Headline
RHSA-2023:1673: Red Hat Security Advisory: httpd:2.4 security update
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution.
Synopsis
Important: httpd:2.4 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
- httpd: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
Fixes
- BZ - 2176209 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy
Red Hat Enterprise Linux for x86_64 8
SRPM
httpd-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.src.rpm
SHA-256: c620f58f81b61a96de62206a074543cce9c30b998f8ab4965f90fea9cf8f7c19
mod_http2-1.15.7-5.module+el8.7.0+18499+2e106f0b.4.src.rpm
SHA-256: e262b2bb2c4befcd6424e11aabe41a27cf95e21546745d93586fbe33ac3b8d1f
mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.src.rpm
SHA-256: e54d2c1123b7e139e6d8e896309ff1210bc3e70b6d53debd525c825694e60964
x86_64
httpd-filesystem-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.noarch.rpm
SHA-256: 7c6fe978a15fb629e732c0f05569fa97b1e02cc91c0ca75c290d30166a7736fe
httpd-manual-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.noarch.rpm
SHA-256: 83f3a4ffbb15804676ce497072ba7ffa15705af7a26501928d423afbde42b0d1
httpd-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.x86_64.rpm
SHA-256: 67459991882481c2a73a8f55ecb7e4fe76e9475996fda7413f4cc00f657a7133
httpd-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.x86_64.rpm
SHA-256: 79369fc3b8deaaefa4fe0ebc76a269a95910a3b9e13d49050d556113110f3cf5
httpd-debugsource-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.x86_64.rpm
SHA-256: 331f7c0df8974fca39c3adc5eb07fb2c30f57ef8034156867ee7b90dcf80a394
httpd-devel-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.x86_64.rpm
SHA-256: 238f88622731fcea1728ae569ad5c745d16a77be1fe30fa791abb4411d214a34
httpd-tools-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.x86_64.rpm
SHA-256: 20ff2f660b6f94ba3b3f54cad0a8f1da2ec307e4247a546e2740fc2e93bcc57b
httpd-tools-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.x86_64.rpm
SHA-256: cc4134a8207a737c9f67b43715c030a1238bb0525606ad3c1aee1212763b765f
mod_http2-1.15.7-5.module+el8.7.0+18499+2e106f0b.4.x86_64.rpm
SHA-256: ab27cb4403cc495f08d280240eab51ce8c0f15e8476d56bcc27f465c8b6271a3
mod_http2-debuginfo-1.15.7-5.module+el8.7.0+18499+2e106f0b.4.x86_64.rpm
SHA-256: c05b062934a329a7743d71b569aa2ad5faca4b15bff7bb86b3d53c7e7de6ead9
mod_http2-debugsource-1.15.7-5.module+el8.7.0+18499+2e106f0b.4.x86_64.rpm
SHA-256: 5ffc487265d93230f0881a6d0bec052d29302cc4a841349763b6399de9a5a81a
mod_ldap-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.x86_64.rpm
SHA-256: 2381ade2bc1002dac5d32bd8b7ae078b16e5896638afe429269015a02f483d54
mod_ldap-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.x86_64.rpm
SHA-256: 5746ab4094762e2847e7f3428d5f069fe114527be674facde4efaeb89bc74960
mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm
SHA-256: f3724d9ba0b48c114b5de211569dee948c12fb3d51651769787ba7c6fbf328e2
mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm
SHA-256: f6b94cade41a730ccd7cbc1d1ee2e2053640dc93e687f1d513317ccc3a5089a9
mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm
SHA-256: 88894d76e297120cfea5b52686fbf0d7e0e3ac6e45feb6e5d8cb9c39a8bed53c
mod_proxy_html-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.x86_64.rpm
SHA-256: c14ca73a8803d38af712c8e024e858f0b9517ea510dd5915e153d2a59f0c3ca1
mod_proxy_html-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.x86_64.rpm
SHA-256: 5ae7741a4867e3956fe562297d96afff8574236ba8859a7ae0042b6d126def80
mod_session-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.x86_64.rpm
SHA-256: 5c2cec66a5315ad574d7dfcd3d6ca714beda33d7b5166cf15e582963ee5312a9
mod_session-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.x86_64.rpm
SHA-256: 4de669028832def6ebb5e141821b2667f4b11a8bb77734af7893855c87e44677
mod_ssl-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.x86_64.rpm
SHA-256: f7e8f163cec00da4bb3b037f71048d078257a6dce6cf800aa923c7c46da2aaeb
mod_ssl-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.x86_64.rpm
SHA-256: ab0927d7ce980b2885621b17cb1d30edb0bfc956aed08e60eb2bccc2bae52346
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
httpd-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.src.rpm
SHA-256: c620f58f81b61a96de62206a074543cce9c30b998f8ab4965f90fea9cf8f7c19
mod_http2-1.15.7-5.module+el8.7.0+18499+2e106f0b.4.src.rpm
SHA-256: e262b2bb2c4befcd6424e11aabe41a27cf95e21546745d93586fbe33ac3b8d1f
mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.src.rpm
SHA-256: e54d2c1123b7e139e6d8e896309ff1210bc3e70b6d53debd525c825694e60964
s390x
httpd-filesystem-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.noarch.rpm
SHA-256: 7c6fe978a15fb629e732c0f05569fa97b1e02cc91c0ca75c290d30166a7736fe
httpd-manual-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.noarch.rpm
SHA-256: 83f3a4ffbb15804676ce497072ba7ffa15705af7a26501928d423afbde42b0d1
httpd-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.s390x.rpm
SHA-256: 671919bdcf247659ff9bcbb4f27e53c26edb36a839d37c65b2de323e7836f74c
httpd-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.s390x.rpm
SHA-256: b3df2e2c84fa051da750086118a45e2052f27cfdcc7a62bf6bcd6b65a42cc219
httpd-debugsource-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.s390x.rpm
SHA-256: 94be30fc4f2fcb1dddeda1b003230e5338bafd563e61326d282a391b014c1509
httpd-devel-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.s390x.rpm
SHA-256: 93aa36e7375eac4f0914957e29ce4d5a490fcd2e35697f509255c92fed975e05
httpd-tools-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.s390x.rpm
SHA-256: 6a1c1f390788192556577de595f392cef1023820a0d64916acb535e5b947cd40
httpd-tools-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.s390x.rpm
SHA-256: d1ef689262fe23a0d89f171294007357f21ff560716df537ffb2596e3eec162d
mod_http2-1.15.7-5.module+el8.7.0+18499+2e106f0b.4.s390x.rpm
SHA-256: c1e02913dd176288563c2f6d1144ded7b02ac045588261f2e9e40e7c0922ea98
mod_http2-debuginfo-1.15.7-5.module+el8.7.0+18499+2e106f0b.4.s390x.rpm
SHA-256: e6122f2426bad85a26c33b27c63d0614d938b2f97fa692576bdac18135205b0a
mod_http2-debugsource-1.15.7-5.module+el8.7.0+18499+2e106f0b.4.s390x.rpm
SHA-256: c3b29e9045397f6474b73ca3dab21f06e6b5a8218362ced1605450b37ef5652e
mod_ldap-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.s390x.rpm
SHA-256: 7f2e02bf9835f2045316c3b0c8a9f34e16ec1ee08ac995e74d884fb3dade154b
mod_ldap-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.s390x.rpm
SHA-256: ae9c8b45b6303bcf2705a42ebaac0d071aafdb15e66ad7a97719da698ac2d341
mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm
SHA-256: e6bdec26d5ac3c27f7e1ed5cf7cfff31a5aeac61307aac743adf516672294417
mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm
SHA-256: aec3f53bef91ae21def38a03da165cc8c0de0c8230820131b489c746982a422d
mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm
SHA-256: d6741dabe3ea8db818a220f80af8c088b4fea295e0aa41b666acefc7f8527500
mod_proxy_html-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.s390x.rpm
SHA-256: 8197d778233c9dd2295545c9ec5c0208f42a2d24dcb95592cb05e4d1327f130f
mod_proxy_html-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.s390x.rpm
SHA-256: 341d4240f155796d23ee89f61a4f0fbdb1177eb8513ba1807351af439afe129f
mod_session-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.s390x.rpm
SHA-256: 04ecf8746dd1b007deb06a5714a3cd27ebc21278b56a4097f7ae2b3e2dce187f
mod_session-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.s390x.rpm
SHA-256: 7d7b795d5fad0b93c77c8a529415a16d9cbfb61258a4e73f370c4652d2b912d5
mod_ssl-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.s390x.rpm
SHA-256: 94abd483d4cb7c947a1daa9e10f68f60d745797c436a1dde2859e98db83d8136
mod_ssl-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.s390x.rpm
SHA-256: d3b85c7b2a803ed39ca3757641d078bf1e251564f092aa89f8a1d971e65b71af
Red Hat Enterprise Linux for Power, little endian 8
SRPM
httpd-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.src.rpm
SHA-256: c620f58f81b61a96de62206a074543cce9c30b998f8ab4965f90fea9cf8f7c19
mod_http2-1.15.7-5.module+el8.7.0+18499+2e106f0b.4.src.rpm
SHA-256: e262b2bb2c4befcd6424e11aabe41a27cf95e21546745d93586fbe33ac3b8d1f
mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.src.rpm
SHA-256: e54d2c1123b7e139e6d8e896309ff1210bc3e70b6d53debd525c825694e60964
ppc64le
httpd-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.ppc64le.rpm
SHA-256: 14fd1c25b538ce091b92ab140b66af144b1c859fba111a8af47382b243791887
httpd-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.ppc64le.rpm
SHA-256: a99d0024bb8f6c517ee4cb947928a86c57cea57174423a6eb925e9dd711c677f
httpd-debugsource-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.ppc64le.rpm
SHA-256: 87007cb64f0a4c9cdcfa37523370824d40851c3375643bf469937c0ad5c446c5
httpd-devel-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.ppc64le.rpm
SHA-256: 5ab5264474ea7e37efc99288de4a01200073c0204e74725ba763dfae6ac963a8
httpd-filesystem-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.noarch.rpm
SHA-256: 7c6fe978a15fb629e732c0f05569fa97b1e02cc91c0ca75c290d30166a7736fe
httpd-manual-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.noarch.rpm
SHA-256: 83f3a4ffbb15804676ce497072ba7ffa15705af7a26501928d423afbde42b0d1
httpd-tools-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.ppc64le.rpm
SHA-256: 8bf62afcc0aa063c1adc091aa87865929997bc3c56d74225fae1ce8f5afeed29
httpd-tools-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.ppc64le.rpm
SHA-256: b57719350d3139e1531031419f813027c96e15243d1abbb15535bf4de64c7923
mod_http2-1.15.7-5.module+el8.7.0+18499+2e106f0b.4.ppc64le.rpm
SHA-256: 623a5807894f13d4ac613c4f1402ea278be228d73dcb7172617917bec6b25da4
mod_http2-debuginfo-1.15.7-5.module+el8.7.0+18499+2e106f0b.4.ppc64le.rpm
SHA-256: f47e5c47d13d4715a1f634ff71ac332ba177c1013e47f5f9c4af852c48995c3f
mod_http2-debugsource-1.15.7-5.module+el8.7.0+18499+2e106f0b.4.ppc64le.rpm
SHA-256: e7e2ba352a4558182072ce2ae53df15951f7bd9cd3012423b1e6c76795017600
mod_ldap-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.ppc64le.rpm
SHA-256: f63e38150bcb7944dd846f1f1f17a32c0aa1a7d1194bc3914a152d182eebde98
mod_ldap-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.ppc64le.rpm
SHA-256: 11f8015e9038f19d012d3a0368786877e44bef372a9284de2109f40f82cf3278
mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm
SHA-256: 97e5a010aa4425df62b3e5cab8094c32c36242c40ce181a44809477ef3539d62
mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm
SHA-256: 1ba4f52abc03c57ea7d4484c65459b39543e5cfb82c65174bce81e1b8288f8ad
mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm
SHA-256: 38f2fc7066bbce386bcf68652a3c50cb908a67c52652d50d104be0cd881b66c3
mod_proxy_html-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.ppc64le.rpm
SHA-256: bdef6bea1aafc91ce6321c5bec9736be67a59dbbaf90a1817dd52078b0141711
mod_proxy_html-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.ppc64le.rpm
SHA-256: 90b53d49f9e4e8d9a591748e57ad19d358b40f708bac339b11be3c67218015dc
mod_session-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.ppc64le.rpm
SHA-256: e368d73a06409405bd720ece9dc0c9ad61f668302c0fde051e162ea8c794a83d
mod_session-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.ppc64le.rpm
SHA-256: 1998653dc2ddc229e83eba3ca4555447d2b8f14b3191214bd13f74d93b084495
mod_ssl-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.ppc64le.rpm
SHA-256: ff7b1f02f8bccb628073a30bc00249217d4bfa46730313e60626dd58cfcea527
mod_ssl-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.ppc64le.rpm
SHA-256: dee397e5869db6c20c7974c262551f149677fad07c6de7137ec8ae7077c08a26
Red Hat Enterprise Linux for ARM 64 8
SRPM
httpd-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.src.rpm
SHA-256: c620f58f81b61a96de62206a074543cce9c30b998f8ab4965f90fea9cf8f7c19
mod_http2-1.15.7-5.module+el8.7.0+18499+2e106f0b.4.src.rpm
SHA-256: e262b2bb2c4befcd6424e11aabe41a27cf95e21546745d93586fbe33ac3b8d1f
mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.src.rpm
SHA-256: e54d2c1123b7e139e6d8e896309ff1210bc3e70b6d53debd525c825694e60964
aarch64
httpd-filesystem-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.noarch.rpm
SHA-256: 7c6fe978a15fb629e732c0f05569fa97b1e02cc91c0ca75c290d30166a7736fe
httpd-manual-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.noarch.rpm
SHA-256: 83f3a4ffbb15804676ce497072ba7ffa15705af7a26501928d423afbde42b0d1
httpd-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.aarch64.rpm
SHA-256: d172d3e65eeaffb3ef8c1996e14fda16d77a1ca16957363ce7c75cb1d55c0725
httpd-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.aarch64.rpm
SHA-256: afad7be964af1eb099061420dbdefe264bca442e853e71f419e47023cc7cc00f
httpd-debugsource-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.aarch64.rpm
SHA-256: 4dbb2f8b319a7d297044840d001b61c781b1acfc6572ce5bdcd26c65c09dc9f3
httpd-devel-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.aarch64.rpm
SHA-256: 17ebd83f4faa4d0c1e007368440138a0f3fabe713d15eec92b6b85650d2ed2c8
httpd-tools-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.aarch64.rpm
SHA-256: 07756514d879613ee0716e12979aa5460504e1a969d9bf9c866f01315d88b93f
httpd-tools-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.aarch64.rpm
SHA-256: ee77f4a55391faa216bc899751dd2efb92d7b1d1d2100808c2df8376ae995e11
mod_http2-1.15.7-5.module+el8.7.0+18499+2e106f0b.4.aarch64.rpm
SHA-256: 2d849f0dc1a3e4fc990599f9fa562af5ba2dc2b93b6151be38929e12f7e304c5
mod_http2-debuginfo-1.15.7-5.module+el8.7.0+18499+2e106f0b.4.aarch64.rpm
SHA-256: f40f9f57acdf90f6f73a73923f6b04d340db74006bd951138adc1a26b2735200
mod_http2-debugsource-1.15.7-5.module+el8.7.0+18499+2e106f0b.4.aarch64.rpm
SHA-256: 96eadf531fab0df68738e1e0961ea52a1746126a470d86159e10bc06b11a53f4
mod_ldap-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.aarch64.rpm
SHA-256: 28a07bd2561e7a4835faeb237c20df20e939aa970bbfe2f4c70985d930359858
mod_ldap-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.aarch64.rpm
SHA-256: f89593708966cb7956702bb7503696eccb39b7a6bbfee216a5e80fdc7ad165bc
mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm
SHA-256: 396ffce00fa11237b343330f48ce215ed3123c8d520f4e53fc29c7cb9d03edfa
mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm
SHA-256: 031e3abd81f2e03b8dab9af402139c6565db2cc61878018a343f20949f1e6da2
mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm
SHA-256: ab5fc429e251fd16d0aab83d4853aabf99624ebeb84a09a8dce7ef977be0633c
mod_proxy_html-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.aarch64.rpm
SHA-256: e2942c5079b3332edd3e72a2e3b3d2ff11cc8c729973cc80b1c6bdfa14adcea3
mod_proxy_html-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.aarch64.rpm
SHA-256: 07a8e42c2bd0fd296dfd9bb7ce88d3ce3a9912c51b6ed44e483d940f9dd53e99
mod_session-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.aarch64.rpm
SHA-256: ee497fdc814ce313c9a1f64f8d7089d3653fac77fc4e506db6a93de1fd765b80
mod_session-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.aarch64.rpm
SHA-256: 7c5833566dc0f27dbc2cf633e7a456f31dfa65a3ebbe3aec882c2dbf19440008
mod_ssl-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.aarch64.rpm
SHA-256: dc4277726cc4b77b894592eb7ef1a7231770a147a84e49a5770996151e5c83c6
mod_ssl-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.aarch64.rpm
SHA-256: 7ffe2794896bc762b7ed9df2269ba4c94d39fc927265cc5afad765698dc3362d
Related news
Gentoo Linux Security Advisory 202309-1 - Multiple vulnerabilities have been discovered in Apache HTTPD, the worst of which could result in denial of service. Versions greater than or equal to 2.4.56 are affected.
An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component.
Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-4304: A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficien...
Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.
Red Hat Security Advisory 2023-3292-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Red Hat Security Advisory 2023-1916-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
Red Hat Security Advisory 2023-1670-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
An update for httpd and mod_http2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-su...
Red Hat Security Advisory 2023-1597-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Red Hat Security Advisory 2023-1547-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches ...
An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request...
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches ...
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific patter...
Ubuntu Security Notice 5942-2 - USN-5942-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding update for CVE-2023-25690 for Ubuntu 16.04 ESM. Lars Krapf discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain configurations. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.
Debian Linux Security Advisory 5376-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service.
Ubuntu Security Notice 5942-1 - Lars Krapf discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain configurations. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server mod_proxy_uwsgi module incorrectly handled certain special characters. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.