Headline
RHSA-2023:0852: Red Hat Security Advisory: httpd:2.4 security and bug fix update
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted “If:” request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service.
- CVE-2022-36760: A flaw was found in the mod_proxy_ajp module of httpd. The connection is not closed when there is an invalid Transfer-Encoding header, allowing an attacker to smuggle requests to the AJP server, where it forwards requests.
- CVE-2022-37436: A flaw was found in the mod_proxy module of httpd. A malicious backend can cause the response headers to be truncated because they are not cleaned when an error is found while reading them, resulting in some headers being incorporated into the response body and not being interpreted by a client.
Synopsis
Moderate: httpd:2.4 security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
- httpd: mod_dav: out-of-bounds read/write of zero byte (CVE-2006-20001)
- httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-36760)
- httpd: mod_proxy: HTTP response splitting (CVE-2022-37436)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- httpd-init fails to create localhost.crt, localhost.key due to “sscg” default now creates a /dhparams.pem and is not idempotent if the file /dhparams.pem already exists. (BZ#2165967)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
Fixes
- BZ - 2161773 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting
- BZ - 2161774 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write of zero byte
- BZ - 2161777 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request smuggling
- BZ - 2165967 - httpd-init fails to create localhost.crt, localhost.key due to “sscg” default now creates a /dhparams.pem and is not idempotent if the file /dhparams.pem already exists. [rhel-8.7.0.z]
Red Hat Enterprise Linux for x86_64 8
SRPM
httpd-2.4.37-51.module+el8.7.0+18026+7b169787.1.src.rpm
SHA-256: 15ac547b28aa48655bee0221d835dc90c98eb7bd37483d21e4ee1c22b985c7b9
mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.src.rpm
SHA-256: c51a419188764008ae9cdea00f96257d11319c305db9d49bb44d71d4e0e5ded4
mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.src.rpm
SHA-256: e54d2c1123b7e139e6d8e896309ff1210bc3e70b6d53debd525c825694e60964
x86_64
httpd-filesystem-2.4.37-51.module+el8.7.0+18026+7b169787.1.noarch.rpm
SHA-256: 2bf29e20bd577e4936eec0cad77e6d754eba44c71be096bca31bb364171161ec
httpd-manual-2.4.37-51.module+el8.7.0+18026+7b169787.1.noarch.rpm
SHA-256: 7adb90f5ad0eb97963a3d09e0e9597730d1784a07737df51185de65a31787ab1
httpd-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm
SHA-256: 2db2515763929f57f5d42d7d6a1805653505d2ea1d727b6291bfef613a2c7ae1
httpd-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm
SHA-256: a540d7ff34bd56a354611f08ac8d14e71a6bf666df784ed0a774b683beede887
httpd-debugsource-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm
SHA-256: 56e2fbe033d266582b45140b4825c114069149e51f43da5626b21e22d7bc55ac
httpd-devel-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm
SHA-256: 2a73be61771d128aa3d2519d1cf66b2a1888be9d045efcf9c0243bf82dbcd0fd
httpd-tools-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm
SHA-256: 6fbef5b3b1ce330a8e68594da2815c2f0f4796add19d02d87fe960b74cf604e6
httpd-tools-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm
SHA-256: 0bcfcb62980a4e5e55c5b455f25da129e32f42cb9298ace2b247aa2a0a1f1039
mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.x86_64.rpm
SHA-256: 51ed26547586ad30507d14f49a2309243a7eadf10d74da39870d458a5cdf7c53
mod_http2-debuginfo-1.15.7-5.module+el8.6.0+13996+01710940.x86_64.rpm
SHA-256: 473bc434337add1ad02bea839f27017eb6359e656c2c4848f7968f5126c664f9
mod_http2-debugsource-1.15.7-5.module+el8.6.0+13996+01710940.x86_64.rpm
SHA-256: 64b903c429efac379e884ca04111f18a4744bdc4531a720f4d67183291fc751c
mod_ldap-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm
SHA-256: ae65a4c026e2a28c348151691629410837dcdd7857497c400b2c43d1b558150c
mod_ldap-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm
SHA-256: 87324aad7620b710091ab72c7ef9d3876aff09ae0c820f66a245186e1f9b6049
mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm
SHA-256: f3724d9ba0b48c114b5de211569dee948c12fb3d51651769787ba7c6fbf328e2
mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm
SHA-256: f6b94cade41a730ccd7cbc1d1ee2e2053640dc93e687f1d513317ccc3a5089a9
mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm
SHA-256: 88894d76e297120cfea5b52686fbf0d7e0e3ac6e45feb6e5d8cb9c39a8bed53c
mod_proxy_html-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm
SHA-256: 71690f0224e9c48187175dd6ca41dc60a9dc296b6992449c3c5a93765b413c5d
mod_proxy_html-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm
SHA-256: 871b6adf9ef1c3f19fdf241580b6f3cd872b77e5ca582df14f8e9ffc55c86c6c
mod_session-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm
SHA-256: f5151cde7fe2739df858c8645b8b8320e15e701aa593319b3967f91a532bfb34
mod_session-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm
SHA-256: bf4f221c2a878ac292c2f5489944c402c934120f4c23960f9bedf5a6b1ef91a9
mod_ssl-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm
SHA-256: da1cce63d480f2e3b8fd1c8f353081844719ce5afddbb903b05ada26dec993b1
mod_ssl-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm
SHA-256: 12e81c09e6b418a66131a1858f91c5ced1a07986ebdb24a88e38cd7dddcedeb8
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
httpd-2.4.37-51.module+el8.7.0+18026+7b169787.1.src.rpm
SHA-256: 15ac547b28aa48655bee0221d835dc90c98eb7bd37483d21e4ee1c22b985c7b9
mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.src.rpm
SHA-256: c51a419188764008ae9cdea00f96257d11319c305db9d49bb44d71d4e0e5ded4
mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.src.rpm
SHA-256: e54d2c1123b7e139e6d8e896309ff1210bc3e70b6d53debd525c825694e60964
s390x
httpd-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm
SHA-256: 5098bc3296e5becee85b8189daa27a48d60099d4999721add66bd9e8c4174ba8
httpd-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm
SHA-256: 9ba6db51beeb929a63eb0fb5405008d2c1b0e19ebb5fc5f7189eb48e49ce5014
httpd-debugsource-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm
SHA-256: 4a1465cf1ea16f25956e8f704366a3a85e97dcc5d6055c6937e9ab23ceef3dab
httpd-devel-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm
SHA-256: 40f2089d6b2efcab771bae910e8c166846530df6c9a3af06bd1db3de3f50571b
httpd-filesystem-2.4.37-51.module+el8.7.0+18026+7b169787.1.noarch.rpm
SHA-256: 2bf29e20bd577e4936eec0cad77e6d754eba44c71be096bca31bb364171161ec
httpd-manual-2.4.37-51.module+el8.7.0+18026+7b169787.1.noarch.rpm
SHA-256: 7adb90f5ad0eb97963a3d09e0e9597730d1784a07737df51185de65a31787ab1
httpd-tools-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm
SHA-256: 88244350ab117f7fa9e1e50abb00f54ff1b5cce4dd96da19578c125a97aeca1c
httpd-tools-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm
SHA-256: 6276f612c52683ee8e90c24e91ea074e0c572b6ddd13a2ce91663f67fcbf489a
mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.s390x.rpm
SHA-256: ec04e42141b621c03ac58afb81a1c0384ef284bb0695b5e60191ded254408cee
mod_http2-debuginfo-1.15.7-5.module+el8.6.0+13996+01710940.s390x.rpm
SHA-256: c400c2cbb4227abf1993d450b91c377e190edd54ce002457757ce18b3a6c8932
mod_http2-debugsource-1.15.7-5.module+el8.6.0+13996+01710940.s390x.rpm
SHA-256: 7f55ca9b5fe9c61e5677885e9b3373563858b026f51fca8d160464b84c0ea4f3
mod_ldap-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm
SHA-256: 94162f26295ee9ac4856b7042ccb189159f6175588a1c2b556215c32a801e5d3
mod_ldap-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm
SHA-256: b857c5dc808049e4fad832e44a350a5169e809720f7fee4fb23b9bf6409de9d2
mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm
SHA-256: e6bdec26d5ac3c27f7e1ed5cf7cfff31a5aeac61307aac743adf516672294417
mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm
SHA-256: aec3f53bef91ae21def38a03da165cc8c0de0c8230820131b489c746982a422d
mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm
SHA-256: d6741dabe3ea8db818a220f80af8c088b4fea295e0aa41b666acefc7f8527500
mod_proxy_html-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm
SHA-256: 8dc6331f6819fd68b02a766c71e6c7ffca8405cbd9a3e2f6655a21a1880b4ad5
mod_proxy_html-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm
SHA-256: 923d02458c1b6830e032a7b93bf7f2050ff9b82022d1e6cc3c79a2bfe6660971
mod_session-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm
SHA-256: 07f743cbc8455533f3ff53ad67c5cbbc9732f8e8ac03b667bb8e242201d8c6f1
mod_session-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm
SHA-256: ae39ddbb1bb060ddef3d687fd6100512de13f7b16669e021a723cecbb52b50dd
mod_ssl-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm
SHA-256: 854ba1173339887e706e58d996394a0c6cc7afe885526cd7a8188ae9642cd1e8
mod_ssl-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm
SHA-256: b6d17176fb83aecfef68febfe6a36288d9e8ee5343aacd92affa2586d6f4ec5d
Red Hat Enterprise Linux for Power, little endian 8
SRPM
httpd-2.4.37-51.module+el8.7.0+18026+7b169787.1.src.rpm
SHA-256: 15ac547b28aa48655bee0221d835dc90c98eb7bd37483d21e4ee1c22b985c7b9
mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.src.rpm
SHA-256: c51a419188764008ae9cdea00f96257d11319c305db9d49bb44d71d4e0e5ded4
mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.src.rpm
SHA-256: e54d2c1123b7e139e6d8e896309ff1210bc3e70b6d53debd525c825694e60964
ppc64le
httpd-filesystem-2.4.37-51.module+el8.7.0+18026+7b169787.1.noarch.rpm
SHA-256: 2bf29e20bd577e4936eec0cad77e6d754eba44c71be096bca31bb364171161ec
httpd-manual-2.4.37-51.module+el8.7.0+18026+7b169787.1.noarch.rpm
SHA-256: 7adb90f5ad0eb97963a3d09e0e9597730d1784a07737df51185de65a31787ab1
httpd-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm
SHA-256: 8d0de4123a0cead913f078ba6600e17201d7ca08608d4077013e2a59ee82894c
httpd-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm
SHA-256: 42a4ec13b219a6eb082b8ca2ff000a0260420623afcbbabf16a084c9759f646a
httpd-debugsource-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm
SHA-256: 5298b6ddb10f70e288e425e49a23b422a85d52d81e64c2c03e400947c6d79df7
httpd-devel-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm
SHA-256: de5c755d3cdb0eb8e359bf33a02a365a2287eb6b8042c7137bdb828401593564
httpd-tools-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm
SHA-256: 76308a6b410731f18f45ee9b69e75dd7f65d7229ddfd0b107e27fde0b38d48ec
httpd-tools-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm
SHA-256: 2b3621d06bafb977f2df994d482d660587da65d98af1a7537565ba286f8e4ff3
mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.ppc64le.rpm
SHA-256: 5fa52fe702d697010c2094cce096edb74fffef11cef25f7fbe9f5c600029daeb
mod_http2-debuginfo-1.15.7-5.module+el8.6.0+13996+01710940.ppc64le.rpm
SHA-256: eee1f0040870f53d349d18e0a0383c3ad45e930141ccd00bef80b81119b207d0
mod_http2-debugsource-1.15.7-5.module+el8.6.0+13996+01710940.ppc64le.rpm
SHA-256: fc547e973b526f894ceff04b8245ee3b59e05323ce590155b2a57fcac6f749d1
mod_ldap-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm
SHA-256: 3298e7ec6ba1d4349c451e4b312496d37a1162fac892dc1a8f8c5d21e8c0e715
mod_ldap-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm
SHA-256: 512d467ca59dd5af2c53f6056e3b414d5a5492b6529578d65a1e6c5f0c47f0e0
mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm
SHA-256: 97e5a010aa4425df62b3e5cab8094c32c36242c40ce181a44809477ef3539d62
mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm
SHA-256: 1ba4f52abc03c57ea7d4484c65459b39543e5cfb82c65174bce81e1b8288f8ad
mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm
SHA-256: 38f2fc7066bbce386bcf68652a3c50cb908a67c52652d50d104be0cd881b66c3
mod_proxy_html-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm
SHA-256: b09abdfaaf97920814d76c8ec7747ae368e513d4da72ede138a3fc862af13f56
mod_proxy_html-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm
SHA-256: 74b2f3a1872c7f025feb83c34aa38be6d3419174a936b018a54f4ed9722d01c5
mod_session-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm
SHA-256: d6d1f67647128646be7736d33d1553a0673e1adee5ff4944cc5e025a6452c0af
mod_session-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm
SHA-256: ffad95bf2ebf010ec96fb84cc0606ac8d895aca14943e50e2b9b1882a040713a
mod_ssl-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm
SHA-256: c19c3b70c646c8143bb95cd08a3fa1bb0fe9f98372c514ba276d04b969a94c6b
mod_ssl-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm
SHA-256: 8f488ca0a55f4d805aec89b5e6970fa8fd704d13335b2bd9c4c741116bfe345e
Red Hat Enterprise Linux for ARM 64 8
SRPM
httpd-2.4.37-51.module+el8.7.0+18026+7b169787.1.src.rpm
SHA-256: 15ac547b28aa48655bee0221d835dc90c98eb7bd37483d21e4ee1c22b985c7b9
mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.src.rpm
SHA-256: c51a419188764008ae9cdea00f96257d11319c305db9d49bb44d71d4e0e5ded4
mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.src.rpm
SHA-256: e54d2c1123b7e139e6d8e896309ff1210bc3e70b6d53debd525c825694e60964
aarch64
httpd-filesystem-2.4.37-51.module+el8.7.0+18026+7b169787.1.noarch.rpm
SHA-256: 2bf29e20bd577e4936eec0cad77e6d754eba44c71be096bca31bb364171161ec
httpd-manual-2.4.37-51.module+el8.7.0+18026+7b169787.1.noarch.rpm
SHA-256: 7adb90f5ad0eb97963a3d09e0e9597730d1784a07737df51185de65a31787ab1
httpd-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm
SHA-256: df55c69ba8675a295890970cccb17006d76d8498b6fdbaba8d8e3d1e3da3d784
httpd-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm
SHA-256: 7d6cff2d2ae416a740f87ff29f59a25b166e9e62532a73714399fb421a08a4bb
httpd-debugsource-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm
SHA-256: 9b297f4e8442ac793ab9d76861645b0bb66240ecf36ba22d201fd86b8797851c
httpd-devel-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm
SHA-256: 2e76040f2fd6ff8d65b4cc1bad82cc58d2925381d70b7aebdd36e790672c6cc9
httpd-tools-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm
SHA-256: bf1e3fd7f4947d640226030c35923810f83acdb93e115d19f617c3933c81476b
httpd-tools-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm
SHA-256: bd7586d86b0ff5ef4ef58a07fb27844f2fa5d11a8df198c88de048d67a9c8716
mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.aarch64.rpm
SHA-256: 7c3b773050d02455a3ada8c65f14fc5d1147150b12f618b8e8cb8be14c917e9a
mod_http2-debuginfo-1.15.7-5.module+el8.6.0+13996+01710940.aarch64.rpm
SHA-256: 5f23c1a815cc8db274573923cd49670fdfbde452451ac8aded9ae73e02c4e7fe
mod_http2-debugsource-1.15.7-5.module+el8.6.0+13996+01710940.aarch64.rpm
SHA-256: 054966ecf3600c58a15bfbab48beec90937ae42642f246f6a94b22c1cfe6a96d
mod_ldap-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm
SHA-256: 9697151fe32a3a5e155893de80a57a02071da7b58428d41eeabea2c8fff54d19
mod_ldap-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm
SHA-256: cf9e8740c023e7986347463a2f8d84c8c453c901dbe135dc3c8a6daba5bc7844
mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm
SHA-256: 396ffce00fa11237b343330f48ce215ed3123c8d520f4e53fc29c7cb9d03edfa
mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm
SHA-256: 031e3abd81f2e03b8dab9af402139c6565db2cc61878018a343f20949f1e6da2
mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm
SHA-256: ab5fc429e251fd16d0aab83d4853aabf99624ebeb84a09a8dce7ef977be0633c
mod_proxy_html-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm
SHA-256: 0a2946508df480a748e773333574bdd944366751738e57abfd39ab5d5e68032f
mod_proxy_html-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm
SHA-256: 4853fe4a5cd34c4a3e1b3652772ef537a9cfaaf875c57438f6d562ba6c7ff3e1
mod_session-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm
SHA-256: d39a595682d518336805883d22599a067129b0cb67115027ec960ced36c49209
mod_session-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm
SHA-256: 72b7efc6c95fa8204e725ddfa664b0ad71bb8efedc71b9d4f02371f1166c57b9
mod_ssl-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm
SHA-256: 961a4530c988e782a16278774e0d1b5696461da016a662febb135bbde3406eb5
mod_ssl-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm
SHA-256: 288ca903e2b1f201b3b350f550486e5ebd07c5732ac16a084532a0c3717e9e9b
Related news
Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
Gentoo Linux Security Advisory 202309-1 - Multiple vulnerabilities have been discovered in Apache HTTPD, the worst of which could result in denial of service. Versions greater than or equal to 2.4.56 are affected.
Red Hat Security Advisory 2023-4628-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP response splitting, bypass, integer overflow, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-4629-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section. Issues addressed include HTTP response splitting, bypass, integer overflow, and use-after-free vulnerabilities.
Dell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of insufficient privileges vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to elevation of privilege and affect in compliance mode also.
An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24963: A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer. * CVE-2022-36760: A flaw was found in the mod_proxy_ajp module of httpd. The connection is not closed when there is an invalid Transfer-Encoding header, allowing an attacker to smuggle requests to the AJP server, where it forw...
Red Hat JBoss Core Services Apache HTTP Server 2.4.57 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24963: A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer. * CVE-2022-28331: A flaw was found in Apache Portable Runtime, affecting versions <= 1.7.0. This issue may allow a malicious user to write beyond the end of a stack buffer and cause an integer overflow. This affect...
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.
An update is now available for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 on Red Hat Enterprise Linux versions 7 and 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-4304: A timing-based side channel exists in the Open...
Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-4304: A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficien...
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
Debian Linux Security Advisory 5376-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service.
Red Hat Security Advisory 2023-0970-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include HTTP response splitting and out of bounds read vulnerabilities.
An update for httpd is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-36760: A flaw was found in the mod_proxy_ajp module of httpd. The connection is not closed when there is an invalid Transfer-Encod...
Red Hat Security Advisory 2023-0852-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include HTTP response splitting and out of bounds read vulnerabilities.
Ubuntu Security Notice 5839-2 - USN-5839-1 fixed a vulnerability in Apache. This update provides the corresponding update for Ubuntu 16.04 ESM. Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server mod_proxy module incorrectly truncated certain response headers. This may result in later headers not being interpreted by the client.
Ubuntu Security Notice 5839-1 - It was discovered that the Apache HTTP Server mod_dav module incorrectly handled certain If: request headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. ZeddYu_Lu discovered that the Apache HTTP Server mod_proxy_ajp module incorrectly interpreted certain HTTP Requests. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.
Ubuntu Security Notice 5839-1 - It was discovered that the Apache HTTP Server mod_dav module incorrectly handled certain If: request headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. ZeddYu_Lu discovered that the Apache HTTP Server mod_proxy_ajp module incorrectly interpreted certain HTTP Requests. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.
Ubuntu Security Notice 5839-1 - It was discovered that the Apache HTTP Server mod_dav module incorrectly handled certain If: request headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. ZeddYu_Lu discovered that the Apache HTTP Server mod_proxy_ajp module incorrectly interpreted certain HTTP Requests. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.
Ubuntu Security Notice 5834-1 - It was discovered that the Apache HTTP Server mod_dav module did not properly handle specially crafted request headers. A remote attacker could possibly use this issue to cause the process to crash, leading to a denial of service. It was discovered that the Apache HTTP Server mod_proxy_ajp module did not properly handle certain invalid Transfer-Encoding headers. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.
Ubuntu Security Notice 5834-1 - It was discovered that the Apache HTTP Server mod_dav module did not properly handle specially crafted request headers. A remote attacker could possibly use this issue to cause the process to crash, leading to a denial of service. It was discovered that the Apache HTTP Server mod_proxy_ajp module did not properly handle certain invalid Transfer-Encoding headers. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.