Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:1673: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution.
Red Hat Security Data
#vulnerability#web#linux#red_hat#apache#ldap#ibm#ssl

Synopsis

Important: httpd:2.4 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

  • httpd: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon will be restarted automatically.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

  • BZ - 2176209 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy

Red Hat Enterprise Linux for x86_64 8

SRPM

httpd-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.src.rpm

SHA-256: c620f58f81b61a96de62206a074543cce9c30b998f8ab4965f90fea9cf8f7c19

mod_http2-1.15.7-5.module+el8.7.0+18499+2e106f0b.4.src.rpm

SHA-256: e262b2bb2c4befcd6424e11aabe41a27cf95e21546745d93586fbe33ac3b8d1f

mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.src.rpm

SHA-256: e54d2c1123b7e139e6d8e896309ff1210bc3e70b6d53debd525c825694e60964

x86_64

httpd-filesystem-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.noarch.rpm

SHA-256: 7c6fe978a15fb629e732c0f05569fa97b1e02cc91c0ca75c290d30166a7736fe

httpd-manual-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.noarch.rpm

SHA-256: 83f3a4ffbb15804676ce497072ba7ffa15705af7a26501928d423afbde42b0d1

httpd-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.x86_64.rpm

SHA-256: 67459991882481c2a73a8f55ecb7e4fe76e9475996fda7413f4cc00f657a7133

httpd-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.x86_64.rpm

SHA-256: 79369fc3b8deaaefa4fe0ebc76a269a95910a3b9e13d49050d556113110f3cf5

httpd-debugsource-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.x86_64.rpm

SHA-256: 331f7c0df8974fca39c3adc5eb07fb2c30f57ef8034156867ee7b90dcf80a394

httpd-devel-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.x86_64.rpm

SHA-256: 238f88622731fcea1728ae569ad5c745d16a77be1fe30fa791abb4411d214a34

httpd-tools-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.x86_64.rpm

SHA-256: 20ff2f660b6f94ba3b3f54cad0a8f1da2ec307e4247a546e2740fc2e93bcc57b

httpd-tools-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.x86_64.rpm

SHA-256: cc4134a8207a737c9f67b43715c030a1238bb0525606ad3c1aee1212763b765f

mod_http2-1.15.7-5.module+el8.7.0+18499+2e106f0b.4.x86_64.rpm

SHA-256: ab27cb4403cc495f08d280240eab51ce8c0f15e8476d56bcc27f465c8b6271a3

mod_http2-debuginfo-1.15.7-5.module+el8.7.0+18499+2e106f0b.4.x86_64.rpm

SHA-256: c05b062934a329a7743d71b569aa2ad5faca4b15bff7bb86b3d53c7e7de6ead9

mod_http2-debugsource-1.15.7-5.module+el8.7.0+18499+2e106f0b.4.x86_64.rpm

SHA-256: 5ffc487265d93230f0881a6d0bec052d29302cc4a841349763b6399de9a5a81a

mod_ldap-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.x86_64.rpm

SHA-256: 2381ade2bc1002dac5d32bd8b7ae078b16e5896638afe429269015a02f483d54

mod_ldap-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.x86_64.rpm

SHA-256: 5746ab4094762e2847e7f3428d5f069fe114527be674facde4efaeb89bc74960

mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm

SHA-256: f3724d9ba0b48c114b5de211569dee948c12fb3d51651769787ba7c6fbf328e2

mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm

SHA-256: f6b94cade41a730ccd7cbc1d1ee2e2053640dc93e687f1d513317ccc3a5089a9

mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm

SHA-256: 88894d76e297120cfea5b52686fbf0d7e0e3ac6e45feb6e5d8cb9c39a8bed53c

mod_proxy_html-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.x86_64.rpm

SHA-256: c14ca73a8803d38af712c8e024e858f0b9517ea510dd5915e153d2a59f0c3ca1

mod_proxy_html-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.x86_64.rpm

SHA-256: 5ae7741a4867e3956fe562297d96afff8574236ba8859a7ae0042b6d126def80

mod_session-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.x86_64.rpm

SHA-256: 5c2cec66a5315ad574d7dfcd3d6ca714beda33d7b5166cf15e582963ee5312a9

mod_session-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.x86_64.rpm

SHA-256: 4de669028832def6ebb5e141821b2667f4b11a8bb77734af7893855c87e44677

mod_ssl-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.x86_64.rpm

SHA-256: f7e8f163cec00da4bb3b037f71048d078257a6dce6cf800aa923c7c46da2aaeb

mod_ssl-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.x86_64.rpm

SHA-256: ab0927d7ce980b2885621b17cb1d30edb0bfc956aed08e60eb2bccc2bae52346

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

httpd-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.src.rpm

SHA-256: c620f58f81b61a96de62206a074543cce9c30b998f8ab4965f90fea9cf8f7c19

mod_http2-1.15.7-5.module+el8.7.0+18499+2e106f0b.4.src.rpm

SHA-256: e262b2bb2c4befcd6424e11aabe41a27cf95e21546745d93586fbe33ac3b8d1f

mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.src.rpm

SHA-256: e54d2c1123b7e139e6d8e896309ff1210bc3e70b6d53debd525c825694e60964

s390x

httpd-filesystem-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.noarch.rpm

SHA-256: 7c6fe978a15fb629e732c0f05569fa97b1e02cc91c0ca75c290d30166a7736fe

httpd-manual-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.noarch.rpm

SHA-256: 83f3a4ffbb15804676ce497072ba7ffa15705af7a26501928d423afbde42b0d1

httpd-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.s390x.rpm

SHA-256: 671919bdcf247659ff9bcbb4f27e53c26edb36a839d37c65b2de323e7836f74c

httpd-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.s390x.rpm

SHA-256: b3df2e2c84fa051da750086118a45e2052f27cfdcc7a62bf6bcd6b65a42cc219

httpd-debugsource-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.s390x.rpm

SHA-256: 94be30fc4f2fcb1dddeda1b003230e5338bafd563e61326d282a391b014c1509

httpd-devel-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.s390x.rpm

SHA-256: 93aa36e7375eac4f0914957e29ce4d5a490fcd2e35697f509255c92fed975e05

httpd-tools-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.s390x.rpm

SHA-256: 6a1c1f390788192556577de595f392cef1023820a0d64916acb535e5b947cd40

httpd-tools-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.s390x.rpm

SHA-256: d1ef689262fe23a0d89f171294007357f21ff560716df537ffb2596e3eec162d

mod_http2-1.15.7-5.module+el8.7.0+18499+2e106f0b.4.s390x.rpm

SHA-256: c1e02913dd176288563c2f6d1144ded7b02ac045588261f2e9e40e7c0922ea98

mod_http2-debuginfo-1.15.7-5.module+el8.7.0+18499+2e106f0b.4.s390x.rpm

SHA-256: e6122f2426bad85a26c33b27c63d0614d938b2f97fa692576bdac18135205b0a

mod_http2-debugsource-1.15.7-5.module+el8.7.0+18499+2e106f0b.4.s390x.rpm

SHA-256: c3b29e9045397f6474b73ca3dab21f06e6b5a8218362ced1605450b37ef5652e

mod_ldap-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.s390x.rpm

SHA-256: 7f2e02bf9835f2045316c3b0c8a9f34e16ec1ee08ac995e74d884fb3dade154b

mod_ldap-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.s390x.rpm

SHA-256: ae9c8b45b6303bcf2705a42ebaac0d071aafdb15e66ad7a97719da698ac2d341

mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm

SHA-256: e6bdec26d5ac3c27f7e1ed5cf7cfff31a5aeac61307aac743adf516672294417

mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm

SHA-256: aec3f53bef91ae21def38a03da165cc8c0de0c8230820131b489c746982a422d

mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm

SHA-256: d6741dabe3ea8db818a220f80af8c088b4fea295e0aa41b666acefc7f8527500

mod_proxy_html-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.s390x.rpm

SHA-256: 8197d778233c9dd2295545c9ec5c0208f42a2d24dcb95592cb05e4d1327f130f

mod_proxy_html-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.s390x.rpm

SHA-256: 341d4240f155796d23ee89f61a4f0fbdb1177eb8513ba1807351af439afe129f

mod_session-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.s390x.rpm

SHA-256: 04ecf8746dd1b007deb06a5714a3cd27ebc21278b56a4097f7ae2b3e2dce187f

mod_session-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.s390x.rpm

SHA-256: 7d7b795d5fad0b93c77c8a529415a16d9cbfb61258a4e73f370c4652d2b912d5

mod_ssl-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.s390x.rpm

SHA-256: 94abd483d4cb7c947a1daa9e10f68f60d745797c436a1dde2859e98db83d8136

mod_ssl-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.s390x.rpm

SHA-256: d3b85c7b2a803ed39ca3757641d078bf1e251564f092aa89f8a1d971e65b71af

Red Hat Enterprise Linux for Power, little endian 8

SRPM

httpd-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.src.rpm

SHA-256: c620f58f81b61a96de62206a074543cce9c30b998f8ab4965f90fea9cf8f7c19

mod_http2-1.15.7-5.module+el8.7.0+18499+2e106f0b.4.src.rpm

SHA-256: e262b2bb2c4befcd6424e11aabe41a27cf95e21546745d93586fbe33ac3b8d1f

mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.src.rpm

SHA-256: e54d2c1123b7e139e6d8e896309ff1210bc3e70b6d53debd525c825694e60964

ppc64le

httpd-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.ppc64le.rpm

SHA-256: 14fd1c25b538ce091b92ab140b66af144b1c859fba111a8af47382b243791887

httpd-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.ppc64le.rpm

SHA-256: a99d0024bb8f6c517ee4cb947928a86c57cea57174423a6eb925e9dd711c677f

httpd-debugsource-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.ppc64le.rpm

SHA-256: 87007cb64f0a4c9cdcfa37523370824d40851c3375643bf469937c0ad5c446c5

httpd-devel-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.ppc64le.rpm

SHA-256: 5ab5264474ea7e37efc99288de4a01200073c0204e74725ba763dfae6ac963a8

httpd-filesystem-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.noarch.rpm

SHA-256: 7c6fe978a15fb629e732c0f05569fa97b1e02cc91c0ca75c290d30166a7736fe

httpd-manual-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.noarch.rpm

SHA-256: 83f3a4ffbb15804676ce497072ba7ffa15705af7a26501928d423afbde42b0d1

httpd-tools-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.ppc64le.rpm

SHA-256: 8bf62afcc0aa063c1adc091aa87865929997bc3c56d74225fae1ce8f5afeed29

httpd-tools-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.ppc64le.rpm

SHA-256: b57719350d3139e1531031419f813027c96e15243d1abbb15535bf4de64c7923

mod_http2-1.15.7-5.module+el8.7.0+18499+2e106f0b.4.ppc64le.rpm

SHA-256: 623a5807894f13d4ac613c4f1402ea278be228d73dcb7172617917bec6b25da4

mod_http2-debuginfo-1.15.7-5.module+el8.7.0+18499+2e106f0b.4.ppc64le.rpm

SHA-256: f47e5c47d13d4715a1f634ff71ac332ba177c1013e47f5f9c4af852c48995c3f

mod_http2-debugsource-1.15.7-5.module+el8.7.0+18499+2e106f0b.4.ppc64le.rpm

SHA-256: e7e2ba352a4558182072ce2ae53df15951f7bd9cd3012423b1e6c76795017600

mod_ldap-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.ppc64le.rpm

SHA-256: f63e38150bcb7944dd846f1f1f17a32c0aa1a7d1194bc3914a152d182eebde98

mod_ldap-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.ppc64le.rpm

SHA-256: 11f8015e9038f19d012d3a0368786877e44bef372a9284de2109f40f82cf3278

mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm

SHA-256: 97e5a010aa4425df62b3e5cab8094c32c36242c40ce181a44809477ef3539d62

mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm

SHA-256: 1ba4f52abc03c57ea7d4484c65459b39543e5cfb82c65174bce81e1b8288f8ad

mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm

SHA-256: 38f2fc7066bbce386bcf68652a3c50cb908a67c52652d50d104be0cd881b66c3

mod_proxy_html-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.ppc64le.rpm

SHA-256: bdef6bea1aafc91ce6321c5bec9736be67a59dbbaf90a1817dd52078b0141711

mod_proxy_html-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.ppc64le.rpm

SHA-256: 90b53d49f9e4e8d9a591748e57ad19d358b40f708bac339b11be3c67218015dc

mod_session-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.ppc64le.rpm

SHA-256: e368d73a06409405bd720ece9dc0c9ad61f668302c0fde051e162ea8c794a83d

mod_session-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.ppc64le.rpm

SHA-256: 1998653dc2ddc229e83eba3ca4555447d2b8f14b3191214bd13f74d93b084495

mod_ssl-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.ppc64le.rpm

SHA-256: ff7b1f02f8bccb628073a30bc00249217d4bfa46730313e60626dd58cfcea527

mod_ssl-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.ppc64le.rpm

SHA-256: dee397e5869db6c20c7974c262551f149677fad07c6de7137ec8ae7077c08a26

Red Hat Enterprise Linux for ARM 64 8

SRPM

httpd-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.src.rpm

SHA-256: c620f58f81b61a96de62206a074543cce9c30b998f8ab4965f90fea9cf8f7c19

mod_http2-1.15.7-5.module+el8.7.0+18499+2e106f0b.4.src.rpm

SHA-256: e262b2bb2c4befcd6424e11aabe41a27cf95e21546745d93586fbe33ac3b8d1f

mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.src.rpm

SHA-256: e54d2c1123b7e139e6d8e896309ff1210bc3e70b6d53debd525c825694e60964

aarch64

httpd-filesystem-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.noarch.rpm

SHA-256: 7c6fe978a15fb629e732c0f05569fa97b1e02cc91c0ca75c290d30166a7736fe

httpd-manual-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.noarch.rpm

SHA-256: 83f3a4ffbb15804676ce497072ba7ffa15705af7a26501928d423afbde42b0d1

httpd-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.aarch64.rpm

SHA-256: d172d3e65eeaffb3ef8c1996e14fda16d77a1ca16957363ce7c75cb1d55c0725

httpd-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.aarch64.rpm

SHA-256: afad7be964af1eb099061420dbdefe264bca442e853e71f419e47023cc7cc00f

httpd-debugsource-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.aarch64.rpm

SHA-256: 4dbb2f8b319a7d297044840d001b61c781b1acfc6572ce5bdcd26c65c09dc9f3

httpd-devel-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.aarch64.rpm

SHA-256: 17ebd83f4faa4d0c1e007368440138a0f3fabe713d15eec92b6b85650d2ed2c8

httpd-tools-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.aarch64.rpm

SHA-256: 07756514d879613ee0716e12979aa5460504e1a969d9bf9c866f01315d88b93f

httpd-tools-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.aarch64.rpm

SHA-256: ee77f4a55391faa216bc899751dd2efb92d7b1d1d2100808c2df8376ae995e11

mod_http2-1.15.7-5.module+el8.7.0+18499+2e106f0b.4.aarch64.rpm

SHA-256: 2d849f0dc1a3e4fc990599f9fa562af5ba2dc2b93b6151be38929e12f7e304c5

mod_http2-debuginfo-1.15.7-5.module+el8.7.0+18499+2e106f0b.4.aarch64.rpm

SHA-256: f40f9f57acdf90f6f73a73923f6b04d340db74006bd951138adc1a26b2735200

mod_http2-debugsource-1.15.7-5.module+el8.7.0+18499+2e106f0b.4.aarch64.rpm

SHA-256: 96eadf531fab0df68738e1e0961ea52a1746126a470d86159e10bc06b11a53f4

mod_ldap-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.aarch64.rpm

SHA-256: 28a07bd2561e7a4835faeb237c20df20e939aa970bbfe2f4c70985d930359858

mod_ldap-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.aarch64.rpm

SHA-256: f89593708966cb7956702bb7503696eccb39b7a6bbfee216a5e80fdc7ad165bc

mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm

SHA-256: 396ffce00fa11237b343330f48ce215ed3123c8d520f4e53fc29c7cb9d03edfa

mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm

SHA-256: 031e3abd81f2e03b8dab9af402139c6565db2cc61878018a343f20949f1e6da2

mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm

SHA-256: ab5fc429e251fd16d0aab83d4853aabf99624ebeb84a09a8dce7ef977be0633c

mod_proxy_html-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.aarch64.rpm

SHA-256: e2942c5079b3332edd3e72a2e3b3d2ff11cc8c729973cc80b1c6bdfa14adcea3

mod_proxy_html-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.aarch64.rpm

SHA-256: 07a8e42c2bd0fd296dfd9bb7ce88d3ce3a9912c51b6ed44e483d940f9dd53e99

mod_session-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.aarch64.rpm

SHA-256: ee497fdc814ce313c9a1f64f8d7089d3653fac77fc4e506db6a93de1fd765b80

mod_session-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.aarch64.rpm

SHA-256: 7c5833566dc0f27dbc2cf633e7a456f31dfa65a3ebbe3aec882c2dbf19440008

mod_ssl-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.aarch64.rpm

SHA-256: dc4277726cc4b77b894592eb7ef1a7231770a147a84e49a5770996151e5c83c6

mod_ssl-debuginfo-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.aarch64.rpm

SHA-256: 7ffe2794896bc762b7ed9df2269ba4c94d39fc927265cc5afad765698dc3362d

Related news

Gentoo Linux Security Advisory 202309-01

Gentoo Linux Security Advisory 202309-1 - Multiple vulnerabilities have been discovered in Apache HTTPD, the worst of which could result in denial of service. Versions greater than or equal to 2.4.56 are affected.

RHSA-2023:3355: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 security update

Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-4304: A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficien...

CVE-2023-28043: DSA-2023-164: Dell Secure Connect Gateway Security Update for Multiple Vulnerabilities

Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.

Red Hat Security Advisory 2023-3292-01

Red Hat Security Advisory 2023-3292-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Red Hat Security Advisory 2023-1916-01

Red Hat Security Advisory 2023-1916-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

CVE-2023-21954: Oracle Critical Patch Update Advisory - April 2023

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

Red Hat Security Advisory 2023-1670-01

Red Hat Security Advisory 2023-1670-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

RHSA-2023:1670: Red Hat Security Advisory: httpd and mod_http2 security update

An update for httpd and mod_http2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-su...

Red Hat Security Advisory 2023-1597-01

Red Hat Security Advisory 2023-1597-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Red Hat Security Advisory 2023-1547-01

Red Hat Security Advisory 2023-1547-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

RHSA-2023:1597: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches ...

RHSA-2023:1593: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request...

RHSA-2023:1596: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches ...

RHSA-2023:1547: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific patter...

Ubuntu Security Notice USN-5942-2

Ubuntu Security Notice 5942-2 - USN-5942-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding update for CVE-2023-25690 for Ubuntu 16.04 ESM. Lars Krapf discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain configurations. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.

Debian Security Advisory 5376-1

Debian Linux Security Advisory 5376-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service.

Ubuntu Security Notice USN-5942-1

Ubuntu Security Notice 5942-1 - Lars Krapf discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain configurations. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server mod_proxy_uwsgi module incorrectly handled certain special characters. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.