Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:1593: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution.
Red Hat Security Data
#vulnerability#web#linux#red_hat#apache#ldap#ibm#ssl

Synopsis

Important: httpd security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for httpd is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

  • httpd: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon will be restarted automatically.

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

  • BZ - 2176209 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy

Red Hat Enterprise Linux Server 7

SRPM

httpd-2.4.6-98.el7_9.7.src.rpm

SHA-256: 24a898d5915736a6bb3b8544a857b287aa8e3ba433d5ae4a745a1224fbbfb547

x86_64

httpd-2.4.6-98.el7_9.7.x86_64.rpm

SHA-256: de5a838088a41fc360504a45f2f0bb07cf311bd699a2df111bc94a93a680ca54

httpd-debuginfo-2.4.6-98.el7_9.7.x86_64.rpm

SHA-256: 166934e3541ea27e32a5fdcee02222d98367e85951d1e140aa054ff1a0c160b0

httpd-debuginfo-2.4.6-98.el7_9.7.x86_64.rpm

SHA-256: 166934e3541ea27e32a5fdcee02222d98367e85951d1e140aa054ff1a0c160b0

httpd-devel-2.4.6-98.el7_9.7.x86_64.rpm

SHA-256: 8380d552ebfdc531b6a509a91a984822232a4c42d339d2c98494e1772a779616

httpd-manual-2.4.6-98.el7_9.7.noarch.rpm

SHA-256: c8efcead8fb88dfce14ff90bb2757980a7255f7a210b222fb70034ca7be2eab4

httpd-tools-2.4.6-98.el7_9.7.x86_64.rpm

SHA-256: 583ded2f8bb79c88f2fff54012a97b968c4539f9173ec89e171226d6eb74d5fa

mod_ldap-2.4.6-98.el7_9.7.x86_64.rpm

SHA-256: 9f9ae603f548bc8b97d047f3276c3a8e7265d0be518df8e82a06679a39e639ab

mod_proxy_html-2.4.6-98.el7_9.7.x86_64.rpm

SHA-256: f9732ec54e1d126037ea09b6a61f720914cb05e7fe245153e9d0e2d2f1b9c3d4

mod_session-2.4.6-98.el7_9.7.x86_64.rpm

SHA-256: 5551b910786749d624f020aefcfe238cc59d1384166c39aef89b76febf504dea

mod_ssl-2.4.6-98.el7_9.7.x86_64.rpm

SHA-256: 98553ce0a51c1abb85b131d5c0660f2969f378ae882d842cb80d95b2d99acab7

Red Hat Enterprise Linux Workstation 7

SRPM

httpd-2.4.6-98.el7_9.7.src.rpm

SHA-256: 24a898d5915736a6bb3b8544a857b287aa8e3ba433d5ae4a745a1224fbbfb547

x86_64

httpd-2.4.6-98.el7_9.7.x86_64.rpm

SHA-256: de5a838088a41fc360504a45f2f0bb07cf311bd699a2df111bc94a93a680ca54

httpd-debuginfo-2.4.6-98.el7_9.7.x86_64.rpm

SHA-256: 166934e3541ea27e32a5fdcee02222d98367e85951d1e140aa054ff1a0c160b0

httpd-debuginfo-2.4.6-98.el7_9.7.x86_64.rpm

SHA-256: 166934e3541ea27e32a5fdcee02222d98367e85951d1e140aa054ff1a0c160b0

httpd-devel-2.4.6-98.el7_9.7.x86_64.rpm

SHA-256: 8380d552ebfdc531b6a509a91a984822232a4c42d339d2c98494e1772a779616

httpd-manual-2.4.6-98.el7_9.7.noarch.rpm

SHA-256: c8efcead8fb88dfce14ff90bb2757980a7255f7a210b222fb70034ca7be2eab4

httpd-tools-2.4.6-98.el7_9.7.x86_64.rpm

SHA-256: 583ded2f8bb79c88f2fff54012a97b968c4539f9173ec89e171226d6eb74d5fa

mod_ldap-2.4.6-98.el7_9.7.x86_64.rpm

SHA-256: 9f9ae603f548bc8b97d047f3276c3a8e7265d0be518df8e82a06679a39e639ab

mod_proxy_html-2.4.6-98.el7_9.7.x86_64.rpm

SHA-256: f9732ec54e1d126037ea09b6a61f720914cb05e7fe245153e9d0e2d2f1b9c3d4

mod_session-2.4.6-98.el7_9.7.x86_64.rpm

SHA-256: 5551b910786749d624f020aefcfe238cc59d1384166c39aef89b76febf504dea

mod_ssl-2.4.6-98.el7_9.7.x86_64.rpm

SHA-256: 98553ce0a51c1abb85b131d5c0660f2969f378ae882d842cb80d95b2d99acab7

Red Hat Enterprise Linux Desktop 7

SRPM

httpd-2.4.6-98.el7_9.7.src.rpm

SHA-256: 24a898d5915736a6bb3b8544a857b287aa8e3ba433d5ae4a745a1224fbbfb547

x86_64

httpd-2.4.6-98.el7_9.7.x86_64.rpm

SHA-256: de5a838088a41fc360504a45f2f0bb07cf311bd699a2df111bc94a93a680ca54

httpd-debuginfo-2.4.6-98.el7_9.7.x86_64.rpm

SHA-256: 166934e3541ea27e32a5fdcee02222d98367e85951d1e140aa054ff1a0c160b0

httpd-devel-2.4.6-98.el7_9.7.x86_64.rpm

SHA-256: 8380d552ebfdc531b6a509a91a984822232a4c42d339d2c98494e1772a779616

httpd-manual-2.4.6-98.el7_9.7.noarch.rpm

SHA-256: c8efcead8fb88dfce14ff90bb2757980a7255f7a210b222fb70034ca7be2eab4

httpd-tools-2.4.6-98.el7_9.7.x86_64.rpm

SHA-256: 583ded2f8bb79c88f2fff54012a97b968c4539f9173ec89e171226d6eb74d5fa

mod_ldap-2.4.6-98.el7_9.7.x86_64.rpm

SHA-256: 9f9ae603f548bc8b97d047f3276c3a8e7265d0be518df8e82a06679a39e639ab

mod_proxy_html-2.4.6-98.el7_9.7.x86_64.rpm

SHA-256: f9732ec54e1d126037ea09b6a61f720914cb05e7fe245153e9d0e2d2f1b9c3d4

mod_session-2.4.6-98.el7_9.7.x86_64.rpm

SHA-256: 5551b910786749d624f020aefcfe238cc59d1384166c39aef89b76febf504dea

mod_ssl-2.4.6-98.el7_9.7.x86_64.rpm

SHA-256: 98553ce0a51c1abb85b131d5c0660f2969f378ae882d842cb80d95b2d99acab7

Red Hat Enterprise Linux for IBM z Systems 7

SRPM

httpd-2.4.6-98.el7_9.7.src.rpm

SHA-256: 24a898d5915736a6bb3b8544a857b287aa8e3ba433d5ae4a745a1224fbbfb547

s390x

httpd-2.4.6-98.el7_9.7.s390x.rpm

SHA-256: 4b9f5c5a21a82a0a548e95c28c9e2c0f3347b984d1d632aab8e87f7ef81d2a6f

httpd-debuginfo-2.4.6-98.el7_9.7.s390x.rpm

SHA-256: 02b0a711101c74399a30889896e4b303a9988078577753feae69f163e8df1b0f

httpd-debuginfo-2.4.6-98.el7_9.7.s390x.rpm

SHA-256: 02b0a711101c74399a30889896e4b303a9988078577753feae69f163e8df1b0f

httpd-devel-2.4.6-98.el7_9.7.s390x.rpm

SHA-256: 70e0a60d2c1323f77f5822c052537d6327c73658f448977a28d8208362b98776

httpd-manual-2.4.6-98.el7_9.7.noarch.rpm

SHA-256: c8efcead8fb88dfce14ff90bb2757980a7255f7a210b222fb70034ca7be2eab4

httpd-tools-2.4.6-98.el7_9.7.s390x.rpm

SHA-256: c7d3ad1ef6427e1abcac7dd2034c093c38dee78563016f125afa566bd62f9906

mod_ldap-2.4.6-98.el7_9.7.s390x.rpm

SHA-256: 322edff550d803222fbc8782bc794f4d918ad5ae4e50f9df62ac135a52763462

mod_proxy_html-2.4.6-98.el7_9.7.s390x.rpm

SHA-256: e6c6387696487888e83c2b9d844175197fc56acc70df7639664c239b0cf73f8f

mod_session-2.4.6-98.el7_9.7.s390x.rpm

SHA-256: e047d19db4a5b36916076db705009d7eea8d58a2a5435a4a7fe372ac44373be3

mod_ssl-2.4.6-98.el7_9.7.s390x.rpm

SHA-256: 14def510edbae9f3f5832d3d2e0ddefa605d712c83a12f8412ee70556806a7c1

Red Hat Enterprise Linux for Power, big endian 7

SRPM

httpd-2.4.6-98.el7_9.7.src.rpm

SHA-256: 24a898d5915736a6bb3b8544a857b287aa8e3ba433d5ae4a745a1224fbbfb547

ppc64

httpd-2.4.6-98.el7_9.7.ppc64.rpm

SHA-256: d464dc604d461449109c623d0d198965896010a462c35d9cb6ac743043e14ce9

httpd-debuginfo-2.4.6-98.el7_9.7.ppc64.rpm

SHA-256: 7d3c5f74cc2f6f96b213743d75aafb45421f5be415b93d4d7fd278212154c3cf

httpd-debuginfo-2.4.6-98.el7_9.7.ppc64.rpm

SHA-256: 7d3c5f74cc2f6f96b213743d75aafb45421f5be415b93d4d7fd278212154c3cf

httpd-devel-2.4.6-98.el7_9.7.ppc64.rpm

SHA-256: e92f7584ba8f6eea2f8bbc2cd11baa140f46ef766a6ccc32d04723b8a8bf5f72

httpd-manual-2.4.6-98.el7_9.7.noarch.rpm

SHA-256: c8efcead8fb88dfce14ff90bb2757980a7255f7a210b222fb70034ca7be2eab4

httpd-tools-2.4.6-98.el7_9.7.ppc64.rpm

SHA-256: 43f5e5711c21ca22a62325c4629c5f8eb27771491d90eac6f3ad7ebae068d6ab

mod_ldap-2.4.6-98.el7_9.7.ppc64.rpm

SHA-256: a66071ce8b945bb312d35b3df0207cca0ed1b5fc5f12624804b3430c46b9faa5

mod_proxy_html-2.4.6-98.el7_9.7.ppc64.rpm

SHA-256: e107fba68b075275146af34cd093663b8a2c891e03915406d59caebd6844394f

mod_session-2.4.6-98.el7_9.7.ppc64.rpm

SHA-256: c3e30ba0ec83310fb09eeed7cb5025e943ad2b5de4f4c368098b40aad5e2824e

mod_ssl-2.4.6-98.el7_9.7.ppc64.rpm

SHA-256: f82f95a2551b430a7b123d7e4f3ef5368ee36cf48378ed8a2eaecbd3608d7577

Red Hat Enterprise Linux for Scientific Computing 7

SRPM

httpd-2.4.6-98.el7_9.7.src.rpm

SHA-256: 24a898d5915736a6bb3b8544a857b287aa8e3ba433d5ae4a745a1224fbbfb547

x86_64

httpd-2.4.6-98.el7_9.7.x86_64.rpm

SHA-256: de5a838088a41fc360504a45f2f0bb07cf311bd699a2df111bc94a93a680ca54

httpd-debuginfo-2.4.6-98.el7_9.7.x86_64.rpm

SHA-256: 166934e3541ea27e32a5fdcee02222d98367e85951d1e140aa054ff1a0c160b0

httpd-devel-2.4.6-98.el7_9.7.x86_64.rpm

SHA-256: 8380d552ebfdc531b6a509a91a984822232a4c42d339d2c98494e1772a779616

httpd-manual-2.4.6-98.el7_9.7.noarch.rpm

SHA-256: c8efcead8fb88dfce14ff90bb2757980a7255f7a210b222fb70034ca7be2eab4

httpd-tools-2.4.6-98.el7_9.7.x86_64.rpm

SHA-256: 583ded2f8bb79c88f2fff54012a97b968c4539f9173ec89e171226d6eb74d5fa

mod_ldap-2.4.6-98.el7_9.7.x86_64.rpm

SHA-256: 9f9ae603f548bc8b97d047f3276c3a8e7265d0be518df8e82a06679a39e639ab

mod_proxy_html-2.4.6-98.el7_9.7.x86_64.rpm

SHA-256: f9732ec54e1d126037ea09b6a61f720914cb05e7fe245153e9d0e2d2f1b9c3d4

mod_session-2.4.6-98.el7_9.7.x86_64.rpm

SHA-256: 5551b910786749d624f020aefcfe238cc59d1384166c39aef89b76febf504dea

mod_ssl-2.4.6-98.el7_9.7.x86_64.rpm

SHA-256: 98553ce0a51c1abb85b131d5c0660f2969f378ae882d842cb80d95b2d99acab7

Red Hat Enterprise Linux for Power, little endian 7

SRPM

httpd-2.4.6-98.el7_9.7.src.rpm

SHA-256: 24a898d5915736a6bb3b8544a857b287aa8e3ba433d5ae4a745a1224fbbfb547

ppc64le

httpd-2.4.6-98.el7_9.7.ppc64le.rpm

SHA-256: a2fb9fb534f4c73abac7fa31e963778f630673c5202eb968914ed6daff62d9c4

httpd-debuginfo-2.4.6-98.el7_9.7.ppc64le.rpm

SHA-256: af56951d646f2e6358ac4285d3dd332f3037cb0ec455f3f4c542ecf9515a96f6

httpd-debuginfo-2.4.6-98.el7_9.7.ppc64le.rpm

SHA-256: af56951d646f2e6358ac4285d3dd332f3037cb0ec455f3f4c542ecf9515a96f6

httpd-devel-2.4.6-98.el7_9.7.ppc64le.rpm

SHA-256: bdf40475677c54e67f2373a09a4157a813564e6a4dfcd60682a56c997ca71c80

httpd-manual-2.4.6-98.el7_9.7.noarch.rpm

SHA-256: c8efcead8fb88dfce14ff90bb2757980a7255f7a210b222fb70034ca7be2eab4

httpd-tools-2.4.6-98.el7_9.7.ppc64le.rpm

SHA-256: cd47c55d4a9aa1cb124b57d45c7d22290d5a6dda068de981304356ae16c71b8b

mod_ldap-2.4.6-98.el7_9.7.ppc64le.rpm

SHA-256: e4e87b63f67e81e3300dc1248e3b77155ef858e3d9e1b94175463a3a4ec6a6d6

mod_proxy_html-2.4.6-98.el7_9.7.ppc64le.rpm

SHA-256: f8009cff91824f6df704abb27c315817fef97f23c9a59da49ea688fc74b125e6

mod_session-2.4.6-98.el7_9.7.ppc64le.rpm

SHA-256: ed90a3675e48634902e73ba3c5f710f2fd3badff5ba4b1ecbc9e51b2a62e3db2

mod_ssl-2.4.6-98.el7_9.7.ppc64le.rpm

SHA-256: b07179669b7607197cd0057cea0e8cb2d2417d939e668f1e226bd73628e2a87c

Related news

Gentoo Linux Security Advisory 202309-01

Gentoo Linux Security Advisory 202309-1 - Multiple vulnerabilities have been discovered in Apache HTTPD, the worst of which could result in denial of service. Versions greater than or equal to 2.4.56 are affected.

RHSA-2023:3354: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 security update

An update is now available for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 on Red Hat Enterprise Linux versions 7 and 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-4304: A timing-based side channel exists in the Open...

Red Hat Security Advisory 2023-3292-01

Red Hat Security Advisory 2023-3292-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

RHSA-2023:3292: Red Hat Security Advisory: httpd24-httpd security update

An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-suppli...

RHSA-2023:1916: Red Hat Security Advisory: httpd and mod_http2 security update

An update for httpd and mod_http2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches s...

CVE-2023-21954: Oracle Critical Patch Update Advisory - April 2023

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

Red Hat Security Advisory 2023-1670-01

Red Hat Security Advisory 2023-1670-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

RHSA-2023:1672: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations a...

RHSA-2023:1673: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-s...

RHSA-2023:1670: Red Hat Security Advisory: httpd and mod_http2 security update

An update for httpd and mod_http2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-su...

Red Hat Security Advisory 2023-1597-01

Red Hat Security Advisory 2023-1597-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Red Hat Security Advisory 2023-1547-01

Red Hat Security Advisory 2023-1547-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

RHSA-2023:1597: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches ...

RHSA-2023:1547: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific patter...

Ubuntu Security Notice USN-5942-2

Ubuntu Security Notice 5942-2 - USN-5942-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding update for CVE-2023-25690 for Ubuntu 16.04 ESM. Lars Krapf discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain configurations. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.

Debian Security Advisory 5376-1

Debian Linux Security Advisory 5376-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service.

Ubuntu Security Notice USN-5942-1

Ubuntu Security Notice 5942-1 - Lars Krapf discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain configurations. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server mod_proxy_uwsgi module incorrectly handled certain special characters. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.