Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:1670: Red Hat Security Advisory: httpd and mod_http2 security update

An update for httpd and mod_http2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution.
Red Hat Security Data
#vulnerability#web#linux#red_hat#apache#ldap#ibm#ssl

Synopsis

Important: httpd and mod_http2 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for httpd and mod_http2 is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

  • httpd: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon will be restarted automatically.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64

Fixes

  • BZ - 2176209 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy

Red Hat Enterprise Linux for x86_64 9

SRPM

httpd-2.4.53-7.el9_1.5.src.rpm

SHA-256: 3ae0e40cd120ef6d720a8abee46546f5fa5f8ae3190383a0ce2ee4835020c333

mod_http2-1.15.19-3.el9_1.5.src.rpm

SHA-256: 21f7caea63f0e2661f492cb9d94e3b20c5bf878ca300fbb8823c3340b9fa0e65

x86_64

httpd-2.4.53-7.el9_1.5.x86_64.rpm

SHA-256: e1f3a63409bdf4ca2c7ee1a80a76a28cc5e1b4cdaafb4b3083f7e89ea4346d9f

httpd-core-2.4.53-7.el9_1.5.x86_64.rpm

SHA-256: 89a143efeebef4f76f0df6abe4d7ee58d3ae49d195e47846fb9e74dd15ad1680

httpd-core-debuginfo-2.4.53-7.el9_1.5.x86_64.rpm

SHA-256: 459a988da37f99a6893813baa54a783fab327a05ef5d4c4239f9a6192538a2c2

httpd-debuginfo-2.4.53-7.el9_1.5.x86_64.rpm

SHA-256: 3c92f2e7e8b7da52c98c6fd6df8d838b252424d3395995d603d17a96fc5ffac7

httpd-debugsource-2.4.53-7.el9_1.5.x86_64.rpm

SHA-256: 1f50e102c64048ea4c04ab97778d4304d72b26665d5c5581acc6318324fa339d

httpd-devel-2.4.53-7.el9_1.5.x86_64.rpm

SHA-256: 569e3bf12937b99f8cc1252eedbb0de6f090f7b9932b532724b4a6d09c01aef2

httpd-filesystem-2.4.53-7.el9_1.5.noarch.rpm

SHA-256: b669d22968086f0b58a25d1b02c704d461c63711fc149e8e9ead18c3aafc842c

httpd-manual-2.4.53-7.el9_1.5.noarch.rpm

SHA-256: 5c67194659ccbb55a8e756b4510f694a8f096461d5d8b2bd12e5eead37ddb6ec

httpd-tools-2.4.53-7.el9_1.5.x86_64.rpm

SHA-256: 926d69f622b5d6f6e890115f9756e3518015045966f50ad02f172556e147d10d

httpd-tools-debuginfo-2.4.53-7.el9_1.5.x86_64.rpm

SHA-256: 539d2c7d7938baaef5e66a166b15ae17800066d9ef9af8dc428f95682d9c4e3d

mod_http2-1.15.19-3.el9_1.5.x86_64.rpm

SHA-256: 89e17976c4e9e6ee432685511fbcd1dcefdfd6f9c301ca17d6d88c35301bcc5e

mod_http2-debuginfo-1.15.19-3.el9_1.5.x86_64.rpm

SHA-256: 02cdb04d38f68acf265087577980f1b9aaf2321cdd4581b72a2d363e43341e0b

mod_http2-debugsource-1.15.19-3.el9_1.5.x86_64.rpm

SHA-256: f9fb3901e7f3743f02cedaddb9f93835878c9e170b43c7c2001e0fb9c1d3d8fd

mod_ldap-2.4.53-7.el9_1.5.x86_64.rpm

SHA-256: 420ec97d25fe06a1dbc6cdbe8746c1217acb005ea3d86586307eecc2b47b7b26

mod_ldap-debuginfo-2.4.53-7.el9_1.5.x86_64.rpm

SHA-256: 48fc707aee58caf5e31e185523e702e2736365b2594235766add325d3ae83826

mod_lua-2.4.53-7.el9_1.5.x86_64.rpm

SHA-256: 656dd02cd6ff510bbd051ba10d8dc8de52846fedd4f2f4bef42881b94d730f93

mod_lua-debuginfo-2.4.53-7.el9_1.5.x86_64.rpm

SHA-256: 679c18e564b74a3fc55dc6fe187c23d7bb76a175a1e6bcc6f437dec5f0b1d961

mod_proxy_html-2.4.53-7.el9_1.5.x86_64.rpm

SHA-256: 22ab7548ed763e0fbc0fc2474c88767e500017308193a3b0bf06b68eddb4bf11

mod_proxy_html-debuginfo-2.4.53-7.el9_1.5.x86_64.rpm

SHA-256: c5a473a02f62d8c0befbf5da5b3364fabf51d7a873569874c1b422d07918f31e

mod_session-2.4.53-7.el9_1.5.x86_64.rpm

SHA-256: 687d2323217ba39010ba275f335c4670950ca10b6c670854c79d0852716c6b0c

mod_session-debuginfo-2.4.53-7.el9_1.5.x86_64.rpm

SHA-256: 2f33fe302f4177999158354d46a9065b8a3cc79465f355fb454288b29b5416a5

mod_ssl-2.4.53-7.el9_1.5.x86_64.rpm

SHA-256: fc68d05e01b7e155030b409efe962e6f50cf6344f312cf9f4083df3ce139c3eb

mod_ssl-debuginfo-2.4.53-7.el9_1.5.x86_64.rpm

SHA-256: c6f6508b698ca44f178c4ae7153c190ca32144b6ce57fde075dcc05e7733eec1

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

httpd-2.4.53-7.el9_1.5.src.rpm

SHA-256: 3ae0e40cd120ef6d720a8abee46546f5fa5f8ae3190383a0ce2ee4835020c333

mod_http2-1.15.19-3.el9_1.5.src.rpm

SHA-256: 21f7caea63f0e2661f492cb9d94e3b20c5bf878ca300fbb8823c3340b9fa0e65

s390x

httpd-2.4.53-7.el9_1.5.s390x.rpm

SHA-256: 6b59f72ee3b461169b44e4928e28a0f60417832db1c7b4c781c81bcc1b0b5c1b

httpd-core-2.4.53-7.el9_1.5.s390x.rpm

SHA-256: b0c883b9887bef6b934dbf199cb016a88eaa9cf6aaa6e8eec3ab26fe52402d94

httpd-core-debuginfo-2.4.53-7.el9_1.5.s390x.rpm

SHA-256: ba0e1dfc9005a420e5846ac97c7044cff01a8ce91dc02da48d2c17510f0d9977

httpd-debuginfo-2.4.53-7.el9_1.5.s390x.rpm

SHA-256: 1f94171e493f204a5f3482fb7d5ee44939c3f8940965d8d0e684b9c173d24944

httpd-debugsource-2.4.53-7.el9_1.5.s390x.rpm

SHA-256: 581a9a8ec06a34f85fcaf1c249bf2ea2a332c7881b9262e2d1b82f7ab8c79244

httpd-devel-2.4.53-7.el9_1.5.s390x.rpm

SHA-256: c9f16c26394b33d4b9abf128aa530357157fadbea458387f13b98a660549abf2

httpd-filesystem-2.4.53-7.el9_1.5.noarch.rpm

SHA-256: b669d22968086f0b58a25d1b02c704d461c63711fc149e8e9ead18c3aafc842c

httpd-manual-2.4.53-7.el9_1.5.noarch.rpm

SHA-256: 5c67194659ccbb55a8e756b4510f694a8f096461d5d8b2bd12e5eead37ddb6ec

httpd-tools-2.4.53-7.el9_1.5.s390x.rpm

SHA-256: f3ae62bdaea5351974ff81819ae14371f6ee77824dc8f2179ef5c45e6c7303f3

httpd-tools-debuginfo-2.4.53-7.el9_1.5.s390x.rpm

SHA-256: 580f8d1f78205460f08548e6e6970da31d52f4b4db16c006279414519c02185e

mod_http2-1.15.19-3.el9_1.5.s390x.rpm

SHA-256: 1a3f08ae367575cf15aa16d73c052d2d8b88c34a0dbfd700e1c9b699e482bf08

mod_http2-debuginfo-1.15.19-3.el9_1.5.s390x.rpm

SHA-256: 736507968cb8ac97dfd1ac778d513c7b4615fa03c6af59479c6629a038293daa

mod_http2-debugsource-1.15.19-3.el9_1.5.s390x.rpm

SHA-256: 340d096a6edfd8a79591b8dd552a9614971363d4b09468007e95c068bad18906

mod_ldap-2.4.53-7.el9_1.5.s390x.rpm

SHA-256: 8ea1e1772b68b77571e31fe7e41116fff4cce96ee566bf37d06269c692d838dd

mod_ldap-debuginfo-2.4.53-7.el9_1.5.s390x.rpm

SHA-256: 50d2de94413ac9e79042a5acc2d7f62770279c53e79bfd56db2b4ae52c90f370

mod_lua-2.4.53-7.el9_1.5.s390x.rpm

SHA-256: 949fed0f688bae3b1396137a239062387fc561c4b63f43c37152d20d83e5ec78

mod_lua-debuginfo-2.4.53-7.el9_1.5.s390x.rpm

SHA-256: b2b8c1ac8acb99aa76b543719cbd24b2eeb0f90374c667febc7f868668f7e6a0

mod_proxy_html-2.4.53-7.el9_1.5.s390x.rpm

SHA-256: 4a54d58a32bca48107f2481f8574ac22ead1514079dd328fb8dc1282e5ca0795

mod_proxy_html-debuginfo-2.4.53-7.el9_1.5.s390x.rpm

SHA-256: 6a5d032486f54f17e3ecd6f9a4db03518394c3783369ac6d46d4397261c074ab

mod_session-2.4.53-7.el9_1.5.s390x.rpm

SHA-256: f880791fb0d864625f7195ca75ff0f1b13be66d1f3ba3b91aa64b6376f03d7a6

mod_session-debuginfo-2.4.53-7.el9_1.5.s390x.rpm

SHA-256: 9cedc28f1ff5ebb81366201606cb15c5763c0b8f14fa36e3a7c07c4e6fdefcf0

mod_ssl-2.4.53-7.el9_1.5.s390x.rpm

SHA-256: 9f92bf54ff281c1ff813e98e6bb6399791bae62426cfdfbc360596b71f61df33

mod_ssl-debuginfo-2.4.53-7.el9_1.5.s390x.rpm

SHA-256: 0918320929c28bc490112e40a03b1105ad2cee6ee4f2fee53a07fe842fbae1c4

Red Hat Enterprise Linux for Power, little endian 9

SRPM

httpd-2.4.53-7.el9_1.5.src.rpm

SHA-256: 3ae0e40cd120ef6d720a8abee46546f5fa5f8ae3190383a0ce2ee4835020c333

mod_http2-1.15.19-3.el9_1.5.src.rpm

SHA-256: 21f7caea63f0e2661f492cb9d94e3b20c5bf878ca300fbb8823c3340b9fa0e65

ppc64le

httpd-2.4.53-7.el9_1.5.ppc64le.rpm

SHA-256: c772b619531704ce3c48691ed70c9b2157f6273b2b9521a6f684779a3a7e47d9

httpd-core-2.4.53-7.el9_1.5.ppc64le.rpm

SHA-256: b0e036559bd1efbae14062353dadf31a5a73eb9616cc347d5d33247328002216

httpd-core-debuginfo-2.4.53-7.el9_1.5.ppc64le.rpm

SHA-256: 243ec7135ed1505331097d68f10d513dc5dbce699468ecdd57365821b303b39f

httpd-debuginfo-2.4.53-7.el9_1.5.ppc64le.rpm

SHA-256: abb2d014ccacb52cf252c8cce41dcdff46b5988c9b2837e6ea556452d0a91c12

httpd-debugsource-2.4.53-7.el9_1.5.ppc64le.rpm

SHA-256: faf84491819ad8479b15c93c4ec00d0dbea499eb11d8f778d2c8477ad52a4d99

httpd-devel-2.4.53-7.el9_1.5.ppc64le.rpm

SHA-256: 4b094143e2219a3d9d10b5d9cf2374a7e4c97d5d0ca1c8a6dbc59cb8fe4dda2d

httpd-filesystem-2.4.53-7.el9_1.5.noarch.rpm

SHA-256: b669d22968086f0b58a25d1b02c704d461c63711fc149e8e9ead18c3aafc842c

httpd-manual-2.4.53-7.el9_1.5.noarch.rpm

SHA-256: 5c67194659ccbb55a8e756b4510f694a8f096461d5d8b2bd12e5eead37ddb6ec

httpd-tools-2.4.53-7.el9_1.5.ppc64le.rpm

SHA-256: 3b10434150698b5337ead5b72a723f622149e87ec1ba03d9d18d444f80c6a2d6

httpd-tools-debuginfo-2.4.53-7.el9_1.5.ppc64le.rpm

SHA-256: 7a57f6160bf6830748f62453512779ac9224f5eb5d054d1717b46f477a4ea82a

mod_http2-1.15.19-3.el9_1.5.ppc64le.rpm

SHA-256: c1e7f91168b9d4ce3fef77ded1eb6a2ef3105e05efc89a12daa62880bad4eb3b

mod_http2-debuginfo-1.15.19-3.el9_1.5.ppc64le.rpm

SHA-256: eb120cf4ae106228870bc2ecfbb62a709d9074294cbb036849ced2e1c6a87040

mod_http2-debugsource-1.15.19-3.el9_1.5.ppc64le.rpm

SHA-256: 287f88dadd89607fd261dd5137d349c849fa5c333f590452cce232a4e8e2f4f4

mod_ldap-2.4.53-7.el9_1.5.ppc64le.rpm

SHA-256: 358ad9e6c64b8bb72401016b40d0cf77e86110e7dc050276065c4a6b542dd8d8

mod_ldap-debuginfo-2.4.53-7.el9_1.5.ppc64le.rpm

SHA-256: 32a8fb9ce403c3c73048da9bcdc78981a0ecaad4af23bcb4ff89943c9bcb1326

mod_lua-2.4.53-7.el9_1.5.ppc64le.rpm

SHA-256: 243445f2789f59c68bb954b6de2a98f6f310f7c3ecb8d1b2c26d49f11ba7072e

mod_lua-debuginfo-2.4.53-7.el9_1.5.ppc64le.rpm

SHA-256: 30d813cb6aa8eb5699b1d75a2d0ef7e58b54c91e1a89c6d9f1e0a01f02d0f2ce

mod_proxy_html-2.4.53-7.el9_1.5.ppc64le.rpm

SHA-256: 02023c09d54311f8ecebb6632f04231edf1752aff93d7c47dd5d8002a2c93612

mod_proxy_html-debuginfo-2.4.53-7.el9_1.5.ppc64le.rpm

SHA-256: 45bd3b2fd97bfaa8d2e50cda792bd8e53581be215caf9916eee6c9281b3586a4

mod_session-2.4.53-7.el9_1.5.ppc64le.rpm

SHA-256: 11826fea873f95ac1546e1379c5eb98a95f4eb346d2d977b995d14706c8b4868

mod_session-debuginfo-2.4.53-7.el9_1.5.ppc64le.rpm

SHA-256: 5f49982762880ea6a05c5dd245e5ed7d1c64a1a8ad7da04e7299c3d9de9f01b5

mod_ssl-2.4.53-7.el9_1.5.ppc64le.rpm

SHA-256: d84f6ebc06d553a03b8502702f2cedf401f63af3c5af590d4d796b3a99827aff

mod_ssl-debuginfo-2.4.53-7.el9_1.5.ppc64le.rpm

SHA-256: ac67d2618623f2ba2679e08cb2d979939c097e18fbd2424ca907be3d90838036

Red Hat Enterprise Linux for ARM 64 9

SRPM

httpd-2.4.53-7.el9_1.5.src.rpm

SHA-256: 3ae0e40cd120ef6d720a8abee46546f5fa5f8ae3190383a0ce2ee4835020c333

mod_http2-1.15.19-3.el9_1.5.src.rpm

SHA-256: 21f7caea63f0e2661f492cb9d94e3b20c5bf878ca300fbb8823c3340b9fa0e65

aarch64

httpd-2.4.53-7.el9_1.5.aarch64.rpm

SHA-256: 631eaba2af07c5d260aea305e88d9b771c586f21be8404792c67fdd4e5f763d1

httpd-core-2.4.53-7.el9_1.5.aarch64.rpm

SHA-256: dbc3a8863148bbe8879cc97e968efa63e1877a5ba69d1f51609c70c3133aa3f4

httpd-core-debuginfo-2.4.53-7.el9_1.5.aarch64.rpm

SHA-256: 4f925d22925f0443e978c8496441430a1e3199ec1b6f94c0627b1c7f34dfa089

httpd-debuginfo-2.4.53-7.el9_1.5.aarch64.rpm

SHA-256: 016e034a451bb33cc625919f35017221555c90797b6f388928d0557cb5d24135

httpd-debugsource-2.4.53-7.el9_1.5.aarch64.rpm

SHA-256: 0918b9c0b081f1798100331e7fa47dc0a001f9b6c578b13a2ab309feafc6574f

httpd-devel-2.4.53-7.el9_1.5.aarch64.rpm

SHA-256: ddd5674e15a4df0e9ac617cdb464a5c20b9ce3c1d505d6d5238b4def6e9eeb0d

httpd-filesystem-2.4.53-7.el9_1.5.noarch.rpm

SHA-256: b669d22968086f0b58a25d1b02c704d461c63711fc149e8e9ead18c3aafc842c

httpd-manual-2.4.53-7.el9_1.5.noarch.rpm

SHA-256: 5c67194659ccbb55a8e756b4510f694a8f096461d5d8b2bd12e5eead37ddb6ec

httpd-tools-2.4.53-7.el9_1.5.aarch64.rpm

SHA-256: 67cf6d9af3540fb864f8e361889f745d90ae285660ca32fc705420378c54b4bb

httpd-tools-debuginfo-2.4.53-7.el9_1.5.aarch64.rpm

SHA-256: de9c50cb80ddf36789abf2e12769a1de6ecf25303534750eda011483c3ed8d12

mod_http2-1.15.19-3.el9_1.5.aarch64.rpm

SHA-256: 287e313058664f8cdd46f6cf23fe0189e2a391828f915af509f37b3c086252e9

mod_http2-debuginfo-1.15.19-3.el9_1.5.aarch64.rpm

SHA-256: 4086f5a35ff532748acd4e80817fa3d76b9de72295029a9c24d687eaaee94db7

mod_http2-debugsource-1.15.19-3.el9_1.5.aarch64.rpm

SHA-256: 7cf24d35c7977e1d5321890f443ca430d842b19773d67abc26f91fa66c4ee1be

mod_ldap-2.4.53-7.el9_1.5.aarch64.rpm

SHA-256: b81436c15eade7deb257248ea1be818f6d999f8142ba4b689e8298479b642779

mod_ldap-debuginfo-2.4.53-7.el9_1.5.aarch64.rpm

SHA-256: decc3870465257e872a9b8d33eb68ff7b05447ce07a71e9c525d5d395e305ffc

mod_lua-2.4.53-7.el9_1.5.aarch64.rpm

SHA-256: f7973430995e90d5a698857bc0a9cca98f132e147b8216f277898d990a9c9970

mod_lua-debuginfo-2.4.53-7.el9_1.5.aarch64.rpm

SHA-256: c182a28a6d513ee3479037c9c4176baae58fd48720025f3dd898c2d5a70a6652

mod_proxy_html-2.4.53-7.el9_1.5.aarch64.rpm

SHA-256: c52402b2babed394e873768702d7e0617407e82df3f89e3f6b53e023eecd6347

mod_proxy_html-debuginfo-2.4.53-7.el9_1.5.aarch64.rpm

SHA-256: eb53598e4263886c7e347428310dd37d8ab61b83e148adaab0c7ae3bdca2b374

mod_session-2.4.53-7.el9_1.5.aarch64.rpm

SHA-256: 7890dfe17ad40b2bb244043d871c7c603659b49d035d7123fb6b05f9cc92a8c6

mod_session-debuginfo-2.4.53-7.el9_1.5.aarch64.rpm

SHA-256: 28d759c7e045916ec1f47768e0a3fb0e99127090fea6b35884f03eabd8ad9d29

mod_ssl-2.4.53-7.el9_1.5.aarch64.rpm

SHA-256: 8f2ad749204e25e98d2333d7ef0beda00c9a029e1abcc804fc6756d02aa4eeb1

mod_ssl-debuginfo-2.4.53-7.el9_1.5.aarch64.rpm

SHA-256: 439950c9a38b0b7c2cb33c2119e5d216ed4a822f68c2cf87cbcb978041f5b8a0

Related news

CVE-2023-22130: Oracle Critical Patch Update Advisory - October 2023

Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVE-2023-22062: Oracle Critical Patch Update Advisory - July 2023

Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).

CVE-2023-26298: HP Device Manager Security Updates

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

RHSA-2023:3354: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 security update

An update is now available for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 on Red Hat Enterprise Linux versions 7 and 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-4304: A timing-based side channel exists in the Open...

CVE-2023-28043: DSA-2023-164: Dell Secure Connect Gateway Security Update for Multiple Vulnerabilities

Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.

RHSA-2023:3292: Red Hat Security Advisory: httpd24-httpd security update

An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-suppli...

Red Hat Security Advisory 2023-1916-01

Red Hat Security Advisory 2023-1916-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

CVE-2023-21954: Oracle Critical Patch Update Advisory - April 2023

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

Red Hat Security Advisory 2023-1670-01

Red Hat Security Advisory 2023-1670-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

RHSA-2023:1672: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations a...

RHSA-2023:1673: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-s...

Red Hat Security Advisory 2023-1597-01

Red Hat Security Advisory 2023-1597-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Red Hat Security Advisory 2023-1547-01

Red Hat Security Advisory 2023-1547-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

RHSA-2023:1597: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches ...

RHSA-2023:1593: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request...

RHSA-2023:1596: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches ...

RHSA-2023:1547: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific patter...

Ubuntu Security Notice USN-5942-2

Ubuntu Security Notice 5942-2 - USN-5942-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding update for CVE-2023-25690 for Ubuntu 16.04 ESM. Lars Krapf discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain configurations. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.

Debian Security Advisory 5376-1

Debian Linux Security Advisory 5376-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service.

Ubuntu Security Notice USN-5942-1

Ubuntu Security Notice 5942-1 - Lars Krapf discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain configurations. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server mod_proxy_uwsgi module incorrectly handled certain special characters. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.