Headline
RHSA-2023:0970: Red Hat Security Advisory: httpd security and bug fix update
An update for httpd is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted “If:” request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service.
- CVE-2022-36760: A flaw was found in the mod_proxy_ajp module of httpd. The connection is not closed when there is an invalid Transfer-Encoding header, allowing an attacker to smuggle requests to the AJP server, where it forwards requests.
- CVE-2022-37436: A flaw was found in the mod_proxy module of httpd. A malicious backend can cause the response headers to be truncated because they are not cleaned when an error is found while reading them, resulting in some headers being incorporated into the response body and not being interpreted by a client.
Synopsis
Moderate: httpd security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for httpd is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
- httpd: mod_dav: out-of-bounds read/write of zero byte (CVE-2006-20001)
- httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-36760)
- httpd: mod_proxy: HTTP response splitting (CVE-2022-37436)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- httpd-init fails to create localhost.crt, localhost.key due to “sscg” default now creates a /dhparams.pem and is not idempotent if the file /dhparams.pem already exists. (BZ#2165975)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
Fixes
- BZ - 2161773 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting
- BZ - 2161774 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write of zero byte
- BZ - 2161777 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request smuggling
Red Hat Enterprise Linux for x86_64 9
SRPM
httpd-2.4.53-7.el9_1.1.src.rpm
SHA-256: 3852ca714e282f4c3ac2c553e610968ae570e312fa4932e0bf930e920e965e25
x86_64
httpd-2.4.53-7.el9_1.1.x86_64.rpm
SHA-256: ecc312bafcb157937e09f96bd9b59a1e4cd3289985652f8a50bd741a612f4086
httpd-core-2.4.53-7.el9_1.1.x86_64.rpm
SHA-256: 751628fa9da691ec0df09c7a2bf4932ad8ea1ea7f03eeedb709e9e89187c888c
httpd-core-debuginfo-2.4.53-7.el9_1.1.x86_64.rpm
SHA-256: dc9ec4686a0d78ece353a96ba304e5648a264c5156325eec2a238a01a5c98fe1
httpd-debuginfo-2.4.53-7.el9_1.1.x86_64.rpm
SHA-256: 112972042177d464ea30670744e2e49bd8ab8ae152a1113113c74ecf08efacbd
httpd-debugsource-2.4.53-7.el9_1.1.x86_64.rpm
SHA-256: 21548333b55486bf2a149bdc244b2ebacb5d364ba478c369cd04148269f74ae8
httpd-devel-2.4.53-7.el9_1.1.x86_64.rpm
SHA-256: 92ae778937a091ffe16556b8da60fa581ef37cd9107abf221cbf8678eac778c4
httpd-filesystem-2.4.53-7.el9_1.1.noarch.rpm
SHA-256: f076031d35778a62c4bcbc42d3fe4a6895b3b0b3a8a86fcac0b6e98fa901033e
httpd-manual-2.4.53-7.el9_1.1.noarch.rpm
SHA-256: ea245f97cb2b592afeed9fb07b2219eed3539b1cd12509cb70c4023c58eceab3
httpd-tools-2.4.53-7.el9_1.1.x86_64.rpm
SHA-256: b7cb4945b02ebe8c62e6811c153641acf819a90ab65524e33779e008daf7073d
httpd-tools-debuginfo-2.4.53-7.el9_1.1.x86_64.rpm
SHA-256: 05c2c77bee0fb2f6e2bb2489ad982e801b19278b1fbf7a10d2233315dd2eefc3
mod_ldap-2.4.53-7.el9_1.1.x86_64.rpm
SHA-256: 7ba708d55c0c73a52f874ecba03ab957641b4e300c93db4c6541d8978e5dabaa
mod_ldap-debuginfo-2.4.53-7.el9_1.1.x86_64.rpm
SHA-256: 31151afb69872e903bb4e9c2d49e730f4480d72bed5141a36d303d498362d4c3
mod_lua-2.4.53-7.el9_1.1.x86_64.rpm
SHA-256: 2833b0b026e63a25371f83ba6688c43abb0eb7287fb1abce9d8c15ced4085002
mod_lua-debuginfo-2.4.53-7.el9_1.1.x86_64.rpm
SHA-256: 223268edbf139689bfebca11cc76b961c744d9f96d536fcd4e777a37cf63d4c2
mod_proxy_html-2.4.53-7.el9_1.1.x86_64.rpm
SHA-256: 2811450745b7be952d9d2139c5c3ab428c7f328b48037dba472b9a8d5226f1af
mod_proxy_html-debuginfo-2.4.53-7.el9_1.1.x86_64.rpm
SHA-256: 068c935ec90a341ab428475adbfd474d19acbf1aa925f1c0ad0bbdd055274124
mod_session-2.4.53-7.el9_1.1.x86_64.rpm
SHA-256: 234c4754905792babbc962f57e31a1d931ed82acccee3db6063692ac7ec4962e
mod_session-debuginfo-2.4.53-7.el9_1.1.x86_64.rpm
SHA-256: ddeebfcc51920225945875db11264e71e769ecde83e1001fb57a7cab5d873c66
mod_ssl-2.4.53-7.el9_1.1.x86_64.rpm
SHA-256: 77bf6b91da7f15f18a3746ceb824bf18f3d29282828dc0ba7e39e27a065919a2
mod_ssl-debuginfo-2.4.53-7.el9_1.1.x86_64.rpm
SHA-256: d1e77754c162e62cf6cdd9cb04d2600c4c9bda51d37dd0edf9b3e952d0e6e7ca
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
httpd-2.4.53-7.el9_1.1.src.rpm
SHA-256: 3852ca714e282f4c3ac2c553e610968ae570e312fa4932e0bf930e920e965e25
s390x
httpd-2.4.53-7.el9_1.1.s390x.rpm
SHA-256: 5fd8cd1fe30fa55b2b645f1511784a9710a8a4b4c300a5dbbc45b857026703b1
httpd-core-2.4.53-7.el9_1.1.s390x.rpm
SHA-256: 0bc42fb5a920ea015bdd570a6bd8d48958242445c7e7f46afa17be1d7225654b
httpd-core-debuginfo-2.4.53-7.el9_1.1.s390x.rpm
SHA-256: 5480104a07abf5ed6d78029fb8174ba61b8c5a082e83404e1435c39ae861ed48
httpd-debuginfo-2.4.53-7.el9_1.1.s390x.rpm
SHA-256: c18c42b4551b8e166d8553ebfd94a4c70af174241793b99ad5ef4ed0ae245876
httpd-debugsource-2.4.53-7.el9_1.1.s390x.rpm
SHA-256: e925a4e144974d39855d0bf76a6b213bedd9765130eb7146a61fdda45d1c5181
httpd-devel-2.4.53-7.el9_1.1.s390x.rpm
SHA-256: 38fd0cb9cc3355ac332c7eb5b7b54463590d88a2986c0d559ef597d7b28d9155
httpd-filesystem-2.4.53-7.el9_1.1.noarch.rpm
SHA-256: f076031d35778a62c4bcbc42d3fe4a6895b3b0b3a8a86fcac0b6e98fa901033e
httpd-manual-2.4.53-7.el9_1.1.noarch.rpm
SHA-256: ea245f97cb2b592afeed9fb07b2219eed3539b1cd12509cb70c4023c58eceab3
httpd-tools-2.4.53-7.el9_1.1.s390x.rpm
SHA-256: 656cf3cd81bc4ba8185ee522fd816b4e5915df0c9f9db1b94cc926e96135a13f
httpd-tools-debuginfo-2.4.53-7.el9_1.1.s390x.rpm
SHA-256: 0fadae90296fa17bc99a84d5c52f866a83fa6deb016a877b13c7ddbdfe58b97c
mod_ldap-2.4.53-7.el9_1.1.s390x.rpm
SHA-256: 0b65aaceadca978a899c794f820feacb415da4728cd7efa30e31560292c26b9d
mod_ldap-debuginfo-2.4.53-7.el9_1.1.s390x.rpm
SHA-256: 427e418000458914a1ad08490b47d030d36c54359b49473addb610bdd9334c16
mod_lua-2.4.53-7.el9_1.1.s390x.rpm
SHA-256: 98c31b345b0d3d5e91476ef5bf8b5b290e88806a2c99a3da629eefa42f5af77f
mod_lua-debuginfo-2.4.53-7.el9_1.1.s390x.rpm
SHA-256: 077664a0563d86cd9b562d4434ad2fa6cecd91a1cbe5989301007dcbf8ae3f95
mod_proxy_html-2.4.53-7.el9_1.1.s390x.rpm
SHA-256: 8240b9f1194de581e7c2ef3946f4fcff67043e86283ba17bf7c588f0f0aefa90
mod_proxy_html-debuginfo-2.4.53-7.el9_1.1.s390x.rpm
SHA-256: efa73bb8f24f8fbdd6b446a4ecb19de484863408902dffcbbca65c477a0fe08b
mod_session-2.4.53-7.el9_1.1.s390x.rpm
SHA-256: eb30306210000ee90b484e57291c80d04a3072d3c33ab4a71c04f79e628163a0
mod_session-debuginfo-2.4.53-7.el9_1.1.s390x.rpm
SHA-256: 329da7695f88721a0afd0af479528d9c82e0b16d2f4ea0a309a52dd8ef0485e6
mod_ssl-2.4.53-7.el9_1.1.s390x.rpm
SHA-256: 6db68701e15c252ceaea768743f9a001d26100e5be9be986ef87e8f2efb49ce4
mod_ssl-debuginfo-2.4.53-7.el9_1.1.s390x.rpm
SHA-256: 38155de61a3bfbc6f85d5941f11cfe70a69dfef75112144662b2098fc51700d9
Red Hat Enterprise Linux for Power, little endian 9
SRPM
httpd-2.4.53-7.el9_1.1.src.rpm
SHA-256: 3852ca714e282f4c3ac2c553e610968ae570e312fa4932e0bf930e920e965e25
ppc64le
httpd-2.4.53-7.el9_1.1.ppc64le.rpm
SHA-256: 71c58d137f1c84183496cbca4921c82bc76c8e0f1c1fa268f79771e9bff27123
httpd-core-2.4.53-7.el9_1.1.ppc64le.rpm
SHA-256: 93cf5998c6bbaf33f9dc55c85826254ce5b56180fc17e31d9323d87cf6c0296f
httpd-core-debuginfo-2.4.53-7.el9_1.1.ppc64le.rpm
SHA-256: 0364c3310f751d5525182ca71f5bef3c671c56eb2fe79b9c5e6c39ff0409a15e
httpd-debuginfo-2.4.53-7.el9_1.1.ppc64le.rpm
SHA-256: e3dafaa1a1101e63235d59b713bb194d8ad0e59536f8e799f25466e2ccde3508
httpd-debugsource-2.4.53-7.el9_1.1.ppc64le.rpm
SHA-256: 85faab5f399ed0b3f7dd94abf714caa744aa4f4453ec65b47ab1d424c05346b2
httpd-devel-2.4.53-7.el9_1.1.ppc64le.rpm
SHA-256: a00edd8d3a0265cfd4d6705d38bd60a2c631b5b06a76d17c17040c823c1a264a
httpd-filesystem-2.4.53-7.el9_1.1.noarch.rpm
SHA-256: f076031d35778a62c4bcbc42d3fe4a6895b3b0b3a8a86fcac0b6e98fa901033e
httpd-manual-2.4.53-7.el9_1.1.noarch.rpm
SHA-256: ea245f97cb2b592afeed9fb07b2219eed3539b1cd12509cb70c4023c58eceab3
httpd-tools-2.4.53-7.el9_1.1.ppc64le.rpm
SHA-256: d3ff62db0fa37a0ebf2dfa6ae48cbd303ef0bc66ae489d0464a6f989a7c211ac
httpd-tools-debuginfo-2.4.53-7.el9_1.1.ppc64le.rpm
SHA-256: 5fccafce05e6292e8c37c89db0e57bc6c834f7abd11af49d6d795d938cf945d2
mod_ldap-2.4.53-7.el9_1.1.ppc64le.rpm
SHA-256: fa82d794b85f3700186338b0b131ccd2004f41f0909d9715ceffe422a14e0626
mod_ldap-debuginfo-2.4.53-7.el9_1.1.ppc64le.rpm
SHA-256: ddc62b3b880952aef8472096e264a86415d88b18f6db4b93ef9780c79d221d5a
mod_lua-2.4.53-7.el9_1.1.ppc64le.rpm
SHA-256: bf49f0cdf6abb1405a950487dc7abfb127248ea13dd2b938a67b47e93a1ce023
mod_lua-debuginfo-2.4.53-7.el9_1.1.ppc64le.rpm
SHA-256: 14c46f00f574a6c028f51a60cb9a41309d45cbc4dd2b484599514e0e84d3ed59
mod_proxy_html-2.4.53-7.el9_1.1.ppc64le.rpm
SHA-256: 717b4d79735279023d5e59f75543300d466aeac622a947bf5a2209256bcaf144
mod_proxy_html-debuginfo-2.4.53-7.el9_1.1.ppc64le.rpm
SHA-256: 5361103ca700114f48ef4e834c331f2017931f1409ccd8b9fb52a69ceec6a90a
mod_session-2.4.53-7.el9_1.1.ppc64le.rpm
SHA-256: 63369b04af7939e18c6abd4c4c125c55ed830fa8f664a2dc20fd15edb33acb53
mod_session-debuginfo-2.4.53-7.el9_1.1.ppc64le.rpm
SHA-256: a5d956680c90a9514582cc6fc0efd355d286c99afed288d915e2861804221266
mod_ssl-2.4.53-7.el9_1.1.ppc64le.rpm
SHA-256: 7b56a88d619646ecf22a507a8d2279ee2dd70fb50bb230cb1d606607fbcb99fd
mod_ssl-debuginfo-2.4.53-7.el9_1.1.ppc64le.rpm
SHA-256: 29f52cf34582dec60a458c6dd9d2fb73a54a4459f381ca6226083628d4e7a1e8
Red Hat Enterprise Linux for ARM 64 9
SRPM
httpd-2.4.53-7.el9_1.1.src.rpm
SHA-256: 3852ca714e282f4c3ac2c553e610968ae570e312fa4932e0bf930e920e965e25
aarch64
httpd-2.4.53-7.el9_1.1.aarch64.rpm
SHA-256: f25197792e585d705464f0404b648ebee2939cfa1de398ca524573e5800bcebd
httpd-core-2.4.53-7.el9_1.1.aarch64.rpm
SHA-256: 20e4f624cbe58ec674a89c02a2e944a14b5b5d17186c416e5cfcbcd55fa6d678
httpd-core-debuginfo-2.4.53-7.el9_1.1.aarch64.rpm
SHA-256: dfa56af71df49f24130a967beb3541e1eb81ff97cbe1bfdcefba158f200f7a75
httpd-debuginfo-2.4.53-7.el9_1.1.aarch64.rpm
SHA-256: 1f647b5384165b6f547fd2b6c651906cea4f5d0389738ca1cfcaf787478a1d95
httpd-debugsource-2.4.53-7.el9_1.1.aarch64.rpm
SHA-256: b5fbd0fa5c77eaa0a69fb37f8cb5b6842a61db6bee9078c01dd8acca148f675f
httpd-devel-2.4.53-7.el9_1.1.aarch64.rpm
SHA-256: 7fc5b162546e52cf42c41ebc2dc94eb43d65f64521abd49e007436049b37711e
httpd-filesystem-2.4.53-7.el9_1.1.noarch.rpm
SHA-256: f076031d35778a62c4bcbc42d3fe4a6895b3b0b3a8a86fcac0b6e98fa901033e
httpd-manual-2.4.53-7.el9_1.1.noarch.rpm
SHA-256: ea245f97cb2b592afeed9fb07b2219eed3539b1cd12509cb70c4023c58eceab3
httpd-tools-2.4.53-7.el9_1.1.aarch64.rpm
SHA-256: 285f17f9ffcd7f3cf10bff17a62f0c95f1778e3f3b01da031d065545d6540ab4
httpd-tools-debuginfo-2.4.53-7.el9_1.1.aarch64.rpm
SHA-256: 468694f54e243e307f4c9ea6dbe50b09335f82cf8856c2718cdf8eb33f7d2fe0
mod_ldap-2.4.53-7.el9_1.1.aarch64.rpm
SHA-256: 278dc1defec2f69d2a400a02f922e5e30ea68643133074262e5414cb6fd0f069
mod_ldap-debuginfo-2.4.53-7.el9_1.1.aarch64.rpm
SHA-256: 2f85c052fcabb3ab29fd28a177e4d2c2f6af0c011f41fbcb37cbb21fe1f3ea7f
mod_lua-2.4.53-7.el9_1.1.aarch64.rpm
SHA-256: 8649a3b1c7bca73d3fe2a0720be4bc11a91bf5e5e6658a89ad0b06e3a58b3cb7
mod_lua-debuginfo-2.4.53-7.el9_1.1.aarch64.rpm
SHA-256: 787009bebfa9dbe709f0625863ceffe159a35dda83c403f95b52b1e67f6eeea1
mod_proxy_html-2.4.53-7.el9_1.1.aarch64.rpm
SHA-256: c3cc86624e329ced4cf789886f68f14341ae99266ad9d20813cf1dbe22c4f459
mod_proxy_html-debuginfo-2.4.53-7.el9_1.1.aarch64.rpm
SHA-256: 402ed7a1be11ac46a34c3aaab2d5484fed2e553e6c588b44f528deffb2971547
mod_session-2.4.53-7.el9_1.1.aarch64.rpm
SHA-256: 89d7b7d3ca263485c08f67114cbb120cfeabba642955e34fa7d72d67fbaabf96
mod_session-debuginfo-2.4.53-7.el9_1.1.aarch64.rpm
SHA-256: 61d1c458002a8ecdf912ea9462c73de8fb8bdd83da8b431b3831fce7150bd3ad
mod_ssl-2.4.53-7.el9_1.1.aarch64.rpm
SHA-256: c3917b48375918dbee50982566620d093d518769d41b6630ada31f9423c0502d
mod_ssl-debuginfo-2.4.53-7.el9_1.1.aarch64.rpm
SHA-256: 3c17b620234bc5134b2495a48b59facfbaf4a77c7fc581f02ab8e47e0b45f0ac
Related news
Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
Gentoo Linux Security Advisory 202309-1 - Multiple vulnerabilities have been discovered in Apache HTTPD, the worst of which could result in denial of service. Versions greater than or equal to 2.4.56 are affected.
Red Hat Security Advisory 2023-4628-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP response splitting, bypass, integer overflow, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-4629-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section. Issues addressed include HTTP response splitting, bypass, integer overflow, and use-after-free vulnerabilities.
Dell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of insufficient privileges vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to elevation of privilege and affect in compliance mode also.
An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24963: A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer. * CVE-2022-36760: A flaw was found in the mod_proxy_ajp module of httpd. The connection is not closed when there is an invalid Transfer-Encoding header, allowing an attacker to smuggle requests to the AJP server, where it forw...
Red Hat JBoss Core Services Apache HTTP Server 2.4.57 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24963: A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer. * CVE-2022-28331: A flaw was found in Apache Portable Runtime, affecting versions <= 1.7.0. This issue may allow a malicious user to write beyond the end of a stack buffer and cause an integer overflow. This affect...
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.
An update is now available for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 on Red Hat Enterprise Linux versions 7 and 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-4304: A timing-based side channel exists in the Open...
Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-4304: A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficien...
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
Debian Linux Security Advisory 5376-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service.
Red Hat Security Advisory 2023-0970-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include HTTP response splitting and out of bounds read vulnerabilities.
Red Hat Security Advisory 2023-0852-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include HTTP response splitting and out of bounds read vulnerabilities.
Red Hat Security Advisory 2023-0852-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include HTTP response splitting and out of bounds read vulnerabilities.
Red Hat Security Advisory 2023-0852-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include HTTP response splitting and out of bounds read vulnerabilities.
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-36760: A flaw was found in the mod_proxy_ajp module of httpd. The connection is not closed when there is an invalid...
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-36760: A flaw was found in the mod_proxy_ajp module of httpd. The connection is not closed when there is an invalid...
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2006-20001: A flaw was found in the mod_dav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service. * CVE-2022-36760: A flaw was found in the mod_proxy_ajp module of httpd. The connection is not closed when there is an invalid...
Ubuntu Security Notice 5839-2 - USN-5839-1 fixed a vulnerability in Apache. This update provides the corresponding update for Ubuntu 16.04 ESM. Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server mod_proxy module incorrectly truncated certain response headers. This may result in later headers not being interpreted by the client.
Ubuntu Security Notice 5839-1 - It was discovered that the Apache HTTP Server mod_dav module incorrectly handled certain If: request headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. ZeddYu_Lu discovered that the Apache HTTP Server mod_proxy_ajp module incorrectly interpreted certain HTTP Requests. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.
Ubuntu Security Notice 5839-1 - It was discovered that the Apache HTTP Server mod_dav module incorrectly handled certain If: request headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. ZeddYu_Lu discovered that the Apache HTTP Server mod_proxy_ajp module incorrectly interpreted certain HTTP Requests. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.
Ubuntu Security Notice 5839-1 - It was discovered that the Apache HTTP Server mod_dav module incorrectly handled certain If: request headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. ZeddYu_Lu discovered that the Apache HTTP Server mod_proxy_ajp module incorrectly interpreted certain HTTP Requests. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.
Ubuntu Security Notice 5834-1 - It was discovered that the Apache HTTP Server mod_dav module did not properly handle specially crafted request headers. A remote attacker could possibly use this issue to cause the process to crash, leading to a denial of service. It was discovered that the Apache HTTP Server mod_proxy_ajp module did not properly handle certain invalid Transfer-Encoding headers. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.
Ubuntu Security Notice 5834-1 - It was discovered that the Apache HTTP Server mod_dav module did not properly handle specially crafted request headers. A remote attacker could possibly use this issue to cause the process to crash, leading to a denial of service. It was discovered that the Apache HTTP Server mod_proxy_ajp module did not properly handle certain invalid Transfer-Encoding headers. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.