Headline
RHSA-2023:1916: Red Hat Security Advisory: httpd and mod_http2 security update
An update for httpd and mod_http2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution.
Synopsis
Important: httpd and mod_http2 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for httpd and mod_http2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
- httpd: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
- Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
- Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x
Fixes
- BZ - 2176209 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0
SRPM
httpd-2.4.51-7.el9_0.4.src.rpm
SHA-256: f02356cca8868085a3137b73674a8374a61cf13c627c3e081260f124e8080e2a
mod_http2-1.15.19-3.el9_0.5.src.rpm
SHA-256: 8ac9c4f5785ecfc4eec416cd5cb3ddbe7b4541c433496d5fff5f2aa120aa5b0b
x86_64
httpd-2.4.51-7.el9_0.4.x86_64.rpm
SHA-256: 176d75f28b727e1efe0d57a6290e5deba8f17197d93fd5812192c0c0d0d7927c
httpd-debuginfo-2.4.51-7.el9_0.4.x86_64.rpm
SHA-256: ce2e59cdf938ae8debf42ac12eb60e66a1083970fba6784945cadb4ac45e7689
httpd-debugsource-2.4.51-7.el9_0.4.x86_64.rpm
SHA-256: 1a674686830c2c2c9b207d92c13c37e16dfcd05e116d08155df5fb32e40c7e68
httpd-devel-2.4.51-7.el9_0.4.x86_64.rpm
SHA-256: 121d48b0edf510e1a2cd808b535128c92f180117b0d2dc525c2e99e7985107b8
httpd-filesystem-2.4.51-7.el9_0.4.noarch.rpm
SHA-256: b92124ada152c9dda1f5a77675391a6b964976c230cb1e6d7d4511a6a9e4cc35
httpd-manual-2.4.51-7.el9_0.4.noarch.rpm
SHA-256: c3147cdc2780f64b8f4216a44e84fba3dba65a02f53071dcc8e0f143cdbf8b63
httpd-tools-2.4.51-7.el9_0.4.x86_64.rpm
SHA-256: 8b0f57eba7d985b68b9b4cd66a9770b70e2d027428c4030c32691570a79b116d
httpd-tools-debuginfo-2.4.51-7.el9_0.4.x86_64.rpm
SHA-256: 711c2469854a4f3546f140440601b05a3050e4cf4c92e807d1b68e2e37eaa442
mod_http2-1.15.19-3.el9_0.5.x86_64.rpm
SHA-256: 35465e92f2e8ba16171b1e93a6ba560cf2851ca16b0c721859e71930a5dca7a5
mod_http2-debuginfo-1.15.19-3.el9_0.5.x86_64.rpm
SHA-256: 1a18fd6c561fe409e0d2ada40dc87a8299f6016d5523421f4b79c44b4c182c00
mod_http2-debugsource-1.15.19-3.el9_0.5.x86_64.rpm
SHA-256: 0f99293b383612f07a2f106d645de51d5686838a6293d7f653ebd91a6cdfbb48
mod_ldap-2.4.51-7.el9_0.4.x86_64.rpm
SHA-256: 2200bdb329c570000e7bf3931cb0b98ee8db5ed7389a1920b5de7d9bc11626b9
mod_ldap-debuginfo-2.4.51-7.el9_0.4.x86_64.rpm
SHA-256: 891cfc7c7a15bf173925e68770bd40bdf420aaa34edacc09ed491ece92a0b8d5
mod_lua-2.4.51-7.el9_0.4.x86_64.rpm
SHA-256: ede55eb59397c4e28a65931679896a28813ec550e59bccb80c9081440f47ea2b
mod_lua-debuginfo-2.4.51-7.el9_0.4.x86_64.rpm
SHA-256: edeb971cc9316011779002535d9a8d15965be13eaf60c88ff7446b0a35655bed
mod_proxy_html-2.4.51-7.el9_0.4.x86_64.rpm
SHA-256: 33f887f9763e23a15713f6cef68bdd1429b5a99cf3fdc77f5201373f43421c89
mod_proxy_html-debuginfo-2.4.51-7.el9_0.4.x86_64.rpm
SHA-256: 8aa7425ab7a07ee596df9405634b834839f16dc1d892fde5859883bfed86df54
mod_session-2.4.51-7.el9_0.4.x86_64.rpm
SHA-256: 6867d39d44f2649d44b2205f8d1adf5b60c119c1cedce2ce87b25242ab6e4c4e
mod_session-debuginfo-2.4.51-7.el9_0.4.x86_64.rpm
SHA-256: 4e65e42c6c369b4183114fb2686cf5a680df73d9c5381a5a60fdc91833a9da2e
mod_ssl-2.4.51-7.el9_0.4.x86_64.rpm
SHA-256: d4ce82879302453338199b5de9292fc4c866eabbb73034239be132460b4cc67b
mod_ssl-debuginfo-2.4.51-7.el9_0.4.x86_64.rpm
SHA-256: 4e1783986117c5a43fa3a55c11710626d55b1db96565e147a4c3551403011311
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0
SRPM
httpd-2.4.51-7.el9_0.4.src.rpm
SHA-256: f02356cca8868085a3137b73674a8374a61cf13c627c3e081260f124e8080e2a
mod_http2-1.15.19-3.el9_0.5.src.rpm
SHA-256: 8ac9c4f5785ecfc4eec416cd5cb3ddbe7b4541c433496d5fff5f2aa120aa5b0b
s390x
httpd-2.4.51-7.el9_0.4.s390x.rpm
SHA-256: 5a5b690e77512b47a83a55aa552bc122b343d9ed7150a4038f5177100199a046
httpd-debuginfo-2.4.51-7.el9_0.4.s390x.rpm
SHA-256: 40ae689f9871f8acef3ddc7b1edd1fb7a9300fd92b2fe69b1ee3af482ad79a00
httpd-debugsource-2.4.51-7.el9_0.4.s390x.rpm
SHA-256: b7a2c12fa30784214b8a333a93459b64865956c9995e18a28bff9ec735280437
httpd-devel-2.4.51-7.el9_0.4.s390x.rpm
SHA-256: 62d67f479d427a1f83c9a28c842040e79cac277377f6ba16d72b50c7d12d7437
httpd-filesystem-2.4.51-7.el9_0.4.noarch.rpm
SHA-256: b92124ada152c9dda1f5a77675391a6b964976c230cb1e6d7d4511a6a9e4cc35
httpd-manual-2.4.51-7.el9_0.4.noarch.rpm
SHA-256: c3147cdc2780f64b8f4216a44e84fba3dba65a02f53071dcc8e0f143cdbf8b63
httpd-tools-2.4.51-7.el9_0.4.s390x.rpm
SHA-256: 3efabd8c2dcd25a439df675ba81570b876beddf4abfd61636cf4d52172cfc8d2
httpd-tools-debuginfo-2.4.51-7.el9_0.4.s390x.rpm
SHA-256: 46dceabcfdebd8b813e675dfb7d6522330672ac7b41dd9bef57f94289c000f50
mod_http2-1.15.19-3.el9_0.5.s390x.rpm
SHA-256: 2f7c410ef6ce0a989cdd9fde7dc4b26d52789d50569f574466a43cbbe87f11ef
mod_http2-debuginfo-1.15.19-3.el9_0.5.s390x.rpm
SHA-256: e36b365dcd487f66ccb283e643f71ea1aa6b0f09c84fba40929029213c8ac19d
mod_http2-debugsource-1.15.19-3.el9_0.5.s390x.rpm
SHA-256: 31519e56f70d0cac3760749ed1f291052405fdbc0f8e0e4680d8b9250c9a2cd6
mod_ldap-2.4.51-7.el9_0.4.s390x.rpm
SHA-256: b0a578bc26b4a173db153d7c22ab681a067251a9d91a4be2f8cceef337eaa24c
mod_ldap-debuginfo-2.4.51-7.el9_0.4.s390x.rpm
SHA-256: 140d9507df966e9cba35374a8d51674802675bec158e9447d72c92f5c82236b2
mod_lua-2.4.51-7.el9_0.4.s390x.rpm
SHA-256: ae5f23f1154d2249151c9a03ad2604a596a2f17e95f6a9b64ddc215ebf9f0c5e
mod_lua-debuginfo-2.4.51-7.el9_0.4.s390x.rpm
SHA-256: 3f4b0b075a80a641b411845124d1550fa47e66a3d195129f2d8d509f4cb91eea
mod_proxy_html-2.4.51-7.el9_0.4.s390x.rpm
SHA-256: dc67f3e2147826b01b5eda7b72c98f4e6cdabca0906a2e5a514881f504b9f486
mod_proxy_html-debuginfo-2.4.51-7.el9_0.4.s390x.rpm
SHA-256: b5c882274840e9630658b4b6fbb61733673fb6d4fbfcc916f66dd0b9ac640986
mod_session-2.4.51-7.el9_0.4.s390x.rpm
SHA-256: 89a91a9e249bcbd7150da8cbea5bda7ee00e42198ed53281dc376199bbd86350
mod_session-debuginfo-2.4.51-7.el9_0.4.s390x.rpm
SHA-256: 2abc9277ea1a244233d4b848d0ece3427168b9ace2e697d4a30cee6182641502
mod_ssl-2.4.51-7.el9_0.4.s390x.rpm
SHA-256: 4b11a21f0ba3eafaf772ecdb6f7c0c240006520a6ae686afcd0415e1f0331c24
mod_ssl-debuginfo-2.4.51-7.el9_0.4.s390x.rpm
SHA-256: 8bd10c66c3a3fe90da92967738cd78b39e342e959e3b753577eac8c112ce9e45
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0
SRPM
httpd-2.4.51-7.el9_0.4.src.rpm
SHA-256: f02356cca8868085a3137b73674a8374a61cf13c627c3e081260f124e8080e2a
mod_http2-1.15.19-3.el9_0.5.src.rpm
SHA-256: 8ac9c4f5785ecfc4eec416cd5cb3ddbe7b4541c433496d5fff5f2aa120aa5b0b
ppc64le
httpd-2.4.51-7.el9_0.4.ppc64le.rpm
SHA-256: a01ad7d2ccfa0a8effb36028a05a620fd8943ea41ee149f747cf6833483f5f1e
httpd-debuginfo-2.4.51-7.el9_0.4.ppc64le.rpm
SHA-256: 8c3c76d6f71310fb95bffdc4927e0ce902e0d91a388031a5fc2d9bcc6ec7a7a6
httpd-debugsource-2.4.51-7.el9_0.4.ppc64le.rpm
SHA-256: 58defb770eaac2601e68903dae20126d1b29ae4780c2b2fe835b7b519100234b
httpd-devel-2.4.51-7.el9_0.4.ppc64le.rpm
SHA-256: 7cc427c958da20e344719a1081f1dff797a955e3040b8a0130c8124e8da2b235
httpd-filesystem-2.4.51-7.el9_0.4.noarch.rpm
SHA-256: b92124ada152c9dda1f5a77675391a6b964976c230cb1e6d7d4511a6a9e4cc35
httpd-manual-2.4.51-7.el9_0.4.noarch.rpm
SHA-256: c3147cdc2780f64b8f4216a44e84fba3dba65a02f53071dcc8e0f143cdbf8b63
httpd-tools-2.4.51-7.el9_0.4.ppc64le.rpm
SHA-256: eeb95a88765700e0d8b9610f1dbfe811650ba4ea5f80006182bc58aefc11b5bb
httpd-tools-debuginfo-2.4.51-7.el9_0.4.ppc64le.rpm
SHA-256: c2fa2cca5651076304675ef038fdfcd6659f3d8fc81730633ec6608df58493b4
mod_http2-1.15.19-3.el9_0.5.ppc64le.rpm
SHA-256: c56ac833f30276d8560566bbe298c56b1daf20ee46f7ebdadf82c1c7aacb3ef0
mod_http2-debuginfo-1.15.19-3.el9_0.5.ppc64le.rpm
SHA-256: 777d2bb6ef360dec48989b78d39f24bee146cfc9fd08ae24cf7197a6496bd145
mod_http2-debugsource-1.15.19-3.el9_0.5.ppc64le.rpm
SHA-256: 3f021dea9f3824680e4dea5ce438affcfcd822afcedcef50c6f4a3f423b4bec1
mod_ldap-2.4.51-7.el9_0.4.ppc64le.rpm
SHA-256: c39de14ba2f0bd1163463df21ca4776bc67b48360868903bbdd8ae3eab7ee584
mod_ldap-debuginfo-2.4.51-7.el9_0.4.ppc64le.rpm
SHA-256: 7edbbb36f32d02f72e8bfa16b037a37cbda3faf0fc611f1e70175dbcd0d92734
mod_lua-2.4.51-7.el9_0.4.ppc64le.rpm
SHA-256: cde4aeafcae26950ba5925201783f1c8231ffbd3845a8e9404f6ce1d24b71483
mod_lua-debuginfo-2.4.51-7.el9_0.4.ppc64le.rpm
SHA-256: b0f53b814069792825f4e4b4edc2c24e7aa3a0cb141181af0691ec9766659d91
mod_proxy_html-2.4.51-7.el9_0.4.ppc64le.rpm
SHA-256: ef1de2e0eeb1efe3542a5e6d99145085a4d183a3a4c6c5e551df17310a6d203d
mod_proxy_html-debuginfo-2.4.51-7.el9_0.4.ppc64le.rpm
SHA-256: 3a96fbe42b52d026bb647906fb12e366f3acaa6254467c2ebb8ed0291c2d6318
mod_session-2.4.51-7.el9_0.4.ppc64le.rpm
SHA-256: eceb9678d12fbdd98848343e2a83ff989099b509e28bb8c51620b2bb898a4829
mod_session-debuginfo-2.4.51-7.el9_0.4.ppc64le.rpm
SHA-256: 66bfb6669316f72e7be154fb0c6f40e32965d503b6a387f6fb7727b7c342b263
mod_ssl-2.4.51-7.el9_0.4.ppc64le.rpm
SHA-256: 8d37543fc41fd0c33eafcc31938429963e5f829f76cc78d141e3a3f3eda9ddab
mod_ssl-debuginfo-2.4.51-7.el9_0.4.ppc64le.rpm
SHA-256: 1b2375139a2334c288e63ee2d44f89f655f7406b0a8e86c8afdac1ac7c4ab406
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0
SRPM
httpd-2.4.51-7.el9_0.4.src.rpm
SHA-256: f02356cca8868085a3137b73674a8374a61cf13c627c3e081260f124e8080e2a
mod_http2-1.15.19-3.el9_0.5.src.rpm
SHA-256: 8ac9c4f5785ecfc4eec416cd5cb3ddbe7b4541c433496d5fff5f2aa120aa5b0b
aarch64
httpd-2.4.51-7.el9_0.4.aarch64.rpm
SHA-256: 319dbffeacd97c97e1b523c9bf812430e19f99a1e88aca1152fa10e00a6fba7e
httpd-debuginfo-2.4.51-7.el9_0.4.aarch64.rpm
SHA-256: f001e1f717c38b850b22b4b22bfcd24cb3cbabf4802000728a10bed3f5b9b828
httpd-debugsource-2.4.51-7.el9_0.4.aarch64.rpm
SHA-256: 3814a607990c5f30253829b140756962f28c90276e68bf0fc10bd7a4d25d786c
httpd-devel-2.4.51-7.el9_0.4.aarch64.rpm
SHA-256: 6f86febbe040c9b63f3e0b6af4e1987b81a69a7264f81b3028bc34caff857802
httpd-filesystem-2.4.51-7.el9_0.4.noarch.rpm
SHA-256: b92124ada152c9dda1f5a77675391a6b964976c230cb1e6d7d4511a6a9e4cc35
httpd-manual-2.4.51-7.el9_0.4.noarch.rpm
SHA-256: c3147cdc2780f64b8f4216a44e84fba3dba65a02f53071dcc8e0f143cdbf8b63
httpd-tools-2.4.51-7.el9_0.4.aarch64.rpm
SHA-256: 5afa8810146f9f1af242186d42c0d5c84f6f47799d99cf15e45b2b1b65727e96
httpd-tools-debuginfo-2.4.51-7.el9_0.4.aarch64.rpm
SHA-256: 775679ace34668432a76cf81cb503a0aaff7bdb717efda30eaac3a865f61cbd9
mod_http2-1.15.19-3.el9_0.5.aarch64.rpm
SHA-256: c5db9b72570817183f2aff488e39dd37282027e5eed6fc5c7c1a214eb09f7699
mod_http2-debuginfo-1.15.19-3.el9_0.5.aarch64.rpm
SHA-256: 4b0626bdd641466becd963396f97fdf2e42953316df3f45e48b3593605863105
mod_http2-debugsource-1.15.19-3.el9_0.5.aarch64.rpm
SHA-256: bec41cda95e3c157e1454adeb51536fee118007af2649c92a163260b7facb2da
mod_ldap-2.4.51-7.el9_0.4.aarch64.rpm
SHA-256: 3433a138ac2a74100b191267df8beb1659f0143bdd6579f88b45c2105a25f18e
mod_ldap-debuginfo-2.4.51-7.el9_0.4.aarch64.rpm
SHA-256: c0c61c755850f24d911e072ff07e1d6260e065fc7adcb850a81b4d10f633a252
mod_lua-2.4.51-7.el9_0.4.aarch64.rpm
SHA-256: 5b7d645af3b8c0b5e43163a842ae9c425acd2851e922bf3c3f0a579ffed5e252
mod_lua-debuginfo-2.4.51-7.el9_0.4.aarch64.rpm
SHA-256: 56f5794251a2eabcb66ec9325f5b53e961cedcfebf8b550b98ae65c8691de711
mod_proxy_html-2.4.51-7.el9_0.4.aarch64.rpm
SHA-256: cb187807b957a5c4bbf1a83c922845851ae2e6bf94419215c807f686b0fb5000
mod_proxy_html-debuginfo-2.4.51-7.el9_0.4.aarch64.rpm
SHA-256: f2de099620303f9347f69992623d6c8ebde8495d607ac560607e5560dd59cf42
mod_session-2.4.51-7.el9_0.4.aarch64.rpm
SHA-256: bb050ad51134826563eae7cc096182eb13a47c0099187292ccdceeba1d40424f
mod_session-debuginfo-2.4.51-7.el9_0.4.aarch64.rpm
SHA-256: b3a8ff624d931fb7add07c7aa33c08949e68b8ee3f05f3cc50c9cd72bf190ea2
mod_ssl-2.4.51-7.el9_0.4.aarch64.rpm
SHA-256: adfc14266129fab2627d6e94359f508c9bd33d000bae26ccdb4debf3ca9ae354
mod_ssl-debuginfo-2.4.51-7.el9_0.4.aarch64.rpm
SHA-256: 6cc0682c10d807b60ce0dc55ff60925b957896afbec6603ed38e857b0c72a4f7
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0
SRPM
httpd-2.4.51-7.el9_0.4.src.rpm
SHA-256: f02356cca8868085a3137b73674a8374a61cf13c627c3e081260f124e8080e2a
mod_http2-1.15.19-3.el9_0.5.src.rpm
SHA-256: 8ac9c4f5785ecfc4eec416cd5cb3ddbe7b4541c433496d5fff5f2aa120aa5b0b
ppc64le
httpd-2.4.51-7.el9_0.4.ppc64le.rpm
SHA-256: a01ad7d2ccfa0a8effb36028a05a620fd8943ea41ee149f747cf6833483f5f1e
httpd-debuginfo-2.4.51-7.el9_0.4.ppc64le.rpm
SHA-256: 8c3c76d6f71310fb95bffdc4927e0ce902e0d91a388031a5fc2d9bcc6ec7a7a6
httpd-debugsource-2.4.51-7.el9_0.4.ppc64le.rpm
SHA-256: 58defb770eaac2601e68903dae20126d1b29ae4780c2b2fe835b7b519100234b
httpd-devel-2.4.51-7.el9_0.4.ppc64le.rpm
SHA-256: 7cc427c958da20e344719a1081f1dff797a955e3040b8a0130c8124e8da2b235
httpd-filesystem-2.4.51-7.el9_0.4.noarch.rpm
SHA-256: b92124ada152c9dda1f5a77675391a6b964976c230cb1e6d7d4511a6a9e4cc35
httpd-manual-2.4.51-7.el9_0.4.noarch.rpm
SHA-256: c3147cdc2780f64b8f4216a44e84fba3dba65a02f53071dcc8e0f143cdbf8b63
httpd-tools-2.4.51-7.el9_0.4.ppc64le.rpm
SHA-256: eeb95a88765700e0d8b9610f1dbfe811650ba4ea5f80006182bc58aefc11b5bb
httpd-tools-debuginfo-2.4.51-7.el9_0.4.ppc64le.rpm
SHA-256: c2fa2cca5651076304675ef038fdfcd6659f3d8fc81730633ec6608df58493b4
mod_http2-1.15.19-3.el9_0.5.ppc64le.rpm
SHA-256: c56ac833f30276d8560566bbe298c56b1daf20ee46f7ebdadf82c1c7aacb3ef0
mod_http2-debuginfo-1.15.19-3.el9_0.5.ppc64le.rpm
SHA-256: 777d2bb6ef360dec48989b78d39f24bee146cfc9fd08ae24cf7197a6496bd145
mod_http2-debugsource-1.15.19-3.el9_0.5.ppc64le.rpm
SHA-256: 3f021dea9f3824680e4dea5ce438affcfcd822afcedcef50c6f4a3f423b4bec1
mod_ldap-2.4.51-7.el9_0.4.ppc64le.rpm
SHA-256: c39de14ba2f0bd1163463df21ca4776bc67b48360868903bbdd8ae3eab7ee584
mod_ldap-debuginfo-2.4.51-7.el9_0.4.ppc64le.rpm
SHA-256: 7edbbb36f32d02f72e8bfa16b037a37cbda3faf0fc611f1e70175dbcd0d92734
mod_lua-2.4.51-7.el9_0.4.ppc64le.rpm
SHA-256: cde4aeafcae26950ba5925201783f1c8231ffbd3845a8e9404f6ce1d24b71483
mod_lua-debuginfo-2.4.51-7.el9_0.4.ppc64le.rpm
SHA-256: b0f53b814069792825f4e4b4edc2c24e7aa3a0cb141181af0691ec9766659d91
mod_proxy_html-2.4.51-7.el9_0.4.ppc64le.rpm
SHA-256: ef1de2e0eeb1efe3542a5e6d99145085a4d183a3a4c6c5e551df17310a6d203d
mod_proxy_html-debuginfo-2.4.51-7.el9_0.4.ppc64le.rpm
SHA-256: 3a96fbe42b52d026bb647906fb12e366f3acaa6254467c2ebb8ed0291c2d6318
mod_session-2.4.51-7.el9_0.4.ppc64le.rpm
SHA-256: eceb9678d12fbdd98848343e2a83ff989099b509e28bb8c51620b2bb898a4829
mod_session-debuginfo-2.4.51-7.el9_0.4.ppc64le.rpm
SHA-256: 66bfb6669316f72e7be154fb0c6f40e32965d503b6a387f6fb7727b7c342b263
mod_ssl-2.4.51-7.el9_0.4.ppc64le.rpm
SHA-256: 8d37543fc41fd0c33eafcc31938429963e5f829f76cc78d141e3a3f3eda9ddab
mod_ssl-debuginfo-2.4.51-7.el9_0.4.ppc64le.rpm
SHA-256: 1b2375139a2334c288e63ee2d44f89f655f7406b0a8e86c8afdac1ac7c4ab406
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0
SRPM
httpd-2.4.51-7.el9_0.4.src.rpm
SHA-256: f02356cca8868085a3137b73674a8374a61cf13c627c3e081260f124e8080e2a
mod_http2-1.15.19-3.el9_0.5.src.rpm
SHA-256: 8ac9c4f5785ecfc4eec416cd5cb3ddbe7b4541c433496d5fff5f2aa120aa5b0b
x86_64
httpd-2.4.51-7.el9_0.4.x86_64.rpm
SHA-256: 176d75f28b727e1efe0d57a6290e5deba8f17197d93fd5812192c0c0d0d7927c
httpd-debuginfo-2.4.51-7.el9_0.4.x86_64.rpm
SHA-256: ce2e59cdf938ae8debf42ac12eb60e66a1083970fba6784945cadb4ac45e7689
httpd-debugsource-2.4.51-7.el9_0.4.x86_64.rpm
SHA-256: 1a674686830c2c2c9b207d92c13c37e16dfcd05e116d08155df5fb32e40c7e68
httpd-devel-2.4.51-7.el9_0.4.x86_64.rpm
SHA-256: 121d48b0edf510e1a2cd808b535128c92f180117b0d2dc525c2e99e7985107b8
httpd-filesystem-2.4.51-7.el9_0.4.noarch.rpm
SHA-256: b92124ada152c9dda1f5a77675391a6b964976c230cb1e6d7d4511a6a9e4cc35
httpd-manual-2.4.51-7.el9_0.4.noarch.rpm
SHA-256: c3147cdc2780f64b8f4216a44e84fba3dba65a02f53071dcc8e0f143cdbf8b63
httpd-tools-2.4.51-7.el9_0.4.x86_64.rpm
SHA-256: 8b0f57eba7d985b68b9b4cd66a9770b70e2d027428c4030c32691570a79b116d
httpd-tools-debuginfo-2.4.51-7.el9_0.4.x86_64.rpm
SHA-256: 711c2469854a4f3546f140440601b05a3050e4cf4c92e807d1b68e2e37eaa442
mod_http2-1.15.19-3.el9_0.5.x86_64.rpm
SHA-256: 35465e92f2e8ba16171b1e93a6ba560cf2851ca16b0c721859e71930a5dca7a5
mod_http2-debuginfo-1.15.19-3.el9_0.5.x86_64.rpm
SHA-256: 1a18fd6c561fe409e0d2ada40dc87a8299f6016d5523421f4b79c44b4c182c00
mod_http2-debugsource-1.15.19-3.el9_0.5.x86_64.rpm
SHA-256: 0f99293b383612f07a2f106d645de51d5686838a6293d7f653ebd91a6cdfbb48
mod_ldap-2.4.51-7.el9_0.4.x86_64.rpm
SHA-256: 2200bdb329c570000e7bf3931cb0b98ee8db5ed7389a1920b5de7d9bc11626b9
mod_ldap-debuginfo-2.4.51-7.el9_0.4.x86_64.rpm
SHA-256: 891cfc7c7a15bf173925e68770bd40bdf420aaa34edacc09ed491ece92a0b8d5
mod_lua-2.4.51-7.el9_0.4.x86_64.rpm
SHA-256: ede55eb59397c4e28a65931679896a28813ec550e59bccb80c9081440f47ea2b
mod_lua-debuginfo-2.4.51-7.el9_0.4.x86_64.rpm
SHA-256: edeb971cc9316011779002535d9a8d15965be13eaf60c88ff7446b0a35655bed
mod_proxy_html-2.4.51-7.el9_0.4.x86_64.rpm
SHA-256: 33f887f9763e23a15713f6cef68bdd1429b5a99cf3fdc77f5201373f43421c89
mod_proxy_html-debuginfo-2.4.51-7.el9_0.4.x86_64.rpm
SHA-256: 8aa7425ab7a07ee596df9405634b834839f16dc1d892fde5859883bfed86df54
mod_session-2.4.51-7.el9_0.4.x86_64.rpm
SHA-256: 6867d39d44f2649d44b2205f8d1adf5b60c119c1cedce2ce87b25242ab6e4c4e
mod_session-debuginfo-2.4.51-7.el9_0.4.x86_64.rpm
SHA-256: 4e65e42c6c369b4183114fb2686cf5a680df73d9c5381a5a60fdc91833a9da2e
mod_ssl-2.4.51-7.el9_0.4.x86_64.rpm
SHA-256: d4ce82879302453338199b5de9292fc4c866eabbb73034239be132460b4cc67b
mod_ssl-debuginfo-2.4.51-7.el9_0.4.x86_64.rpm
SHA-256: 4e1783986117c5a43fa3a55c11710626d55b1db96565e147a4c3551403011311
Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0
SRPM
httpd-2.4.51-7.el9_0.4.src.rpm
SHA-256: f02356cca8868085a3137b73674a8374a61cf13c627c3e081260f124e8080e2a
mod_http2-1.15.19-3.el9_0.5.src.rpm
SHA-256: 8ac9c4f5785ecfc4eec416cd5cb3ddbe7b4541c433496d5fff5f2aa120aa5b0b
aarch64
httpd-2.4.51-7.el9_0.4.aarch64.rpm
SHA-256: 319dbffeacd97c97e1b523c9bf812430e19f99a1e88aca1152fa10e00a6fba7e
httpd-debuginfo-2.4.51-7.el9_0.4.aarch64.rpm
SHA-256: f001e1f717c38b850b22b4b22bfcd24cb3cbabf4802000728a10bed3f5b9b828
httpd-debugsource-2.4.51-7.el9_0.4.aarch64.rpm
SHA-256: 3814a607990c5f30253829b140756962f28c90276e68bf0fc10bd7a4d25d786c
httpd-devel-2.4.51-7.el9_0.4.aarch64.rpm
SHA-256: 6f86febbe040c9b63f3e0b6af4e1987b81a69a7264f81b3028bc34caff857802
httpd-filesystem-2.4.51-7.el9_0.4.noarch.rpm
SHA-256: b92124ada152c9dda1f5a77675391a6b964976c230cb1e6d7d4511a6a9e4cc35
httpd-manual-2.4.51-7.el9_0.4.noarch.rpm
SHA-256: c3147cdc2780f64b8f4216a44e84fba3dba65a02f53071dcc8e0f143cdbf8b63
httpd-tools-2.4.51-7.el9_0.4.aarch64.rpm
SHA-256: 5afa8810146f9f1af242186d42c0d5c84f6f47799d99cf15e45b2b1b65727e96
httpd-tools-debuginfo-2.4.51-7.el9_0.4.aarch64.rpm
SHA-256: 775679ace34668432a76cf81cb503a0aaff7bdb717efda30eaac3a865f61cbd9
mod_http2-1.15.19-3.el9_0.5.aarch64.rpm
SHA-256: c5db9b72570817183f2aff488e39dd37282027e5eed6fc5c7c1a214eb09f7699
mod_http2-debuginfo-1.15.19-3.el9_0.5.aarch64.rpm
SHA-256: 4b0626bdd641466becd963396f97fdf2e42953316df3f45e48b3593605863105
mod_http2-debugsource-1.15.19-3.el9_0.5.aarch64.rpm
SHA-256: bec41cda95e3c157e1454adeb51536fee118007af2649c92a163260b7facb2da
mod_ldap-2.4.51-7.el9_0.4.aarch64.rpm
SHA-256: 3433a138ac2a74100b191267df8beb1659f0143bdd6579f88b45c2105a25f18e
mod_ldap-debuginfo-2.4.51-7.el9_0.4.aarch64.rpm
SHA-256: c0c61c755850f24d911e072ff07e1d6260e065fc7adcb850a81b4d10f633a252
mod_lua-2.4.51-7.el9_0.4.aarch64.rpm
SHA-256: 5b7d645af3b8c0b5e43163a842ae9c425acd2851e922bf3c3f0a579ffed5e252
mod_lua-debuginfo-2.4.51-7.el9_0.4.aarch64.rpm
SHA-256: 56f5794251a2eabcb66ec9325f5b53e961cedcfebf8b550b98ae65c8691de711
mod_proxy_html-2.4.51-7.el9_0.4.aarch64.rpm
SHA-256: cb187807b957a5c4bbf1a83c922845851ae2e6bf94419215c807f686b0fb5000
mod_proxy_html-debuginfo-2.4.51-7.el9_0.4.aarch64.rpm
SHA-256: f2de099620303f9347f69992623d6c8ebde8495d607ac560607e5560dd59cf42
mod_session-2.4.51-7.el9_0.4.aarch64.rpm
SHA-256: bb050ad51134826563eae7cc096182eb13a47c0099187292ccdceeba1d40424f
mod_session-debuginfo-2.4.51-7.el9_0.4.aarch64.rpm
SHA-256: b3a8ff624d931fb7add07c7aa33c08949e68b8ee3f05f3cc50c9cd72bf190ea2
mod_ssl-2.4.51-7.el9_0.4.aarch64.rpm
SHA-256: adfc14266129fab2627d6e94359f508c9bd33d000bae26ccdb4debf3ca9ae354
mod_ssl-debuginfo-2.4.51-7.el9_0.4.aarch64.rpm
SHA-256: 6cc0682c10d807b60ce0dc55ff60925b957896afbec6603ed38e857b0c72a4f7
Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0
SRPM
httpd-2.4.51-7.el9_0.4.src.rpm
SHA-256: f02356cca8868085a3137b73674a8374a61cf13c627c3e081260f124e8080e2a
mod_http2-1.15.19-3.el9_0.5.src.rpm
SHA-256: 8ac9c4f5785ecfc4eec416cd5cb3ddbe7b4541c433496d5fff5f2aa120aa5b0b
s390x
httpd-2.4.51-7.el9_0.4.s390x.rpm
SHA-256: 5a5b690e77512b47a83a55aa552bc122b343d9ed7150a4038f5177100199a046
httpd-debuginfo-2.4.51-7.el9_0.4.s390x.rpm
SHA-256: 40ae689f9871f8acef3ddc7b1edd1fb7a9300fd92b2fe69b1ee3af482ad79a00
httpd-debugsource-2.4.51-7.el9_0.4.s390x.rpm
SHA-256: b7a2c12fa30784214b8a333a93459b64865956c9995e18a28bff9ec735280437
httpd-devel-2.4.51-7.el9_0.4.s390x.rpm
SHA-256: 62d67f479d427a1f83c9a28c842040e79cac277377f6ba16d72b50c7d12d7437
httpd-filesystem-2.4.51-7.el9_0.4.noarch.rpm
SHA-256: b92124ada152c9dda1f5a77675391a6b964976c230cb1e6d7d4511a6a9e4cc35
httpd-manual-2.4.51-7.el9_0.4.noarch.rpm
SHA-256: c3147cdc2780f64b8f4216a44e84fba3dba65a02f53071dcc8e0f143cdbf8b63
httpd-tools-2.4.51-7.el9_0.4.s390x.rpm
SHA-256: 3efabd8c2dcd25a439df675ba81570b876beddf4abfd61636cf4d52172cfc8d2
httpd-tools-debuginfo-2.4.51-7.el9_0.4.s390x.rpm
SHA-256: 46dceabcfdebd8b813e675dfb7d6522330672ac7b41dd9bef57f94289c000f50
mod_http2-1.15.19-3.el9_0.5.s390x.rpm
SHA-256: 2f7c410ef6ce0a989cdd9fde7dc4b26d52789d50569f574466a43cbbe87f11ef
mod_http2-debuginfo-1.15.19-3.el9_0.5.s390x.rpm
SHA-256: e36b365dcd487f66ccb283e643f71ea1aa6b0f09c84fba40929029213c8ac19d
mod_http2-debugsource-1.15.19-3.el9_0.5.s390x.rpm
SHA-256: 31519e56f70d0cac3760749ed1f291052405fdbc0f8e0e4680d8b9250c9a2cd6
mod_ldap-2.4.51-7.el9_0.4.s390x.rpm
SHA-256: b0a578bc26b4a173db153d7c22ab681a067251a9d91a4be2f8cceef337eaa24c
mod_ldap-debuginfo-2.4.51-7.el9_0.4.s390x.rpm
SHA-256: 140d9507df966e9cba35374a8d51674802675bec158e9447d72c92f5c82236b2
mod_lua-2.4.51-7.el9_0.4.s390x.rpm
SHA-256: ae5f23f1154d2249151c9a03ad2604a596a2f17e95f6a9b64ddc215ebf9f0c5e
mod_lua-debuginfo-2.4.51-7.el9_0.4.s390x.rpm
SHA-256: 3f4b0b075a80a641b411845124d1550fa47e66a3d195129f2d8d509f4cb91eea
mod_proxy_html-2.4.51-7.el9_0.4.s390x.rpm
SHA-256: dc67f3e2147826b01b5eda7b72c98f4e6cdabca0906a2e5a514881f504b9f486
mod_proxy_html-debuginfo-2.4.51-7.el9_0.4.s390x.rpm
SHA-256: b5c882274840e9630658b4b6fbb61733673fb6d4fbfcc916f66dd0b9ac640986
mod_session-2.4.51-7.el9_0.4.s390x.rpm
SHA-256: 89a91a9e249bcbd7150da8cbea5bda7ee00e42198ed53281dc376199bbd86350
mod_session-debuginfo-2.4.51-7.el9_0.4.s390x.rpm
SHA-256: 2abc9277ea1a244233d4b848d0ece3427168b9ace2e697d4a30cee6182641502
mod_ssl-2.4.51-7.el9_0.4.s390x.rpm
SHA-256: 4b11a21f0ba3eafaf772ecdb6f7c0c240006520a6ae686afcd0415e1f0331c24
mod_ssl-debuginfo-2.4.51-7.el9_0.4.s390x.rpm
SHA-256: 8bd10c66c3a3fe90da92967738cd78b39e342e959e3b753577eac8c112ce9e45
Related news
Gentoo Linux Security Advisory 202309-1 - Multiple vulnerabilities have been discovered in Apache HTTPD, the worst of which could result in denial of service. Versions greater than or equal to 2.4.56 are affected.
An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component.
An update is now available for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 on Red Hat Enterprise Linux versions 7 and 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-4304: A timing-based side channel exists in the Open...
Red Hat Security Advisory 2023-3292-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-suppli...
Red Hat Security Advisory 2023-1916-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Red Hat Security Advisory 2023-1670-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations a...
Red Hat Security Advisory 2023-1597-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Red Hat Security Advisory 2023-1547-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches ...
An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request...
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25690: A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches ...
Ubuntu Security Notice 5942-2 - USN-5942-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding update for CVE-2023-25690 for Ubuntu 16.04 ESM. Lars Krapf discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain configurations. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.
Debian Linux Security Advisory 5376-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service.
Ubuntu Security Notice 5942-1 - Lars Krapf discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain configurations. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server mod_proxy_uwsgi module incorrectly handled certain special characters. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.