Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:0852: Red Hat Security Advisory: httpd:2.4 security and bug fix update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted “If:” request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service.
  • CVE-2022-36760: A flaw was found in the mod_proxy_ajp module of httpd. The connection is not closed when there is an invalid Transfer-Encoding header, allowing an attacker to smuggle requests to the AJP server, where it forwards requests.
  • CVE-2022-37436: A flaw was found in the mod_proxy module of httpd. A malicious backend can cause the response headers to be truncated because they are not cleaned when an error is found while reading them, resulting in some headers being incorporated into the response body and not being interpreted by a client.
Red Hat Security Data
#vulnerability#web#linux#red_hat#dos#apache#ldap#ibm#ssl

Synopsis

Moderate: httpd:2.4 security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

  • httpd: mod_dav: out-of-bounds read/write of zero byte (CVE-2006-20001)
  • httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-36760)
  • httpd: mod_proxy: HTTP response splitting (CVE-2022-37436)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • httpd-init fails to create localhost.crt, localhost.key due to “sscg” default now creates a /dhparams.pem and is not idempotent if the file /dhparams.pem already exists. (BZ#2165967)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon will be restarted automatically.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

  • BZ - 2161773 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting
  • BZ - 2161774 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write of zero byte
  • BZ - 2161777 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request smuggling
  • BZ - 2165967 - httpd-init fails to create localhost.crt, localhost.key due to “sscg” default now creates a /dhparams.pem and is not idempotent if the file /dhparams.pem already exists. [rhel-8.7.0.z]

Red Hat Enterprise Linux for x86_64 8

SRPM

httpd-2.4.37-51.module+el8.7.0+18026+7b169787.1.src.rpm

SHA-256: 15ac547b28aa48655bee0221d835dc90c98eb7bd37483d21e4ee1c22b985c7b9

mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.src.rpm

SHA-256: c51a419188764008ae9cdea00f96257d11319c305db9d49bb44d71d4e0e5ded4

mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.src.rpm

SHA-256: e54d2c1123b7e139e6d8e896309ff1210bc3e70b6d53debd525c825694e60964

x86_64

httpd-filesystem-2.4.37-51.module+el8.7.0+18026+7b169787.1.noarch.rpm

SHA-256: 2bf29e20bd577e4936eec0cad77e6d754eba44c71be096bca31bb364171161ec

httpd-manual-2.4.37-51.module+el8.7.0+18026+7b169787.1.noarch.rpm

SHA-256: 7adb90f5ad0eb97963a3d09e0e9597730d1784a07737df51185de65a31787ab1

httpd-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm

SHA-256: 2db2515763929f57f5d42d7d6a1805653505d2ea1d727b6291bfef613a2c7ae1

httpd-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm

SHA-256: a540d7ff34bd56a354611f08ac8d14e71a6bf666df784ed0a774b683beede887

httpd-debugsource-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm

SHA-256: 56e2fbe033d266582b45140b4825c114069149e51f43da5626b21e22d7bc55ac

httpd-devel-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm

SHA-256: 2a73be61771d128aa3d2519d1cf66b2a1888be9d045efcf9c0243bf82dbcd0fd

httpd-tools-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm

SHA-256: 6fbef5b3b1ce330a8e68594da2815c2f0f4796add19d02d87fe960b74cf604e6

httpd-tools-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm

SHA-256: 0bcfcb62980a4e5e55c5b455f25da129e32f42cb9298ace2b247aa2a0a1f1039

mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.x86_64.rpm

SHA-256: 51ed26547586ad30507d14f49a2309243a7eadf10d74da39870d458a5cdf7c53

mod_http2-debuginfo-1.15.7-5.module+el8.6.0+13996+01710940.x86_64.rpm

SHA-256: 473bc434337add1ad02bea839f27017eb6359e656c2c4848f7968f5126c664f9

mod_http2-debugsource-1.15.7-5.module+el8.6.0+13996+01710940.x86_64.rpm

SHA-256: 64b903c429efac379e884ca04111f18a4744bdc4531a720f4d67183291fc751c

mod_ldap-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm

SHA-256: ae65a4c026e2a28c348151691629410837dcdd7857497c400b2c43d1b558150c

mod_ldap-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm

SHA-256: 87324aad7620b710091ab72c7ef9d3876aff09ae0c820f66a245186e1f9b6049

mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm

SHA-256: f3724d9ba0b48c114b5de211569dee948c12fb3d51651769787ba7c6fbf328e2

mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm

SHA-256: f6b94cade41a730ccd7cbc1d1ee2e2053640dc93e687f1d513317ccc3a5089a9

mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm

SHA-256: 88894d76e297120cfea5b52686fbf0d7e0e3ac6e45feb6e5d8cb9c39a8bed53c

mod_proxy_html-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm

SHA-256: 71690f0224e9c48187175dd6ca41dc60a9dc296b6992449c3c5a93765b413c5d

mod_proxy_html-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm

SHA-256: 871b6adf9ef1c3f19fdf241580b6f3cd872b77e5ca582df14f8e9ffc55c86c6c

mod_session-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm

SHA-256: f5151cde7fe2739df858c8645b8b8320e15e701aa593319b3967f91a532bfb34

mod_session-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm

SHA-256: bf4f221c2a878ac292c2f5489944c402c934120f4c23960f9bedf5a6b1ef91a9

mod_ssl-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm

SHA-256: da1cce63d480f2e3b8fd1c8f353081844719ce5afddbb903b05ada26dec993b1

mod_ssl-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm

SHA-256: 12e81c09e6b418a66131a1858f91c5ced1a07986ebdb24a88e38cd7dddcedeb8

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

httpd-2.4.37-51.module+el8.7.0+18026+7b169787.1.src.rpm

SHA-256: 15ac547b28aa48655bee0221d835dc90c98eb7bd37483d21e4ee1c22b985c7b9

mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.src.rpm

SHA-256: c51a419188764008ae9cdea00f96257d11319c305db9d49bb44d71d4e0e5ded4

mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.src.rpm

SHA-256: e54d2c1123b7e139e6d8e896309ff1210bc3e70b6d53debd525c825694e60964

s390x

httpd-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm

SHA-256: 5098bc3296e5becee85b8189daa27a48d60099d4999721add66bd9e8c4174ba8

httpd-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm

SHA-256: 9ba6db51beeb929a63eb0fb5405008d2c1b0e19ebb5fc5f7189eb48e49ce5014

httpd-debugsource-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm

SHA-256: 4a1465cf1ea16f25956e8f704366a3a85e97dcc5d6055c6937e9ab23ceef3dab

httpd-devel-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm

SHA-256: 40f2089d6b2efcab771bae910e8c166846530df6c9a3af06bd1db3de3f50571b

httpd-filesystem-2.4.37-51.module+el8.7.0+18026+7b169787.1.noarch.rpm

SHA-256: 2bf29e20bd577e4936eec0cad77e6d754eba44c71be096bca31bb364171161ec

httpd-manual-2.4.37-51.module+el8.7.0+18026+7b169787.1.noarch.rpm

SHA-256: 7adb90f5ad0eb97963a3d09e0e9597730d1784a07737df51185de65a31787ab1

httpd-tools-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm

SHA-256: 88244350ab117f7fa9e1e50abb00f54ff1b5cce4dd96da19578c125a97aeca1c

httpd-tools-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm

SHA-256: 6276f612c52683ee8e90c24e91ea074e0c572b6ddd13a2ce91663f67fcbf489a

mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.s390x.rpm

SHA-256: ec04e42141b621c03ac58afb81a1c0384ef284bb0695b5e60191ded254408cee

mod_http2-debuginfo-1.15.7-5.module+el8.6.0+13996+01710940.s390x.rpm

SHA-256: c400c2cbb4227abf1993d450b91c377e190edd54ce002457757ce18b3a6c8932

mod_http2-debugsource-1.15.7-5.module+el8.6.0+13996+01710940.s390x.rpm

SHA-256: 7f55ca9b5fe9c61e5677885e9b3373563858b026f51fca8d160464b84c0ea4f3

mod_ldap-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm

SHA-256: 94162f26295ee9ac4856b7042ccb189159f6175588a1c2b556215c32a801e5d3

mod_ldap-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm

SHA-256: b857c5dc808049e4fad832e44a350a5169e809720f7fee4fb23b9bf6409de9d2

mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm

SHA-256: e6bdec26d5ac3c27f7e1ed5cf7cfff31a5aeac61307aac743adf516672294417

mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm

SHA-256: aec3f53bef91ae21def38a03da165cc8c0de0c8230820131b489c746982a422d

mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm

SHA-256: d6741dabe3ea8db818a220f80af8c088b4fea295e0aa41b666acefc7f8527500

mod_proxy_html-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm

SHA-256: 8dc6331f6819fd68b02a766c71e6c7ffca8405cbd9a3e2f6655a21a1880b4ad5

mod_proxy_html-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm

SHA-256: 923d02458c1b6830e032a7b93bf7f2050ff9b82022d1e6cc3c79a2bfe6660971

mod_session-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm

SHA-256: 07f743cbc8455533f3ff53ad67c5cbbc9732f8e8ac03b667bb8e242201d8c6f1

mod_session-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm

SHA-256: ae39ddbb1bb060ddef3d687fd6100512de13f7b16669e021a723cecbb52b50dd

mod_ssl-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm

SHA-256: 854ba1173339887e706e58d996394a0c6cc7afe885526cd7a8188ae9642cd1e8

mod_ssl-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm

SHA-256: b6d17176fb83aecfef68febfe6a36288d9e8ee5343aacd92affa2586d6f4ec5d

Red Hat Enterprise Linux for Power, little endian 8

SRPM

httpd-2.4.37-51.module+el8.7.0+18026+7b169787.1.src.rpm

SHA-256: 15ac547b28aa48655bee0221d835dc90c98eb7bd37483d21e4ee1c22b985c7b9

mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.src.rpm

SHA-256: c51a419188764008ae9cdea00f96257d11319c305db9d49bb44d71d4e0e5ded4

mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.src.rpm

SHA-256: e54d2c1123b7e139e6d8e896309ff1210bc3e70b6d53debd525c825694e60964

ppc64le

httpd-filesystem-2.4.37-51.module+el8.7.0+18026+7b169787.1.noarch.rpm

SHA-256: 2bf29e20bd577e4936eec0cad77e6d754eba44c71be096bca31bb364171161ec

httpd-manual-2.4.37-51.module+el8.7.0+18026+7b169787.1.noarch.rpm

SHA-256: 7adb90f5ad0eb97963a3d09e0e9597730d1784a07737df51185de65a31787ab1

httpd-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm

SHA-256: 8d0de4123a0cead913f078ba6600e17201d7ca08608d4077013e2a59ee82894c

httpd-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm

SHA-256: 42a4ec13b219a6eb082b8ca2ff000a0260420623afcbbabf16a084c9759f646a

httpd-debugsource-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm

SHA-256: 5298b6ddb10f70e288e425e49a23b422a85d52d81e64c2c03e400947c6d79df7

httpd-devel-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm

SHA-256: de5c755d3cdb0eb8e359bf33a02a365a2287eb6b8042c7137bdb828401593564

httpd-tools-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm

SHA-256: 76308a6b410731f18f45ee9b69e75dd7f65d7229ddfd0b107e27fde0b38d48ec

httpd-tools-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm

SHA-256: 2b3621d06bafb977f2df994d482d660587da65d98af1a7537565ba286f8e4ff3

mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.ppc64le.rpm

SHA-256: 5fa52fe702d697010c2094cce096edb74fffef11cef25f7fbe9f5c600029daeb

mod_http2-debuginfo-1.15.7-5.module+el8.6.0+13996+01710940.ppc64le.rpm

SHA-256: eee1f0040870f53d349d18e0a0383c3ad45e930141ccd00bef80b81119b207d0

mod_http2-debugsource-1.15.7-5.module+el8.6.0+13996+01710940.ppc64le.rpm

SHA-256: fc547e973b526f894ceff04b8245ee3b59e05323ce590155b2a57fcac6f749d1

mod_ldap-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm

SHA-256: 3298e7ec6ba1d4349c451e4b312496d37a1162fac892dc1a8f8c5d21e8c0e715

mod_ldap-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm

SHA-256: 512d467ca59dd5af2c53f6056e3b414d5a5492b6529578d65a1e6c5f0c47f0e0

mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm

SHA-256: 97e5a010aa4425df62b3e5cab8094c32c36242c40ce181a44809477ef3539d62

mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm

SHA-256: 1ba4f52abc03c57ea7d4484c65459b39543e5cfb82c65174bce81e1b8288f8ad

mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm

SHA-256: 38f2fc7066bbce386bcf68652a3c50cb908a67c52652d50d104be0cd881b66c3

mod_proxy_html-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm

SHA-256: b09abdfaaf97920814d76c8ec7747ae368e513d4da72ede138a3fc862af13f56

mod_proxy_html-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm

SHA-256: 74b2f3a1872c7f025feb83c34aa38be6d3419174a936b018a54f4ed9722d01c5

mod_session-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm

SHA-256: d6d1f67647128646be7736d33d1553a0673e1adee5ff4944cc5e025a6452c0af

mod_session-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm

SHA-256: ffad95bf2ebf010ec96fb84cc0606ac8d895aca14943e50e2b9b1882a040713a

mod_ssl-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm

SHA-256: c19c3b70c646c8143bb95cd08a3fa1bb0fe9f98372c514ba276d04b969a94c6b

mod_ssl-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm

SHA-256: 8f488ca0a55f4d805aec89b5e6970fa8fd704d13335b2bd9c4c741116bfe345e

Red Hat Enterprise Linux for ARM 64 8

SRPM

httpd-2.4.37-51.module+el8.7.0+18026+7b169787.1.src.rpm

SHA-256: 15ac547b28aa48655bee0221d835dc90c98eb7bd37483d21e4ee1c22b985c7b9

mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.src.rpm

SHA-256: c51a419188764008ae9cdea00f96257d11319c305db9d49bb44d71d4e0e5ded4

mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.src.rpm

SHA-256: e54d2c1123b7e139e6d8e896309ff1210bc3e70b6d53debd525c825694e60964

aarch64

httpd-filesystem-2.4.37-51.module+el8.7.0+18026+7b169787.1.noarch.rpm

SHA-256: 2bf29e20bd577e4936eec0cad77e6d754eba44c71be096bca31bb364171161ec

httpd-manual-2.4.37-51.module+el8.7.0+18026+7b169787.1.noarch.rpm

SHA-256: 7adb90f5ad0eb97963a3d09e0e9597730d1784a07737df51185de65a31787ab1

httpd-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm

SHA-256: df55c69ba8675a295890970cccb17006d76d8498b6fdbaba8d8e3d1e3da3d784

httpd-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm

SHA-256: 7d6cff2d2ae416a740f87ff29f59a25b166e9e62532a73714399fb421a08a4bb

httpd-debugsource-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm

SHA-256: 9b297f4e8442ac793ab9d76861645b0bb66240ecf36ba22d201fd86b8797851c

httpd-devel-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm

SHA-256: 2e76040f2fd6ff8d65b4cc1bad82cc58d2925381d70b7aebdd36e790672c6cc9

httpd-tools-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm

SHA-256: bf1e3fd7f4947d640226030c35923810f83acdb93e115d19f617c3933c81476b

httpd-tools-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm

SHA-256: bd7586d86b0ff5ef4ef58a07fb27844f2fa5d11a8df198c88de048d67a9c8716

mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.aarch64.rpm

SHA-256: 7c3b773050d02455a3ada8c65f14fc5d1147150b12f618b8e8cb8be14c917e9a

mod_http2-debuginfo-1.15.7-5.module+el8.6.0+13996+01710940.aarch64.rpm

SHA-256: 5f23c1a815cc8db274573923cd49670fdfbde452451ac8aded9ae73e02c4e7fe

mod_http2-debugsource-1.15.7-5.module+el8.6.0+13996+01710940.aarch64.rpm

SHA-256: 054966ecf3600c58a15bfbab48beec90937ae42642f246f6a94b22c1cfe6a96d

mod_ldap-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm

SHA-256: 9697151fe32a3a5e155893de80a57a02071da7b58428d41eeabea2c8fff54d19

mod_ldap-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm

SHA-256: cf9e8740c023e7986347463a2f8d84c8c453c901dbe135dc3c8a6daba5bc7844

mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm

SHA-256: 396ffce00fa11237b343330f48ce215ed3123c8d520f4e53fc29c7cb9d03edfa

mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm

SHA-256: 031e3abd81f2e03b8dab9af402139c6565db2cc61878018a343f20949f1e6da2

mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm

SHA-256: ab5fc429e251fd16d0aab83d4853aabf99624ebeb84a09a8dce7ef977be0633c

mod_proxy_html-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm

SHA-256: 0a2946508df480a748e773333574bdd944366751738e57abfd39ab5d5e68032f

mod_proxy_html-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm

SHA-256: 4853fe4a5cd34c4a3e1b3652772ef537a9cfaaf875c57438f6d562ba6c7ff3e1

mod_session-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm

SHA-256: d39a595682d518336805883d22599a067129b0cb67115027ec960ced36c49209

mod_session-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm

SHA-256: 72b7efc6c95fa8204e725ddfa664b0ad71bb8efedc71b9d4f02371f1166c57b9

mod_ssl-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm

SHA-256: 961a4530c988e782a16278774e0d1b5696461da016a662febb135bbde3406eb5

mod_ssl-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm

SHA-256: 288ca903e2b1f201b3b350f550486e5ebd07c5732ac16a084532a0c3717e9e9b

Related news

CVE-2023-22130: Oracle Critical Patch Update Advisory - October 2023

Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

Gentoo Linux Security Advisory 202309-01

Gentoo Linux Security Advisory 202309-1 - Multiple vulnerabilities have been discovered in Apache HTTPD, the worst of which could result in denial of service. Versions greater than or equal to 2.4.56 are affected.

Red Hat Security Advisory 2023-4628-01

Red Hat Security Advisory 2023-4628-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP response splitting, bypass, integer overflow, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-4629-01

Red Hat Security Advisory 2023-4629-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section. Issues addressed include HTTP response splitting, bypass, integer overflow, and use-after-free vulnerabilities.

CVE-2023-32494: DSA-2023-269: Security Update for Dell PowerScale OneFS for Multiple Security Vulnerabilities

Dell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of insufficient privileges vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to elevation of privilege and affect in compliance mode also.

RHSA-2023:4629: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 security update

An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24963: A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer. * CVE-2022-36760: A flaw was found in the mod_proxy_ajp module of httpd. The connection is not closed when there is an invalid Transfer-Encoding header, allowing an attacker to smuggle requests to the AJP server, where it forw...

RHSA-2023:4628: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 security update

Red Hat JBoss Core Services Apache HTTP Server 2.4.57 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24963: A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer. * CVE-2022-28331: A flaw was found in Apache Portable Runtime, affecting versions <= 1.7.0. This issue may allow a malicious user to write beyond the end of a stack buffer and cause an integer overflow. This affect...

CVE-2023-22062: Oracle Critical Patch Update Advisory - July 2023

Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).

CVE-2023-26298: HP Device Manager Security Updates

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

RHSA-2023:3354: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 security update

An update is now available for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 on Red Hat Enterprise Linux versions 7 and 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-4304: A timing-based side channel exists in the Open...

RHSA-2023:3355: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 security update

Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-4304: A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficien...

CVE-2023-21954: Oracle Critical Patch Update Advisory - April 2023

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

Debian Security Advisory 5376-1

Debian Linux Security Advisory 5376-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service.

Red Hat Security Advisory 2023-0970-01

Red Hat Security Advisory 2023-0970-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include HTTP response splitting and out of bounds read vulnerabilities.

RHSA-2023:0970: Red Hat Security Advisory: httpd security and bug fix update

An update for httpd is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-36760: A flaw was found in the mod_proxy_ajp module of httpd. The connection is not closed when there is an invalid Transfer-Encod...

Red Hat Security Advisory 2023-0852-01

Red Hat Security Advisory 2023-0852-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include HTTP response splitting and out of bounds read vulnerabilities.

Ubuntu Security Notice USN-5839-2

Ubuntu Security Notice 5839-2 - USN-5839-1 fixed a vulnerability in Apache. This update provides the corresponding update for Ubuntu 16.04 ESM. Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server mod_proxy module incorrectly truncated certain response headers. This may result in later headers not being interpreted by the client.

Ubuntu Security Notice USN-5839-1

Ubuntu Security Notice 5839-1 - It was discovered that the Apache HTTP Server mod_dav module incorrectly handled certain If: request headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. ZeddYu_Lu discovered that the Apache HTTP Server mod_proxy_ajp module incorrectly interpreted certain HTTP Requests. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.

Ubuntu Security Notice USN-5839-1

Ubuntu Security Notice 5839-1 - It was discovered that the Apache HTTP Server mod_dav module incorrectly handled certain If: request headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. ZeddYu_Lu discovered that the Apache HTTP Server mod_proxy_ajp module incorrectly interpreted certain HTTP Requests. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.

Ubuntu Security Notice USN-5839-1

Ubuntu Security Notice 5839-1 - It was discovered that the Apache HTTP Server mod_dav module incorrectly handled certain If: request headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. ZeddYu_Lu discovered that the Apache HTTP Server mod_proxy_ajp module incorrectly interpreted certain HTTP Requests. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.

Ubuntu Security Notice USN-5834-1

Ubuntu Security Notice 5834-1 - It was discovered that the Apache HTTP Server mod_dav module did not properly handle specially crafted request headers. A remote attacker could possibly use this issue to cause the process to crash, leading to a denial of service. It was discovered that the Apache HTTP Server mod_proxy_ajp module did not properly handle certain invalid Transfer-Encoding headers. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.

Ubuntu Security Notice USN-5834-1

Ubuntu Security Notice 5834-1 - It was discovered that the Apache HTTP Server mod_dav module did not properly handle specially crafted request headers. A remote attacker could possibly use this issue to cause the process to crash, leading to a denial of service. It was discovered that the Apache HTTP Server mod_proxy_ajp module did not properly handle certain invalid Transfer-Encoding headers. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.