Headline
RHSA-2023:1672: Red Hat Security Advisory: httpd:2.4 security update
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution.
Synopsis
Important: httpd:2.4 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
- httpd: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
Affected Products
- Red Hat Enterprise Linux Server - AUS 8.2 x86_64
- Red Hat Enterprise Linux Server - TUS 8.2 x86_64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64
Fixes
- BZ - 2176209 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy
Red Hat Enterprise Linux Server - AUS 8.2
SRPM
httpd-2.4.37-21.module+el8.2.0+18510+68528e70.6.src.rpm
SHA-256: ccd41894b5685a78f3f4ef48a0322006274c04ff1298ab8def2f4b800390e625
mod_http2-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.src.rpm
SHA-256: c3a323b2a04f7cfb942e765fb5d97d8d5599ba9cf0c78359b88a09396cc04412
mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.src.rpm
SHA-256: ac0b05f049712493b3fcf948e094b58b87ba5687c6efca902e0fa352ca2c184d
x86_64
httpd-filesystem-2.4.37-21.module+el8.2.0+18510+68528e70.6.noarch.rpm
SHA-256: b2caa215a4f8bcd23f17632470e5f06b525bd312ff59728f35aa4c49e51b5aee
httpd-manual-2.4.37-21.module+el8.2.0+18510+68528e70.6.noarch.rpm
SHA-256: 37153dee332fdf4bf68a7439603732c2a34574bb1c4fb8917f2e3ad284c64f13
httpd-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: 10cebf614e03d147fac81effb30531fa1ed5480b50f69b33802dea34728365e2
httpd-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: b5cdeaf0a111de8eb86d27336738e1d235cab2a3ede6fea2dae2bc4eb5a0d691
httpd-debugsource-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: 8b02fa8f55dd8f0e62e4fce01a4ff1e6d8e29e54aa0c05de79047328af3b19d1
httpd-devel-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: 3c5241c3d6148c162bd0993664f57ed96a934a031e5fe3a1c8b28827a5f14e23
httpd-tools-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: 11e3aa89d7989c70dda16a06220b06123bc0e03b300f7d33d83847388a4e33d6
httpd-tools-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: 8879d3c1764c9b855850317856dd6b7529edeff4a2625fe230700c24ec2ed46a
mod_http2-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.x86_64.rpm
SHA-256: ea62a0736052ebb375bcd2fe8e0faa4beb03df60a45abc3adff00130bc9bbbed
mod_http2-debuginfo-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.x86_64.rpm
SHA-256: f826dadc55a1c2b5b72a10583077b33e0c55da23a46f814d17e4def1d0b7aa45
mod_http2-debugsource-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.x86_64.rpm
SHA-256: 4b72e6deda0ee70378772f9814e288e0628a24425324e314b5c8f19692700658
mod_ldap-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: ee56f043532913ef95db22dae527f12624c2f7051a5ae3eedc494322ff469937
mod_ldap-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: c85b654d33eedde608159485f9665fc9883f095f96a35fa7732f9a8ccad44478
mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.x86_64.rpm
SHA-256: 488993a0340198b852a125e8857c25595e6bf0f334b47d2a77613ee8a7fb6d37
mod_md-debuginfo-2.0.8-7.module+el8.2.0+5531+7e4d69a2.x86_64.rpm
SHA-256: b8773d35478dc2149b1098d646e59184ad4e00e17e37972c860858ee5639c1a1
mod_md-debugsource-2.0.8-7.module+el8.2.0+5531+7e4d69a2.x86_64.rpm
SHA-256: 0ff0f0e08de22afce2c2e7cb80ef1ea73925ee27d1c5ff86d45d5669e913826e
mod_proxy_html-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: 622a19aa503b2fa2735b78ab7ef681c7977b05ecade2f2536809970159daf539
mod_proxy_html-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: aff6dcb37e92e5d849c9f24e7b45dc3a06be103736b954b3a74b876d8d9075b1
mod_session-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: 4607715a44be79c8703ed4a4c9beb476f9d8de7b0146ea612b0323b27b234923
mod_session-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: 6bd2cac5243d38c4de26b0e9623712d712a6797618c4b312d54e0703159adcb1
mod_ssl-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: 126c6c19865ae838d76770dc00e5f05247cbe99a2a6ac94ce484286ca13b3b26
mod_ssl-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: 74761cc8ef311b08ea57db3cbfb75f258012847fcc51a425875f6b4836bac469
Red Hat Enterprise Linux Server - TUS 8.2
SRPM
httpd-2.4.37-21.module+el8.2.0+18510+68528e70.6.src.rpm
SHA-256: ccd41894b5685a78f3f4ef48a0322006274c04ff1298ab8def2f4b800390e625
mod_http2-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.src.rpm
SHA-256: c3a323b2a04f7cfb942e765fb5d97d8d5599ba9cf0c78359b88a09396cc04412
mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.src.rpm
SHA-256: ac0b05f049712493b3fcf948e094b58b87ba5687c6efca902e0fa352ca2c184d
x86_64
httpd-filesystem-2.4.37-21.module+el8.2.0+18510+68528e70.6.noarch.rpm
SHA-256: b2caa215a4f8bcd23f17632470e5f06b525bd312ff59728f35aa4c49e51b5aee
httpd-manual-2.4.37-21.module+el8.2.0+18510+68528e70.6.noarch.rpm
SHA-256: 37153dee332fdf4bf68a7439603732c2a34574bb1c4fb8917f2e3ad284c64f13
httpd-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: 10cebf614e03d147fac81effb30531fa1ed5480b50f69b33802dea34728365e2
httpd-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: b5cdeaf0a111de8eb86d27336738e1d235cab2a3ede6fea2dae2bc4eb5a0d691
httpd-debugsource-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: 8b02fa8f55dd8f0e62e4fce01a4ff1e6d8e29e54aa0c05de79047328af3b19d1
httpd-devel-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: 3c5241c3d6148c162bd0993664f57ed96a934a031e5fe3a1c8b28827a5f14e23
httpd-tools-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: 11e3aa89d7989c70dda16a06220b06123bc0e03b300f7d33d83847388a4e33d6
httpd-tools-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: 8879d3c1764c9b855850317856dd6b7529edeff4a2625fe230700c24ec2ed46a
mod_http2-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.x86_64.rpm
SHA-256: ea62a0736052ebb375bcd2fe8e0faa4beb03df60a45abc3adff00130bc9bbbed
mod_http2-debuginfo-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.x86_64.rpm
SHA-256: f826dadc55a1c2b5b72a10583077b33e0c55da23a46f814d17e4def1d0b7aa45
mod_http2-debugsource-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.x86_64.rpm
SHA-256: 4b72e6deda0ee70378772f9814e288e0628a24425324e314b5c8f19692700658
mod_ldap-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: ee56f043532913ef95db22dae527f12624c2f7051a5ae3eedc494322ff469937
mod_ldap-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: c85b654d33eedde608159485f9665fc9883f095f96a35fa7732f9a8ccad44478
mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.x86_64.rpm
SHA-256: 488993a0340198b852a125e8857c25595e6bf0f334b47d2a77613ee8a7fb6d37
mod_md-debuginfo-2.0.8-7.module+el8.2.0+5531+7e4d69a2.x86_64.rpm
SHA-256: b8773d35478dc2149b1098d646e59184ad4e00e17e37972c860858ee5639c1a1
mod_md-debugsource-2.0.8-7.module+el8.2.0+5531+7e4d69a2.x86_64.rpm
SHA-256: 0ff0f0e08de22afce2c2e7cb80ef1ea73925ee27d1c5ff86d45d5669e913826e
mod_proxy_html-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: 622a19aa503b2fa2735b78ab7ef681c7977b05ecade2f2536809970159daf539
mod_proxy_html-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: aff6dcb37e92e5d849c9f24e7b45dc3a06be103736b954b3a74b876d8d9075b1
mod_session-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: 4607715a44be79c8703ed4a4c9beb476f9d8de7b0146ea612b0323b27b234923
mod_session-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: 6bd2cac5243d38c4de26b0e9623712d712a6797618c4b312d54e0703159adcb1
mod_ssl-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: 126c6c19865ae838d76770dc00e5f05247cbe99a2a6ac94ce484286ca13b3b26
mod_ssl-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: 74761cc8ef311b08ea57db3cbfb75f258012847fcc51a425875f6b4836bac469
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2
SRPM
httpd-2.4.37-21.module+el8.2.0+18510+68528e70.6.src.rpm
SHA-256: ccd41894b5685a78f3f4ef48a0322006274c04ff1298ab8def2f4b800390e625
mod_http2-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.src.rpm
SHA-256: c3a323b2a04f7cfb942e765fb5d97d8d5599ba9cf0c78359b88a09396cc04412
mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.src.rpm
SHA-256: ac0b05f049712493b3fcf948e094b58b87ba5687c6efca902e0fa352ca2c184d
ppc64le
httpd-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm
SHA-256: 86a245299466439e445fb5e49ce2765bc8717c74f53b61d1cf79a654a430a100
httpd-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm
SHA-256: ca54febee5da7efa6e114a75582ffa5934f16982c0ea19ec3ce939df8b5e49fb
httpd-debugsource-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm
SHA-256: 1ee87e56eae355cf04da44869a05b2d30b4541ec4894a83420c16e25f2a9a711
httpd-devel-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm
SHA-256: 2b9f0f54f68cc97bc2ab66e389b280fb2155c2f851f64eb7dc7556200bd4cfc5
httpd-filesystem-2.4.37-21.module+el8.2.0+18510+68528e70.6.noarch.rpm
SHA-256: b2caa215a4f8bcd23f17632470e5f06b525bd312ff59728f35aa4c49e51b5aee
httpd-manual-2.4.37-21.module+el8.2.0+18510+68528e70.6.noarch.rpm
SHA-256: 37153dee332fdf4bf68a7439603732c2a34574bb1c4fb8917f2e3ad284c64f13
httpd-tools-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm
SHA-256: eb2eb0659f3af7eace6c38556d612af2c971c8fb7b63c1dae16c6a511a65e620
httpd-tools-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm
SHA-256: ad70083d21171f2e9e1051e799578c6562a6425f51fbdbb1a9ccb8d27c13f99d
mod_http2-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.ppc64le.rpm
SHA-256: d557a02470c91aaf77c8a3b206b0c2a2e11113bda251265655972df71c266d27
mod_http2-debuginfo-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.ppc64le.rpm
SHA-256: 689b911557178d5e9538dfb320a2f65fcf83e063c45b090856bbf0869dd71aa0
mod_http2-debugsource-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.ppc64le.rpm
SHA-256: 9d840980ff2a82c6a0a236630bf1e551d58b1251d973babf4dbf050d63f26424
mod_ldap-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm
SHA-256: 6dd065135dc3901959c3dc2a07915bd46b274413ef12efd68170be3d6283eef9
mod_ldap-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm
SHA-256: 60cae1c457a2ec06b6755b4eb3a1a8a54e495bb272c08c7e563f7313a6a61f8d
mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.ppc64le.rpm
SHA-256: 3cb4ae41a2e338eed38572a68768f867013b6eaa3bf545d340d84e5e265763ee
mod_md-debuginfo-2.0.8-7.module+el8.2.0+5531+7e4d69a2.ppc64le.rpm
SHA-256: 853738552cf5d147d82fc01afd03b816f68c40c0a02507514c5d3cc9c57448ec
mod_md-debugsource-2.0.8-7.module+el8.2.0+5531+7e4d69a2.ppc64le.rpm
SHA-256: 7f703b0c79eb4c46089c19f4543ec9d0806a0040995e6a2273474c33842e2f19
mod_proxy_html-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm
SHA-256: 46cf9b66074ffcb1b45964796e0c2751d91005104e790888bf4898677975670b
mod_proxy_html-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm
SHA-256: 4a9c31e1f2d1f866cf7c230fc08e5ec6f53ac1998707fa8be28e4b9783487afa
mod_session-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm
SHA-256: f5c156f69000fabdb6146797c0b7849f3fc034011f197658db5091451b07a865
mod_session-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm
SHA-256: 10b183488b2c70f8ecd849005c259041adf09aca59ce5cb8ce3b4befbeeb1b11
mod_ssl-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm
SHA-256: 85c98432a2e21365d8bc7ea9ba7bc9b231ff10fa5e1a83191a30a83061169f75
mod_ssl-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm
SHA-256: 945c07ee523d569575a4e5cbf751eb75c51d846491a3d506764e6e4cf9f7cdbd
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2
SRPM
httpd-2.4.37-21.module+el8.2.0+18510+68528e70.6.src.rpm
SHA-256: ccd41894b5685a78f3f4ef48a0322006274c04ff1298ab8def2f4b800390e625
mod_http2-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.src.rpm
SHA-256: c3a323b2a04f7cfb942e765fb5d97d8d5599ba9cf0c78359b88a09396cc04412
mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.src.rpm
SHA-256: ac0b05f049712493b3fcf948e094b58b87ba5687c6efca902e0fa352ca2c184d
x86_64
httpd-filesystem-2.4.37-21.module+el8.2.0+18510+68528e70.6.noarch.rpm
SHA-256: b2caa215a4f8bcd23f17632470e5f06b525bd312ff59728f35aa4c49e51b5aee
httpd-manual-2.4.37-21.module+el8.2.0+18510+68528e70.6.noarch.rpm
SHA-256: 37153dee332fdf4bf68a7439603732c2a34574bb1c4fb8917f2e3ad284c64f13
httpd-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: 10cebf614e03d147fac81effb30531fa1ed5480b50f69b33802dea34728365e2
httpd-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: b5cdeaf0a111de8eb86d27336738e1d235cab2a3ede6fea2dae2bc4eb5a0d691
httpd-debugsource-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: 8b02fa8f55dd8f0e62e4fce01a4ff1e6d8e29e54aa0c05de79047328af3b19d1
httpd-devel-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: 3c5241c3d6148c162bd0993664f57ed96a934a031e5fe3a1c8b28827a5f14e23
httpd-tools-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: 11e3aa89d7989c70dda16a06220b06123bc0e03b300f7d33d83847388a4e33d6
httpd-tools-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: 8879d3c1764c9b855850317856dd6b7529edeff4a2625fe230700c24ec2ed46a
mod_http2-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.x86_64.rpm
SHA-256: ea62a0736052ebb375bcd2fe8e0faa4beb03df60a45abc3adff00130bc9bbbed
mod_http2-debuginfo-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.x86_64.rpm
SHA-256: f826dadc55a1c2b5b72a10583077b33e0c55da23a46f814d17e4def1d0b7aa45
mod_http2-debugsource-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.x86_64.rpm
SHA-256: 4b72e6deda0ee70378772f9814e288e0628a24425324e314b5c8f19692700658
mod_ldap-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: ee56f043532913ef95db22dae527f12624c2f7051a5ae3eedc494322ff469937
mod_ldap-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: c85b654d33eedde608159485f9665fc9883f095f96a35fa7732f9a8ccad44478
mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.x86_64.rpm
SHA-256: 488993a0340198b852a125e8857c25595e6bf0f334b47d2a77613ee8a7fb6d37
mod_md-debuginfo-2.0.8-7.module+el8.2.0+5531+7e4d69a2.x86_64.rpm
SHA-256: b8773d35478dc2149b1098d646e59184ad4e00e17e37972c860858ee5639c1a1
mod_md-debugsource-2.0.8-7.module+el8.2.0+5531+7e4d69a2.x86_64.rpm
SHA-256: 0ff0f0e08de22afce2c2e7cb80ef1ea73925ee27d1c5ff86d45d5669e913826e
mod_proxy_html-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: 622a19aa503b2fa2735b78ab7ef681c7977b05ecade2f2536809970159daf539
mod_proxy_html-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: aff6dcb37e92e5d849c9f24e7b45dc3a06be103736b954b3a74b876d8d9075b1
mod_session-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: 4607715a44be79c8703ed4a4c9beb476f9d8de7b0146ea612b0323b27b234923
mod_session-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: 6bd2cac5243d38c4de26b0e9623712d712a6797618c4b312d54e0703159adcb1
mod_ssl-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: 126c6c19865ae838d76770dc00e5f05247cbe99a2a6ac94ce484286ca13b3b26
mod_ssl-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm
SHA-256: 74761cc8ef311b08ea57db3cbfb75f258012847fcc51a425875f6b4836bac469
Related news
Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.
An update is now available for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 on Red Hat Enterprise Linux versions 7 and 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-4304: A timing-based side channel exists in the Open...
Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.
An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-suppli...
Red Hat Security Advisory 2023-1916-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
An update for httpd and mod_http2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches s...
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
Red Hat Security Advisory 2023-1670-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
An update for httpd and mod_http2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-su...
Red Hat Security Advisory 2023-1597-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Red Hat Security Advisory 2023-1547-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches ...
An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request...
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches ...
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific patter...
Ubuntu Security Notice 5942-2 - USN-5942-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding update for CVE-2023-25690 for Ubuntu 16.04 ESM. Lars Krapf discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain configurations. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.
Debian Linux Security Advisory 5376-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service.
Ubuntu Security Notice 5942-1 - Lars Krapf discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain configurations. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server mod_proxy_uwsgi module incorrectly handled certain special characters. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.