde608159485f9665fc9883f095f96a35fa7732f9a8ccad44478

mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.x86_64.rpm

SHA-256: 488993a0340198b852a125e8857c25595e6bf0f334b47d2a77613ee8a7fb6d37

mod_md-debuginfo-2.0.8-7.module+el8.2.0+5531+7e4d69a2.x86_64.rpm

SHA-256: b8773d35478dc2149b1098d646e59184ad4e00e17e37972c860858ee5639c1a1

mod_md-debugsource-2.0.8-7.module+el8.2.0+5531+7e4d69a2.x86_64.rpm

SHA-256: 0ff0f0e08de22afce2c2e7cb80ef1ea73925ee27d1c5ff86d45d5669e913826e

mod_proxy_html-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: 622a19aa503b2fa2735b78ab7ef681c7977b05ecade2f2536809970159daf539

mod_proxy_html-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: aff6dcb37e92e5d849c9f24e7b45dc3a06be103736b954b3a74b876d8d9075b1

mod_session-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: 4607715a44be79c8703ed4a4c9beb476f9d8de7b0146ea612b0323b27b234923

mod_session-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: 6bd2cac5243d38c4de26b0e9623712d712a6797618c4b312d54e0703159adcb1

mod_ssl-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: 126c6c19865ae838d76770dc00e5f05247cbe99a2a6ac94ce484286ca13b3b26

mod_ssl-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: 74761cc8ef311b08ea57db3cbfb75f258012847fcc51a425875f6b4836bac469

Red Hat Enterprise Linux Server - TUS 8.2

SRPM

httpd-2.4.37-21.module+el8.2.0+18510+68528e70.6.src.rpm

SHA-256: ccd41894b5685a78f3f4ef48a0322006274c04ff1298ab8def2f4b800390e625

mod_http2-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.src.rpm

SHA-256: c3a323b2a04f7cfb942e765fb5d97d8d5599ba9cf0c78359b88a09396cc04412

mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.src.rpm

SHA-256: ac0b05f049712493b3fcf948e094b58b87ba5687c6efca902e0fa352ca2c184d

x86_64

httpd-filesystem-2.4.37-21.module+el8.2.0+18510+68528e70.6.noarch.rpm

SHA-256: b2caa215a4f8bcd23f17632470e5f06b525bd312ff59728f35aa4c49e51b5aee

httpd-manual-2.4.37-21.module+el8.2.0+18510+68528e70.6.noarch.rpm

SHA-256: 37153dee332fdf4bf68a7439603732c2a34574bb1c4fb8917f2e3ad284c64f13

httpd-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: 10cebf614e03d147fac81effb30531fa1ed5480b50f69b33802dea34728365e2

httpd-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: b5cdeaf0a111de8eb86d27336738e1d235cab2a3ede6fea2dae2bc4eb5a0d691

httpd-debugsource-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: 8b02fa8f55dd8f0e62e4fce01a4ff1e6d8e29e54aa0c05de79047328af3b19d1

httpd-devel-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: 3c5241c3d6148c162bd0993664f57ed96a934a031e5fe3a1c8b28827a5f14e23

httpd-tools-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: 11e3aa89d7989c70dda16a06220b06123bc0e03b300f7d33d83847388a4e33d6

httpd-tools-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: 8879d3c1764c9b855850317856dd6b7529edeff4a2625fe230700c24ec2ed46a

mod_http2-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.x86_64.rpm

SHA-256: ea62a0736052ebb375bcd2fe8e0faa4beb03df60a45abc3adff00130bc9bbbed

mod_http2-debuginfo-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.x86_64.rpm

SHA-256: f826dadc55a1c2b5b72a10583077b33e0c55da23a46f814d17e4def1d0b7aa45

mod_http2-debugsource-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.x86_64.rpm

SHA-256: 4b72e6deda0ee70378772f9814e288e0628a24425324e314b5c8f19692700658

mod_ldap-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: ee56f043532913ef95db22dae527f12624c2f7051a5ae3eedc494322ff469937

mod_ldap-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: c85b654d33eedde608159485f9665fc9883f095f96a35fa7732f9a8ccad44478

mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.x86_64.rpm

SHA-256: 488993a0340198b852a125e8857c25595e6bf0f334b47d2a77613ee8a7fb6d37

mod_md-debuginfo-2.0.8-7.module+el8.2.0+5531+7e4d69a2.x86_64.rpm

SHA-256: b8773d35478dc2149b1098d646e59184ad4e00e17e37972c860858ee5639c1a1

mod_md-debugsource-2.0.8-7.module+el8.2.0+5531+7e4d69a2.x86_64.rpm

SHA-256: 0ff0f0e08de22afce2c2e7cb80ef1ea73925ee27d1c5ff86d45d5669e913826e

mod_proxy_html-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: 622a19aa503b2fa2735b78ab7ef681c7977b05ecade2f2536809970159daf539

mod_proxy_html-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: aff6dcb37e92e5d849c9f24e7b45dc3a06be103736b954b3a74b876d8d9075b1

mod_session-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: 4607715a44be79c8703ed4a4c9beb476f9d8de7b0146ea612b0323b27b234923

mod_session-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: 6bd2cac5243d38c4de26b0e9623712d712a6797618c4b312d54e0703159adcb1

mod_ssl-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: 126c6c19865ae838d76770dc00e5f05247cbe99a2a6ac94ce484286ca13b3b26

mod_ssl-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: 74761cc8ef311b08ea57db3cbfb75f258012847fcc51a425875f6b4836bac469

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2

SRPM

httpd-2.4.37-21.module+el8.2.0+18510+68528e70.6.src.rpm

SHA-256: ccd41894b5685a78f3f4ef48a0322006274c04ff1298ab8def2f4b800390e625

mod_http2-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.src.rpm

SHA-256: c3a323b2a04f7cfb942e765fb5d97d8d5599ba9cf0c78359b88a09396cc04412

mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.src.rpm

SHA-256: ac0b05f049712493b3fcf948e094b58b87ba5687c6efca902e0fa352ca2c184d

ppc64le

httpd-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm

SHA-256: 86a245299466439e445fb5e49ce2765bc8717c74f53b61d1cf79a654a430a100

httpd-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm

SHA-256: ca54febee5da7efa6e114a75582ffa5934f16982c0ea19ec3ce939df8b5e49fb

httpd-debugsource-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm

SHA-256: 1ee87e56eae355cf04da44869a05b2d30b4541ec4894a83420c16e25f2a9a711

httpd-devel-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm

SHA-256: 2b9f0f54f68cc97bc2ab66e389b280fb2155c2f851f64eb7dc7556200bd4cfc5

httpd-filesystem-2.4.37-21.module+el8.2.0+18510+68528e70.6.noarch.rpm

SHA-256: b2caa215a4f8bcd23f17632470e5f06b525bd312ff59728f35aa4c49e51b5aee

httpd-manual-2.4.37-21.module+el8.2.0+18510+68528e70.6.noarch.rpm

SHA-256: 37153dee332fdf4bf68a7439603732c2a34574bb1c4fb8917f2e3ad284c64f13

httpd-tools-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm

SHA-256: eb2eb0659f3af7eace6c38556d612af2c971c8fb7b63c1dae16c6a511a65e620

httpd-tools-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm

SHA-256: ad70083d21171f2e9e1051e799578c6562a6425f51fbdbb1a9ccb8d27c13f99d

mod_http2-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.ppc64le.rpm

SHA-256: d557a02470c91aaf77c8a3b206b0c2a2e11113bda251265655972df71c266d27

mod_http2-debuginfo-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.ppc64le.rpm

SHA-256: 689b911557178d5e9538dfb320a2f65fcf83e063c45b090856bbf0869dd71aa0

mod_http2-debugsource-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.ppc64le.rpm

SHA-256: 9d840980ff2a82c6a0a236630bf1e551d58b1251d973babf4dbf050d63f26424

mod_ldap-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm

SHA-256: 6dd065135dc3901959c3dc2a07915bd46b274413ef12efd68170be3d6283eef9

mod_ldap-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm

SHA-256: 60cae1c457a2ec06b6755b4eb3a1a8a54e495bb272c08c7e563f7313a6a61f8d

mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.ppc64le.rpm

SHA-256: 3cb4ae41a2e338eed38572a68768f867013b6eaa3bf545d340d84e5e265763ee

mod_md-debuginfo-2.0.8-7.module+el8.2.0+5531+7e4d69a2.ppc64le.rpm

SHA-256: 853738552cf5d147d82fc01afd03b816f68c40c0a02507514c5d3cc9c57448ec

mod_md-debugsource-2.0.8-7.module+el8.2.0+5531+7e4d69a2.ppc64le.rpm

SHA-256: 7f703b0c79eb4c46089c19f4543ec9d0806a0040995e6a2273474c33842e2f19

mod_proxy_html-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm

SHA-256: 46cf9b66074ffcb1b45964796e0c2751d91005104e790888bf4898677975670b

mod_proxy_html-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm

SHA-256: 4a9c31e1f2d1f866cf7c230fc08e5ec6f53ac1998707fa8be28e4b9783487afa

mod_session-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm

SHA-256: f5c156f69000fabdb6146797c0b7849f3fc034011f197658db5091451b07a865

mod_session-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm

SHA-256: 10b183488b2c70f8ecd849005c259041adf09aca59ce5cb8ce3b4befbeeb1b11

mod_ssl-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm

SHA-256: 85c98432a2e21365d8bc7ea9ba7bc9b231ff10fa5e1a83191a30a83061169f75

mod_ssl-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm

SHA-256: 945c07ee523d569575a4e5cbf751eb75c51d846491a3d506764e6e4cf9f7cdbd

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2

SRPM

httpd-2.4.37-21.module+el8.2.0+18510+68528e70.6.src.rpm

SHA-256: ccd41894b5685a78f3f4ef48a0322006274c04ff1298ab8def2f4b800390e625

mod_http2-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.src.rpm

SHA-256: c3a323b2a04f7cfb942e765fb5d97d8d5599ba9cf0c78359b88a09396cc04412

mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.src.rpm

SHA-256: ac0b05f049712493b3fcf948e094b58b87ba5687c6efca902e0fa352ca2c184d

x86_64

httpd-filesystem-2.4.37-21.module+el8.2.0+18510+68528e70.6.noarch.rpm

SHA-256: b2caa215a4f8bcd23f17632470e5f06b525bd312ff59728f35aa4c49e51b5aee

httpd-manual-2.4.37-21.module+el8.2.0+18510+68528e70.6.noarch.rpm

SHA-256: 37153dee332fdf4bf68a7439603732c2a34574bb1c4fb8917f2e3ad284c64f13

httpd-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: 10cebf614e03d147fac81effb30531fa1ed5480b50f69b33802dea34728365e2

httpd-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: b5cdeaf0a111de8eb86d27336738e1d235cab2a3ede6fea2dae2bc4eb5a0d691

httpd-debugsource-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: 8b02fa8f55dd8f0e62e4fce01a4ff1e6d8e29e54aa0c05de79047328af3b19d1

httpd-devel-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: 3c5241c3d6148c162bd0993664f57ed96a934a031e5fe3a1c8b28827a5f14e23

httpd-tools-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: 11e3aa89d7989c70dda16a06220b06123bc0e03b300f7d33d83847388a4e33d6

httpd-tools-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: 8879d3c1764c9b855850317856dd6b7529edeff4a2625fe230700c24ec2ed46a

mod_http2-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.x86_64.rpm

SHA-256: ea62a0736052ebb375bcd2fe8e0faa4beb03df60a45abc3adff00130bc9bbbed

mod_http2-debuginfo-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.x86_64.rpm

SHA-256: f826dadc55a1c2b5b72a10583077b33e0c55da23a46f814d17e4def1d0b7aa45

mod_http2-debugsource-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.x86_64.rpm

SHA-256: 4b72e6deda0ee70378772f9814e288e0628a24425324e314b5c8f19692700658

mod_ldap-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: ee56f043532913ef95db22dae527f12624c2f7051a5ae3eedc494322ff469937

mod_ldap-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: c85b654d33eedde608159485f9665fc9883f095f96a35fa7732f9a8ccad44478

mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.x86_64.rpm

SHA-256: 488993a0340198b852a125e8857c25595e6bf0f334b47d2a77613ee8a7fb6d37

mod_md-debuginfo-2.0.8-7.module+el8.2.0+5531+7e4d69a2.x86_64.rpm

SHA-256: b8773d35478dc2149b1098d646e59184ad4e00e17e37972c860858ee5639c1a1

mod_md-debugsource-2.0.8-7.module+el8.2.0+5531+7e4d69a2.x86_64.rpm

SHA-256: 0ff0f0e08de22afce2c2e7cb80ef1ea73925ee27d1c5ff86d45d5669e913826e

mod_proxy_html-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: 622a19aa503b2fa2735b78ab7ef681c7977b05ecade2f2536809970159daf539

mod_proxy_html-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: aff6dcb37e92e5d849c9f24e7b45dc3a06be103736b954b3a74b876d8d9075b1

mod_session-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: 4607715a44be79c8703ed4a4c9beb476f9d8de7b0146ea612b0323b27b234923

mod_session-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: 6bd2cac5243d38c4de26b0e9623712d712a6797618c4b312d54e0703159adcb1

mod_ssl-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: 126c6c19865ae838d76770dc00e5f05247cbe99a2a6ac94ce484286ca13b3b26

mod_ssl-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm

SHA-256: 74761cc8ef311b08ea57db3cbfb75f258012847fcc51a425875f6b4836bac469

Related news

CVE-2023-22130: Oracle Critical Patch Update Advisory - October 2023

Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVE-2023-22062: Oracle Critical Patch Update Advisory - July 2023

Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).

CVE-2023-26298: HP Device Manager Security Updates

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

RHSA-2023:3354: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 security update

An update is now available for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 on Red Hat Enterprise Linux versions 7 and 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-4304: A timing-based side channel exists in the Open...

CVE-2023-28043: DSA-2023-164: Dell Secure Connect Gateway Security Update for Multiple Vulnerabilities

Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.

RHSA-2023:3292: Red Hat Security Advisory: httpd24-httpd security update

An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-suppli...

Red Hat Security Advisory 2023-1916-01

Red Hat Security Advisory 2023-1916-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

RHSA-2023:1916: Red Hat Security Advisory: httpd and mod_http2 security update

An update for httpd and mod_http2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches s...

CVE-2023-21954: Oracle Critical Patch Update Advisory - April 2023

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

Red Hat Security Advisory 2023-1670-01

Red Hat Security Advisory 2023-1670-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

RHSA-2023:1670: Red Hat Security Advisory: httpd and mod_http2 security update

An update for httpd and mod_http2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-su...

Red Hat Security Advisory 2023-1597-01

Red Hat Security Advisory 2023-1597-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Red Hat Security Advisory 2023-1547-01

Red Hat Security Advisory 2023-1547-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

RHSA-2023:1597: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches ...

RHSA-2023:1593: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request...

RHSA-2023:1596: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches ...

RHSA-2023:1547: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific patter...

Ubuntu Security Notice USN-5942-2

Ubuntu Security Notice 5942-2 - USN-5942-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding update for CVE-2023-25690 for Ubuntu 16.04 ESM. Lars Krapf discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain configurations. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.

Debian Security Advisory 5376-1

Debian Linux Security Advisory 5376-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service.

Ubuntu Security Notice USN-5942-1

Ubuntu Security Notice 5942-1 - Lars Krapf discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain configurations. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server mod_proxy_uwsgi module incorrectly handled certain special characters. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.