Headline
RHSA-2023:1670: Red Hat Security Advisory: httpd and mod_http2 security update
An update for httpd and mod_http2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution.
Synopsis
Important: httpd and mod_http2 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for httpd and mod_http2 is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
- httpd: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
Fixes
- BZ - 2176209 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy
Red Hat Enterprise Linux for x86_64 9
SRPM
httpd-2.4.53-7.el9_1.5.src.rpm
SHA-256: 3ae0e40cd120ef6d720a8abee46546f5fa5f8ae3190383a0ce2ee4835020c333
mod_http2-1.15.19-3.el9_1.5.src.rpm
SHA-256: 21f7caea63f0e2661f492cb9d94e3b20c5bf878ca300fbb8823c3340b9fa0e65
x86_64
httpd-2.4.53-7.el9_1.5.x86_64.rpm
SHA-256: e1f3a63409bdf4ca2c7ee1a80a76a28cc5e1b4cdaafb4b3083f7e89ea4346d9f
httpd-core-2.4.53-7.el9_1.5.x86_64.rpm
SHA-256: 89a143efeebef4f76f0df6abe4d7ee58d3ae49d195e47846fb9e74dd15ad1680
httpd-core-debuginfo-2.4.53-7.el9_1.5.x86_64.rpm
SHA-256: 459a988da37f99a6893813baa54a783fab327a05ef5d4c4239f9a6192538a2c2
httpd-debuginfo-2.4.53-7.el9_1.5.x86_64.rpm
SHA-256: 3c92f2e7e8b7da52c98c6fd6df8d838b252424d3395995d603d17a96fc5ffac7
httpd-debugsource-2.4.53-7.el9_1.5.x86_64.rpm
SHA-256: 1f50e102c64048ea4c04ab97778d4304d72b26665d5c5581acc6318324fa339d
httpd-devel-2.4.53-7.el9_1.5.x86_64.rpm
SHA-256: 569e3bf12937b99f8cc1252eedbb0de6f090f7b9932b532724b4a6d09c01aef2
httpd-filesystem-2.4.53-7.el9_1.5.noarch.rpm
SHA-256: b669d22968086f0b58a25d1b02c704d461c63711fc149e8e9ead18c3aafc842c
httpd-manual-2.4.53-7.el9_1.5.noarch.rpm
SHA-256: 5c67194659ccbb55a8e756b4510f694a8f096461d5d8b2bd12e5eead37ddb6ec
httpd-tools-2.4.53-7.el9_1.5.x86_64.rpm
SHA-256: 926d69f622b5d6f6e890115f9756e3518015045966f50ad02f172556e147d10d
httpd-tools-debuginfo-2.4.53-7.el9_1.5.x86_64.rpm
SHA-256: 539d2c7d7938baaef5e66a166b15ae17800066d9ef9af8dc428f95682d9c4e3d
mod_http2-1.15.19-3.el9_1.5.x86_64.rpm
SHA-256: 89e17976c4e9e6ee432685511fbcd1dcefdfd6f9c301ca17d6d88c35301bcc5e
mod_http2-debuginfo-1.15.19-3.el9_1.5.x86_64.rpm
SHA-256: 02cdb04d38f68acf265087577980f1b9aaf2321cdd4581b72a2d363e43341e0b
mod_http2-debugsource-1.15.19-3.el9_1.5.x86_64.rpm
SHA-256: f9fb3901e7f3743f02cedaddb9f93835878c9e170b43c7c2001e0fb9c1d3d8fd
mod_ldap-2.4.53-7.el9_1.5.x86_64.rpm
SHA-256: 420ec97d25fe06a1dbc6cdbe8746c1217acb005ea3d86586307eecc2b47b7b26
mod_ldap-debuginfo-2.4.53-7.el9_1.5.x86_64.rpm
SHA-256: 48fc707aee58caf5e31e185523e702e2736365b2594235766add325d3ae83826
mod_lua-2.4.53-7.el9_1.5.x86_64.rpm
SHA-256: 656dd02cd6ff510bbd051ba10d8dc8de52846fedd4f2f4bef42881b94d730f93
mod_lua-debuginfo-2.4.53-7.el9_1.5.x86_64.rpm
SHA-256: 679c18e564b74a3fc55dc6fe187c23d7bb76a175a1e6bcc6f437dec5f0b1d961
mod_proxy_html-2.4.53-7.el9_1.5.x86_64.rpm
SHA-256: 22ab7548ed763e0fbc0fc2474c88767e500017308193a3b0bf06b68eddb4bf11
mod_proxy_html-debuginfo-2.4.53-7.el9_1.5.x86_64.rpm
SHA-256: c5a473a02f62d8c0befbf5da5b3364fabf51d7a873569874c1b422d07918f31e
mod_session-2.4.53-7.el9_1.5.x86_64.rpm
SHA-256: 687d2323217ba39010ba275f335c4670950ca10b6c670854c79d0852716c6b0c
mod_session-debuginfo-2.4.53-7.el9_1.5.x86_64.rpm
SHA-256: 2f33fe302f4177999158354d46a9065b8a3cc79465f355fb454288b29b5416a5
mod_ssl-2.4.53-7.el9_1.5.x86_64.rpm
SHA-256: fc68d05e01b7e155030b409efe962e6f50cf6344f312cf9f4083df3ce139c3eb
mod_ssl-debuginfo-2.4.53-7.el9_1.5.x86_64.rpm
SHA-256: c6f6508b698ca44f178c4ae7153c190ca32144b6ce57fde075dcc05e7733eec1
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
httpd-2.4.53-7.el9_1.5.src.rpm
SHA-256: 3ae0e40cd120ef6d720a8abee46546f5fa5f8ae3190383a0ce2ee4835020c333
mod_http2-1.15.19-3.el9_1.5.src.rpm
SHA-256: 21f7caea63f0e2661f492cb9d94e3b20c5bf878ca300fbb8823c3340b9fa0e65
s390x
httpd-2.4.53-7.el9_1.5.s390x.rpm
SHA-256: 6b59f72ee3b461169b44e4928e28a0f60417832db1c7b4c781c81bcc1b0b5c1b
httpd-core-2.4.53-7.el9_1.5.s390x.rpm
SHA-256: b0c883b9887bef6b934dbf199cb016a88eaa9cf6aaa6e8eec3ab26fe52402d94
httpd-core-debuginfo-2.4.53-7.el9_1.5.s390x.rpm
SHA-256: ba0e1dfc9005a420e5846ac97c7044cff01a8ce91dc02da48d2c17510f0d9977
httpd-debuginfo-2.4.53-7.el9_1.5.s390x.rpm
SHA-256: 1f94171e493f204a5f3482fb7d5ee44939c3f8940965d8d0e684b9c173d24944
httpd-debugsource-2.4.53-7.el9_1.5.s390x.rpm
SHA-256: 581a9a8ec06a34f85fcaf1c249bf2ea2a332c7881b9262e2d1b82f7ab8c79244
httpd-devel-2.4.53-7.el9_1.5.s390x.rpm
SHA-256: c9f16c26394b33d4b9abf128aa530357157fadbea458387f13b98a660549abf2
httpd-filesystem-2.4.53-7.el9_1.5.noarch.rpm
SHA-256: b669d22968086f0b58a25d1b02c704d461c63711fc149e8e9ead18c3aafc842c
httpd-manual-2.4.53-7.el9_1.5.noarch.rpm
SHA-256: 5c67194659ccbb55a8e756b4510f694a8f096461d5d8b2bd12e5eead37ddb6ec
httpd-tools-2.4.53-7.el9_1.5.s390x.rpm
SHA-256: f3ae62bdaea5351974ff81819ae14371f6ee77824dc8f2179ef5c45e6c7303f3
httpd-tools-debuginfo-2.4.53-7.el9_1.5.s390x.rpm
SHA-256: 580f8d1f78205460f08548e6e6970da31d52f4b4db16c006279414519c02185e
mod_http2-1.15.19-3.el9_1.5.s390x.rpm
SHA-256: 1a3f08ae367575cf15aa16d73c052d2d8b88c34a0dbfd700e1c9b699e482bf08
mod_http2-debuginfo-1.15.19-3.el9_1.5.s390x.rpm
SHA-256: 736507968cb8ac97dfd1ac778d513c7b4615fa03c6af59479c6629a038293daa
mod_http2-debugsource-1.15.19-3.el9_1.5.s390x.rpm
SHA-256: 340d096a6edfd8a79591b8dd552a9614971363d4b09468007e95c068bad18906
mod_ldap-2.4.53-7.el9_1.5.s390x.rpm
SHA-256: 8ea1e1772b68b77571e31fe7e41116fff4cce96ee566bf37d06269c692d838dd
mod_ldap-debuginfo-2.4.53-7.el9_1.5.s390x.rpm
SHA-256: 50d2de94413ac9e79042a5acc2d7f62770279c53e79bfd56db2b4ae52c90f370
mod_lua-2.4.53-7.el9_1.5.s390x.rpm
SHA-256: 949fed0f688bae3b1396137a239062387fc561c4b63f43c37152d20d83e5ec78
mod_lua-debuginfo-2.4.53-7.el9_1.5.s390x.rpm
SHA-256: b2b8c1ac8acb99aa76b543719cbd24b2eeb0f90374c667febc7f868668f7e6a0
mod_proxy_html-2.4.53-7.el9_1.5.s390x.rpm
SHA-256: 4a54d58a32bca48107f2481f8574ac22ead1514079dd328fb8dc1282e5ca0795
mod_proxy_html-debuginfo-2.4.53-7.el9_1.5.s390x.rpm
SHA-256: 6a5d032486f54f17e3ecd6f9a4db03518394c3783369ac6d46d4397261c074ab
mod_session-2.4.53-7.el9_1.5.s390x.rpm
SHA-256: f880791fb0d864625f7195ca75ff0f1b13be66d1f3ba3b91aa64b6376f03d7a6
mod_session-debuginfo-2.4.53-7.el9_1.5.s390x.rpm
SHA-256: 9cedc28f1ff5ebb81366201606cb15c5763c0b8f14fa36e3a7c07c4e6fdefcf0
mod_ssl-2.4.53-7.el9_1.5.s390x.rpm
SHA-256: 9f92bf54ff281c1ff813e98e6bb6399791bae62426cfdfbc360596b71f61df33
mod_ssl-debuginfo-2.4.53-7.el9_1.5.s390x.rpm
SHA-256: 0918320929c28bc490112e40a03b1105ad2cee6ee4f2fee53a07fe842fbae1c4
Red Hat Enterprise Linux for Power, little endian 9
SRPM
httpd-2.4.53-7.el9_1.5.src.rpm
SHA-256: 3ae0e40cd120ef6d720a8abee46546f5fa5f8ae3190383a0ce2ee4835020c333
mod_http2-1.15.19-3.el9_1.5.src.rpm
SHA-256: 21f7caea63f0e2661f492cb9d94e3b20c5bf878ca300fbb8823c3340b9fa0e65
ppc64le
httpd-2.4.53-7.el9_1.5.ppc64le.rpm
SHA-256: c772b619531704ce3c48691ed70c9b2157f6273b2b9521a6f684779a3a7e47d9
httpd-core-2.4.53-7.el9_1.5.ppc64le.rpm
SHA-256: b0e036559bd1efbae14062353dadf31a5a73eb9616cc347d5d33247328002216
httpd-core-debuginfo-2.4.53-7.el9_1.5.ppc64le.rpm
SHA-256: 243ec7135ed1505331097d68f10d513dc5dbce699468ecdd57365821b303b39f
httpd-debuginfo-2.4.53-7.el9_1.5.ppc64le.rpm
SHA-256: abb2d014ccacb52cf252c8cce41dcdff46b5988c9b2837e6ea556452d0a91c12
httpd-debugsource-2.4.53-7.el9_1.5.ppc64le.rpm
SHA-256: faf84491819ad8479b15c93c4ec00d0dbea499eb11d8f778d2c8477ad52a4d99
httpd-devel-2.4.53-7.el9_1.5.ppc64le.rpm
SHA-256: 4b094143e2219a3d9d10b5d9cf2374a7e4c97d5d0ca1c8a6dbc59cb8fe4dda2d
httpd-filesystem-2.4.53-7.el9_1.5.noarch.rpm
SHA-256: b669d22968086f0b58a25d1b02c704d461c63711fc149e8e9ead18c3aafc842c
httpd-manual-2.4.53-7.el9_1.5.noarch.rpm
SHA-256: 5c67194659ccbb55a8e756b4510f694a8f096461d5d8b2bd12e5eead37ddb6ec
httpd-tools-2.4.53-7.el9_1.5.ppc64le.rpm
SHA-256: 3b10434150698b5337ead5b72a723f622149e87ec1ba03d9d18d444f80c6a2d6
httpd-tools-debuginfo-2.4.53-7.el9_1.5.ppc64le.rpm
SHA-256: 7a57f6160bf6830748f62453512779ac9224f5eb5d054d1717b46f477a4ea82a
mod_http2-1.15.19-3.el9_1.5.ppc64le.rpm
SHA-256: c1e7f91168b9d4ce3fef77ded1eb6a2ef3105e05efc89a12daa62880bad4eb3b
mod_http2-debuginfo-1.15.19-3.el9_1.5.ppc64le.rpm
SHA-256: eb120cf4ae106228870bc2ecfbb62a709d9074294cbb036849ced2e1c6a87040
mod_http2-debugsource-1.15.19-3.el9_1.5.ppc64le.rpm
SHA-256: 287f88dadd89607fd261dd5137d349c849fa5c333f590452cce232a4e8e2f4f4
mod_ldap-2.4.53-7.el9_1.5.ppc64le.rpm
SHA-256: 358ad9e6c64b8bb72401016b40d0cf77e86110e7dc050276065c4a6b542dd8d8
mod_ldap-debuginfo-2.4.53-7.el9_1.5.ppc64le.rpm
SHA-256: 32a8fb9ce403c3c73048da9bcdc78981a0ecaad4af23bcb4ff89943c9bcb1326
mod_lua-2.4.53-7.el9_1.5.ppc64le.rpm
SHA-256: 243445f2789f59c68bb954b6de2a98f6f310f7c3ecb8d1b2c26d49f11ba7072e
mod_lua-debuginfo-2.4.53-7.el9_1.5.ppc64le.rpm
SHA-256: 30d813cb6aa8eb5699b1d75a2d0ef7e58b54c91e1a89c6d9f1e0a01f02d0f2ce
mod_proxy_html-2.4.53-7.el9_1.5.ppc64le.rpm
SHA-256: 02023c09d54311f8ecebb6632f04231edf1752aff93d7c47dd5d8002a2c93612
mod_proxy_html-debuginfo-2.4.53-7.el9_1.5.ppc64le.rpm
SHA-256: 45bd3b2fd97bfaa8d2e50cda792bd8e53581be215caf9916eee6c9281b3586a4
mod_session-2.4.53-7.el9_1.5.ppc64le.rpm
SHA-256: 11826fea873f95ac1546e1379c5eb98a95f4eb346d2d977b995d14706c8b4868
mod_session-debuginfo-2.4.53-7.el9_1.5.ppc64le.rpm
SHA-256: 5f49982762880ea6a05c5dd245e5ed7d1c64a1a8ad7da04e7299c3d9de9f01b5
mod_ssl-2.4.53-7.el9_1.5.ppc64le.rpm
SHA-256: d84f6ebc06d553a03b8502702f2cedf401f63af3c5af590d4d796b3a99827aff
mod_ssl-debuginfo-2.4.53-7.el9_1.5.ppc64le.rpm
SHA-256: ac67d2618623f2ba2679e08cb2d979939c097e18fbd2424ca907be3d90838036
Red Hat Enterprise Linux for ARM 64 9
SRPM
httpd-2.4.53-7.el9_1.5.src.rpm
SHA-256: 3ae0e40cd120ef6d720a8abee46546f5fa5f8ae3190383a0ce2ee4835020c333
mod_http2-1.15.19-3.el9_1.5.src.rpm
SHA-256: 21f7caea63f0e2661f492cb9d94e3b20c5bf878ca300fbb8823c3340b9fa0e65
aarch64
httpd-2.4.53-7.el9_1.5.aarch64.rpm
SHA-256: 631eaba2af07c5d260aea305e88d9b771c586f21be8404792c67fdd4e5f763d1
httpd-core-2.4.53-7.el9_1.5.aarch64.rpm
SHA-256: dbc3a8863148bbe8879cc97e968efa63e1877a5ba69d1f51609c70c3133aa3f4
httpd-core-debuginfo-2.4.53-7.el9_1.5.aarch64.rpm
SHA-256: 4f925d22925f0443e978c8496441430a1e3199ec1b6f94c0627b1c7f34dfa089
httpd-debuginfo-2.4.53-7.el9_1.5.aarch64.rpm
SHA-256: 016e034a451bb33cc625919f35017221555c90797b6f388928d0557cb5d24135
httpd-debugsource-2.4.53-7.el9_1.5.aarch64.rpm
SHA-256: 0918b9c0b081f1798100331e7fa47dc0a001f9b6c578b13a2ab309feafc6574f
httpd-devel-2.4.53-7.el9_1.5.aarch64.rpm
SHA-256: ddd5674e15a4df0e9ac617cdb464a5c20b9ce3c1d505d6d5238b4def6e9eeb0d
httpd-filesystem-2.4.53-7.el9_1.5.noarch.rpm
SHA-256: b669d22968086f0b58a25d1b02c704d461c63711fc149e8e9ead18c3aafc842c
httpd-manual-2.4.53-7.el9_1.5.noarch.rpm
SHA-256: 5c67194659ccbb55a8e756b4510f694a8f096461d5d8b2bd12e5eead37ddb6ec
httpd-tools-2.4.53-7.el9_1.5.aarch64.rpm
SHA-256: 67cf6d9af3540fb864f8e361889f745d90ae285660ca32fc705420378c54b4bb
httpd-tools-debuginfo-2.4.53-7.el9_1.5.aarch64.rpm
SHA-256: de9c50cb80ddf36789abf2e12769a1de6ecf25303534750eda011483c3ed8d12
mod_http2-1.15.19-3.el9_1.5.aarch64.rpm
SHA-256: 287e313058664f8cdd46f6cf23fe0189e2a391828f915af509f37b3c086252e9
mod_http2-debuginfo-1.15.19-3.el9_1.5.aarch64.rpm
SHA-256: 4086f5a35ff532748acd4e80817fa3d76b9de72295029a9c24d687eaaee94db7
mod_http2-debugsource-1.15.19-3.el9_1.5.aarch64.rpm
SHA-256: 7cf24d35c7977e1d5321890f443ca430d842b19773d67abc26f91fa66c4ee1be
mod_ldap-2.4.53-7.el9_1.5.aarch64.rpm
SHA-256: b81436c15eade7deb257248ea1be818f6d999f8142ba4b689e8298479b642779
mod_ldap-debuginfo-2.4.53-7.el9_1.5.aarch64.rpm
SHA-256: decc3870465257e872a9b8d33eb68ff7b05447ce07a71e9c525d5d395e305ffc
mod_lua-2.4.53-7.el9_1.5.aarch64.rpm
SHA-256: f7973430995e90d5a698857bc0a9cca98f132e147b8216f277898d990a9c9970
mod_lua-debuginfo-2.4.53-7.el9_1.5.aarch64.rpm
SHA-256: c182a28a6d513ee3479037c9c4176baae58fd48720025f3dd898c2d5a70a6652
mod_proxy_html-2.4.53-7.el9_1.5.aarch64.rpm
SHA-256: c52402b2babed394e873768702d7e0617407e82df3f89e3f6b53e023eecd6347
mod_proxy_html-debuginfo-2.4.53-7.el9_1.5.aarch64.rpm
SHA-256: eb53598e4263886c7e347428310dd37d8ab61b83e148adaab0c7ae3bdca2b374
mod_session-2.4.53-7.el9_1.5.aarch64.rpm
SHA-256: 7890dfe17ad40b2bb244043d871c7c603659b49d035d7123fb6b05f9cc92a8c6
mod_session-debuginfo-2.4.53-7.el9_1.5.aarch64.rpm
SHA-256: 28d759c7e045916ec1f47768e0a3fb0e99127090fea6b35884f03eabd8ad9d29
mod_ssl-2.4.53-7.el9_1.5.aarch64.rpm
SHA-256: 8f2ad749204e25e98d2333d7ef0beda00c9a029e1abcc804fc6756d02aa4eeb1
mod_ssl-debuginfo-2.4.53-7.el9_1.5.aarch64.rpm
SHA-256: 439950c9a38b0b7c2cb33c2119e5d216ed4a822f68c2cf87cbcb978041f5b8a0
Related news
Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.
An update is now available for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 on Red Hat Enterprise Linux versions 7 and 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-4304: A timing-based side channel exists in the Open...
Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.
An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-suppli...
Red Hat Security Advisory 2023-1916-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
Red Hat Security Advisory 2023-1670-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations a...
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-s...
Red Hat Security Advisory 2023-1597-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Red Hat Security Advisory 2023-1547-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches ...
An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request...
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches ...
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific patter...
Ubuntu Security Notice 5942-2 - USN-5942-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding update for CVE-2023-25690 for Ubuntu 16.04 ESM. Lars Krapf discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain configurations. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.
Debian Linux Security Advisory 5376-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service.
Ubuntu Security Notice 5942-1 - Lars Krapf discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain configurations. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server mod_proxy_uwsgi module incorrectly handled certain special characters. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.