Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-13950 (GCVE-0-2020-13950)
Vulnerability from cvelistv5 – Published: 2021-06-10 07:10 – Updated: 2024-08-04 12:32
VLAI?
EPSS
Title
mod_proxy_http NULL pointer dereference
Summary
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service
Severity ?
No CVSS data available.
CWE
- mod_proxy_http NULL pointer dereference
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://httpd.apache.org/security/vulnerabilities_… | x_refsource_MISC |
| https://lists.apache.org/thread.html/re026d3da9d7… | x_refsource_MISC |
| https://lists.apache.org/thread.html/rbe197409ae4… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/r7f2b70b6216… | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2021/06/10/4 | mailing-listx_refsource_MLIST |
| https://security.gentoo.org/glsa/202107-38 | vendor-advisoryx_refsource_GENTOO |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://www.oracle.com/security-alerts/cpuoct2021.html | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2021070… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache HTTP Server |
Affected:
2.4.46
Affected: 2.4.43 Affected: 2.4.41 |
Credits
Reported by Marc Stern (<marc.stern approach.be>)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:32:14.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-announce] 20210609 CVE-2020-13950: mod_proxy_http NULL pointer dereference",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rbe197409ae4a58b629fb792d1aed541ccbbf865121a80e1c5938d223%40%3Cannounce.httpd.apache.org%3E"
},
{
"name": "[httpd-dev] 20210610 Re: svn commit: r1890598 - in /httpd/site/trunk/content/security/json: CVE-2019-17567.json CVE-2020-13938.json CVE-2020-13950.json CVE-2020-35452.json CVE-2021-26690.json CVE-2021-26691.json CVE-2021-30641.json CVE-2021-31618.json",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E"
},
{
"name": "[oss-security] 20210609 CVE-2020-13950: Apache httpd: mod_proxy_http NULL pointer dereference",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/06/10/4"
},
{
"name": "GLSA-202107-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-38"
},
{
"name": "FEDORA-2021-dce7e7738e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/"
},
{
"name": "FEDORA-2021-e3f6dd670d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210702-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache HTTP Server",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "2.4.46"
},
{
"status": "affected",
"version": "2.4.43"
},
{
"status": "affected",
"version": "2.4.41"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported by Marc Stern (\u003cmarc.stern approach.be\u003e)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service"
}
],
"metrics": [
{
"other": {
"content": {
"other": "low"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "mod_proxy_http NULL pointer dereference",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-20T10:39:01.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-announce] 20210609 CVE-2020-13950: mod_proxy_http NULL pointer dereference",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rbe197409ae4a58b629fb792d1aed541ccbbf865121a80e1c5938d223%40%3Cannounce.httpd.apache.org%3E"
},
{
"name": "[httpd-dev] 20210610 Re: svn commit: r1890598 - in /httpd/site/trunk/content/security/json: CVE-2019-17567.json CVE-2020-13938.json CVE-2020-13950.json CVE-2020-35452.json CVE-2021-26690.json CVE-2021-26691.json CVE-2021-30641.json CVE-2021-31618.json",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E"
},
{
"name": "[oss-security] 20210609 CVE-2020-13950: Apache httpd: mod_proxy_http NULL pointer dereference",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/06/10/4"
},
{
"name": "GLSA-202107-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-38"
},
{
"name": "FEDORA-2021-dce7e7738e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/"
},
{
"name": "FEDORA-2021-e3f6dd670d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210702-0001/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "mod_proxy_http NULL pointer dereference",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-13950",
"STATE": "PUBLIC",
"TITLE": "mod_proxy_http NULL pointer dereference"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache HTTP Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "2.4",
"version_value": "2.4.46"
},
{
"version_affected": "=",
"version_name": "2.4",
"version_value": "2.4.43"
},
{
"version_affected": "=",
"version_name": "2.4",
"version_value": "2.4.41"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Reported by Marc Stern (\u003cmarc.stern approach.be\u003e)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{
"other": "low"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "mod_proxy_http NULL pointer dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "MISC",
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-announce] 20210609 CVE-2020-13950: mod_proxy_http NULL pointer dereference",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rbe197409ae4a58b629fb792d1aed541ccbbf865121a80e1c5938d223@%3Cannounce.httpd.apache.org%3E"
},
{
"name": "[httpd-dev] 20210610 Re: svn commit: r1890598 - in /httpd/site/trunk/content/security/json: CVE-2019-17567.json CVE-2020-13938.json CVE-2020-13950.json CVE-2020-35452.json CVE-2021-26690.json CVE-2021-26691.json CVE-2021-30641.json CVE-2021-31618.json",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E"
},
{
"name": "[oss-security] 20210609 CVE-2020-13950: Apache httpd: mod_proxy_http NULL pointer dereference",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/06/10/4"
},
{
"name": "GLSA-202107-38",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-38"
},
{
"name": "FEDORA-2021-dce7e7738e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/"
},
{
"name": "FEDORA-2021-e3f6dd670d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210702-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210702-0001/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2020-13950",
"datePublished": "2021-06-10T07:10:21.000Z",
"dateReserved": "2020-06-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:32:14.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-13950",
"date": "2026-05-24",
"epss": "0.21543",
"percentile": "0.95796"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.4.41\", \"versionEndIncluding\": \"2.4.46\", \"matchCriteriaId\": \"604E7899-D56F-48E7-9629-B8FCB033256B\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A930E247-0B43-43CB-98FF-6CE7B8189835\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B095CC03-7077-4A58-AB25-CC5380CDCE5A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F69B9A5-F21B-4904-9F27-95C0F7A628E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D3E503FB-6279-4D4A-91D8-E237ECF9D2B0\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service\"}, {\"lang\": \"es\", \"value\": \"Apache HTTP Server versiones 2.4.41 a 2.4.46 la funci\\u00f3n mod_proxy_http puede bloquearse (desviaci\\u00f3n del puntero NULL) con peticiones especialmente dise\\u00f1adas que utilicen las encabezados Content-Length y Transfer-Encoding, provocando una denegaci\\u00f3n de servicio\"}]",
"id": "CVE-2020-13950",
"lastModified": "2024-11-21T05:02:13.150",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2021-06-10T07:15:07.440",
"references": "[{\"url\": \"http://httpd.apache.org/security/vulnerabilities_24.html\", \"source\": \"security@apache.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2021/06/10/4\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/rbe197409ae4a58b629fb792d1aed541ccbbf865121a80e1c5938d223%40%3Cannounce.httpd.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Release Notes\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/\", \"source\": \"security@apache.org\"}, {\"url\": \"https://security.gentoo.org/glsa/202107-38\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20210702-0001/\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://httpd.apache.org/security/vulnerabilities_24.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2021/06/10/4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rbe197409ae4a58b629fb792d1aed541ccbbf865121a80e1c5938d223%40%3Cannounce.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Release Notes\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/202107-38\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20210702-0001/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-476\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-13950\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2021-06-10T07:15:07.440\",\"lastModified\":\"2024-11-21T05:02:13.150\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service\"},{\"lang\":\"es\",\"value\":\"Apache HTTP Server versiones 2.4.41 a 2.4.46 la funci\u00f3n mod_proxy_http puede bloquearse (desviaci\u00f3n del puntero NULL) con peticiones especialmente dise\u00f1adas que utilicen las encabezados Content-Length y Transfer-Encoding, provocando una denegaci\u00f3n de servicio\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.4.41\",\"versionEndIncluding\":\"2.4.46\",\"matchCriteriaId\":\"604E7899-D56F-48E7-9629-B8FCB033256B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B095CC03-7077-4A58-AB25-CC5380CDCE5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F69B9A5-F21B-4904-9F27-95C0F7A628E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3E503FB-6279-4D4A-91D8-E237ECF9D2B0\"}]}]}],\"references\":[{\"url\":\"http://httpd.apache.org/security/vulnerabilities_24.html\",\"source\":\"security@apache.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/06/10/4\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rbe197409ae4a58b629fb792d1aed541ccbbf865121a80e1c5938d223%40%3Cannounce.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Release Notes\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/\",\"source\":\"security@apache.org\"},{\"url\":\"https://security.gentoo.org/glsa/202107-38\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20210702-0001/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://httpd.apache.org/security/vulnerabilities_24.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/06/10/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rbe197409ae4a58b629fb792d1aed541ccbbf865121a80e1c5938d223%40%3Cannounce.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Release Notes\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202107-38\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20210702-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
CERTFR-2024-AVI-0575
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 22.2-EVO antérieures à 22.2R3-S4-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 22.3-EVO antérieures à 22.3R3-S3-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 22.4-EVO antérieures à 22.4R3-S2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 23.2-EVO antérieures à 23.2R2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 23.4-EVO antérieures à 23.4R1-S2-EVO | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 21.2 antérieures à 21.2R3-S8 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 21.4 antérieures à 21.4R3-S6 | ||
| Juniper Networks | N/A | Junos OS versions 22.3 antérieures à 22.3R2-S2 | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 23.4-EVO antérieures à 23.4R2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions antérieures à 21.2R3-S8-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 21.2-EVO antérieures à 21.2R3-S7-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 21.3-EVO antérieures à 21.3R3-S5-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 21.4-EVO antérieures à 21.4R2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 21.4-EVO antérieures à 21.4R3-S8-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.1-EVO antérieures à 22.1R3-S6-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.2-EVO antérieures à 22.2R2-S1-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.2-EVO antérieures à 22.2R3-S4-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.3-EVO antérieures à 22.3R1-S1-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.3-EVO antérieures à 22.3R2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.3-EVO antérieures à 22.3R3-S3-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.4-EVO antérieures à 22.4R2-S2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.4-EVO antérieures à 22.4R3-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.4-EVO antérieures à 22.4R3-S3-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 23.2-EVO antérieures à 23.2R1-S1-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 23.2-EVO antérieures à 23.2R2-S1-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 23.4-EVO antérieures à 23.4R1-S2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 23.4-EVO antérieures à 23.4R2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 24.2-EVO antérieures à 24.2R2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antérieures à 20.4R3-S10-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antérieures à 21.2R3-S8-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antérieures à 21.4R3-S8-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antérieures à 22.4R2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antérieures à 22.4R3-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antérieures à 23.2R1-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antérieures à before 22.1R3-EVO | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 21.4 antérieures à 21.4R3-S6 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 22.1 antérieures à 22.1R3-S5 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 22.2 antérieures à 22.2R3-S3 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 22.3 antérieures à 22.3R3-S2 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 22.4 antérieures à 22.4R3 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 23.2 antérieures à 23.2R2 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions antérieures à 21.2R3-S6 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 22.1 antérieures à 22.1R3-S5 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 22.2 antérieures à 22.2R3-S3 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 22.3 antérieures à 22.3R3-S2 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 22.4 antérieures à 22.4R3-S1 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 23.2 antérieures à 23.2R2 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 23.4 antérieures à 23.4R2 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 21.4 antérieures à 21.4R3-S6 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 22.1 antérieures à 22.1R3-S5 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 22.2 antérieures à 22.2R3-S3 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 22.3 antérieures à 22.3R3-S2 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 22.4 antérieures à 22.4R3 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 23.2 antérieures à 23.2R2 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions antérieures à 21.2R3-S7 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 21.4 antérieures à 21.4R3-S7 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.1 antérieures à 22.1R3-S2 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.2 antérieures à 22.2R3-S1 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.3 antérieures à 22.3R2-S1 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.3 antérieures à 22.3R3 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 antérieures à 22.4R1-S2 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 antérieures à 22.4R2 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 antérieures à 22.4R3 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions antérieures à 21.2R3-S8 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 21.4 antérieures à 21.4R3-S7 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 22.1 antérieures à 22.1R3-S6 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 22.2 antérieures à 22.2R3-S4 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 22.3 antérieures à 22.3R3-S3 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 22.4 antérieures à 22.4R3-S2 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 23.2 antérieures à 23.2R2 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 23.4 antérieures à 23.4R1-S1 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 23.4 antérieures à 23.4R2 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions antérieures à 21.2R3-S8 | ||
| Juniper Networks | N/A | Junos OS versions 21.3 antérieures à 21.3R3-S5 | ||
| Juniper Networks | N/A | Junos OS versions 21.4 antérieures à 21.4R2 | ||
| Juniper Networks | N/A | Junos OS versions 22.1 antérieures à 22.1R3-S6 | ||
| Juniper Networks | N/A | Junos OS versions 22.2 antérieures à 22.2R2-S1 | ||
| Juniper Networks | N/A | Junos OS versions 22.2 antérieures à 22.2R3-S4 | ||
| Juniper Networks | N/A | Junos OS versions 22.3 antérieures à 22.3R1-S2 | ||
| Juniper Networks | N/A | Junos OS versions 22.3 antérieures à 22.3R3-S3 | ||
| Juniper Networks | N/A | Junos OS versions 22.4 antérieures à 22.4R2-S2 | ||
| Juniper Networks | N/A | Junos OS versions 22.4 antérieures à 22.4R3-S3 | ||
| Juniper Networks | N/A | Junos OS versions 23.1 antérieures à 23.1R2 | ||
| Juniper Networks | N/A | Junos OS versions 23.2 antérieures à 23.2R2-S1 | ||
| Juniper Networks | N/A | Junos OS versions 23.4 antérieures à 23.4R1-S2 | ||
| Juniper Networks | N/A | Junos OS versions 23.4 antérieures à 23.4R2 | ||
| Juniper Networks | N/A | Junos OS versions antérieures à 20.4R3-S9 | ||
| Juniper Networks | N/A | Junos OS versions antérieures à 21.2R3-S8 | ||
| Juniper Networks | N/A | Junos OS versions antérieures à 21.4R3-S8 | ||
| Juniper Networks | N/A | Junos OS versions antérieures à 22.1R2-S2 | ||
| Juniper Networks | N/A | Junos Space versions antérieures à 24.1R1 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 20.4 antérieures à 20.4R3-S10 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.2 antérieures à 21.2R3-S6 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.3 antérieures à 21.3R3-S5 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.4 antérieures à 21.4R3-S6 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.1 antérieures à 22.1R3-S4 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.2 antérieures à 22.2R3-S2 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.3 antérieures à 22.3R3-S1 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.4 antérieures à 22.4R3 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 23.2 antérieures à 23.2R2 | ||
| Juniper Networks | N/A | Session Smart Router versions 6.1 antérieures à SSR-6.1.8-lts | ||
| Juniper Networks | N/A | Session Smart Router versions 6.2 antérieures à SSR-6.2.5-r2 | ||
| Juniper Networks | N/A | Session Smart Router versions antérieures à SSR-5.6.14 | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 22.1-EVO antérieures à 22.1R3-S6-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions antérieures à 21.4R3-S7-EVO |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos OS Evolved on ACX7000 Series versions 22.2-EVO ant\u00e9rieures \u00e0 22.2R3-S4-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 22.3-EVO ant\u00e9rieures \u00e0 22.3R3-S3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 22.4-EVO ant\u00e9rieures \u00e0 22.4R3-S2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R1-S2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 21.2 ant\u00e9rieures \u00e0 21.2R3-S8",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.3 ant\u00e9rieures \u00e0 22.3R2-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions ant\u00e9rieures \u00e0 21.2R3-S8-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.2-EVO ant\u00e9rieures \u00e0 21.2R3-S7-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.3-EVO ant\u00e9rieures \u00e0 21.3R3-S5-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.4-EVO ant\u00e9rieures \u00e0 21.4R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.4-EVO ant\u00e9rieures \u00e0 21.4R3-S8-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.1-EVO ant\u00e9rieures \u00e0 22.1R3-S6-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.2-EVO ant\u00e9rieures \u00e0 22.2R2-S1-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.2-EVO ant\u00e9rieures \u00e0 22.2R3-S4-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.3-EVO ant\u00e9rieures \u00e0 22.3R1-S1-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.3-EVO ant\u00e9rieures \u00e0 22.3R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.3-EVO ant\u00e9rieures \u00e0 22.3R3-S3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.4-EVO ant\u00e9rieures \u00e0 22.4R2-S2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.4-EVO ant\u00e9rieures \u00e0 22.4R3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.4-EVO ant\u00e9rieures \u00e0 22.4R3-S3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R1-S1-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R2-S1-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R1-S2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 24.2-EVO ant\u00e9rieures \u00e0 24.2R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S10-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 21.2R3-S8-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 21.4R3-S8-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 22.4R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 22.4R3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 23.2R1-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 before 22.1R3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 22.4 ant\u00e9rieures \u00e0 22.4R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions ant\u00e9rieures \u00e0 21.2R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 22.4 ant\u00e9rieures \u00e0 22.4R3-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 23.4 ant\u00e9rieures \u00e0 23.4R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 22.4 ant\u00e9rieures \u00e0 22.4R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions ant\u00e9rieures \u00e0 21.2R3-S7",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S7",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.3 ant\u00e9rieures \u00e0 22.3R2-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.3 ant\u00e9rieures \u00e0 22.3R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 ant\u00e9rieures \u00e0 22.4R1-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 ant\u00e9rieures \u00e0 22.4R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 ant\u00e9rieures \u00e0 22.4R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions ant\u00e9rieures \u00e0 21.2R3-S8",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S7",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S4",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 22.4 ant\u00e9rieures \u00e0 22.4R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 23.4 ant\u00e9rieures \u00e0 23.4R1-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 23.4 ant\u00e9rieures \u00e0 23.4R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions ant\u00e9rieures \u00e0 21.2R3-S8",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.3 ant\u00e9rieures \u00e0 21.3R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.4 ant\u00e9rieures \u00e0 21.4R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.2 ant\u00e9rieures \u00e0 22.2R2-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S4",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.3 ant\u00e9rieures \u00e0 22.3R1-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.4 ant\u00e9rieures \u00e0 22.4R2-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.4 ant\u00e9rieures \u00e0 22.4R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.1 ant\u00e9rieures \u00e0 23.1R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.2 ant\u00e9rieures \u00e0 23.2R2-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.4 ant\u00e9rieures \u00e0 23.4R1-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.4 ant\u00e9rieures \u00e0 23.4R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 20.4R3-S9",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 21.2R3-S8",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 21.4R3-S8",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 22.1R2-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 24.1R1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 20.4 ant\u00e9rieures \u00e0 20.4R3-S10",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.2 ant\u00e9rieures \u00e0 21.2R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.3 ant\u00e9rieures \u00e0 21.3R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S4",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.4 ant\u00e9rieures \u00e0 22.4R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Session Smart Router versions 6.1 ant\u00e9rieures \u00e0 SSR-6.1.8-lts",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Session Smart Router versions 6.2 ant\u00e9rieures \u00e0 SSR-6.2.5-r2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Session Smart Router versions ant\u00e9rieures \u00e0 SSR-5.6.14",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 22.1-EVO ant\u00e9rieures \u00e0 22.1R3-S6-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions ant\u00e9rieures \u00e0 21.4R3-S7-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-39560",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39560"
},
{
"name": "CVE-2023-32435",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32435"
},
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2024-39554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39554"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2024-39539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39539"
},
{
"name": "CVE-2021-36160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36160"
},
{
"name": "CVE-2020-12401",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12401"
},
{
"name": "CVE-2024-39558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39558"
},
{
"name": "CVE-2022-30522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30522"
},
{
"name": "CVE-2021-37701",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37701"
},
{
"name": "CVE-2022-21460",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21460"
},
{
"name": "CVE-2021-31535",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31535"
},
{
"name": "CVE-2022-36760",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36760"
},
{
"name": "CVE-2021-33034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33034"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2024-39552",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39552"
},
{
"name": "CVE-2021-27290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27290"
},
{
"name": "CVE-2019-11727",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11727"
},
{
"name": "CVE-2023-3390",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3390"
},
{
"name": "CVE-2023-4004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4004"
},
{
"name": "CVE-2021-29469",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29469"
},
{
"name": "CVE-2023-2002",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2002"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2021-23440",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23440"
},
{
"name": "CVE-2021-32804",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32804"
},
{
"name": "CVE-2020-13950",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13950"
},
{
"name": "CVE-2021-26691",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26691"
},
{
"name": "CVE-2024-39546",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39546"
},
{
"name": "CVE-2024-39540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39540"
},
{
"name": "CVE-2018-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3737"
},
{
"name": "CVE-2024-39543",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39543"
},
{
"name": "CVE-2020-11984",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11984"
},
{
"name": "CVE-2022-22721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22721"
},
{
"name": "CVE-2021-35624",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35624"
},
{
"name": "CVE-2023-35788",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35788"
},
{
"name": "CVE-2023-32067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
},
{
"name": "CVE-2024-39514",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39514"
},
{
"name": "CVE-2022-25147",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25147"
},
{
"name": "CVE-2021-35604",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35604"
},
{
"name": "CVE-2021-42013",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42013"
},
{
"name": "CVE-2023-34059",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34059"
},
{
"name": "CVE-2024-39529",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39529"
},
{
"name": "CVE-2006-20001",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-20001"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2021-2385",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2385"
},
{
"name": "CVE-2022-29167",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29167"
},
{
"name": "CVE-2020-7774",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7774"
},
{
"name": "CVE-2019-10747",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10747"
},
{
"name": "CVE-2023-34058",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34058"
},
{
"name": "CVE-2011-5094",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-5094"
},
{
"name": "CVE-2019-16776",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16776"
},
{
"name": "CVE-2022-21589",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21589"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2019-10097",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10097"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2023-2828",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2828"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2023-4206",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4206"
},
{
"name": "CVE-2022-21304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21304"
},
{
"name": "CVE-2023-3090",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3090"
},
{
"name": "CVE-2024-39536",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39536"
},
{
"name": "CVE-2024-39555",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39555"
},
{
"name": "CVE-2022-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3564"
},
{
"name": "CVE-2023-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3611"
},
{
"name": "CVE-2020-13938",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13938"
},
{
"name": "CVE-2016-10540",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10540"
},
{
"name": "CVE-2019-10082",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10082"
},
{
"name": "CVE-2023-42753",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42753"
},
{
"name": "CVE-2016-1000232",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000232"
},
{
"name": "CVE-2015-9262",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9262"
},
{
"name": "CVE-2023-32360",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32360"
},
{
"name": "CVE-2021-37713",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37713"
},
{
"name": "CVE-2021-39275",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39275"
},
{
"name": "CVE-2024-39561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39561"
},
{
"name": "CVE-2022-21303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21303"
},
{
"name": "CVE-2019-17023",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17023"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2020-35452",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35452"
},
{
"name": "CVE-2023-4207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4207"
},
{
"name": "CVE-2022-21617",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21617"
},
{
"name": "CVE-2023-0767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
},
{
"name": "CVE-2022-41741",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41741"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2021-37712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37712"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2023-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30630"
},
{
"name": "CVE-2022-21608",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21608"
},
{
"name": "CVE-2022-2526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2526"
},
{
"name": "CVE-2023-20593",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20593"
},
{
"name": "CVE-2024-39535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39535"
},
{
"name": "CVE-2024-39545",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39545"
},
{
"name": "CVE-2024-39531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39531"
},
{
"name": "CVE-2022-41742",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41742"
},
{
"name": "CVE-2019-16777",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16777"
},
{
"name": "CVE-2021-2389",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2389"
},
{
"name": "CVE-2023-21840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21840"
},
{
"name": "CVE-2019-10081",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10081"
},
{
"name": "CVE-2020-1934",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1934"
},
{
"name": "CVE-2022-30556",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30556"
},
{
"name": "CVE-2020-8648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8648"
},
{
"name": "CVE-2022-21270",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21270"
},
{
"name": "CVE-2023-21963",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21963"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2023-21980",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21980"
},
{
"name": "CVE-2024-39530",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39530"
},
{
"name": "CVE-2024-39532",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39532"
},
{
"name": "CVE-2023-27522",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27522"
},
{
"name": "CVE-2024-39557",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39557"
},
{
"name": "CVE-2021-2390",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2390"
},
{
"name": "CVE-2024-39550",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39550"
},
{
"name": "CVE-2022-28615",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28615"
},
{
"name": "CVE-2022-21451",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21451"
},
{
"name": "CVE-2014-10064",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-10064"
},
{
"name": "CVE-2024-39511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39511"
},
{
"name": "CVE-2022-23943",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23943"
},
{
"name": "CVE-2024-39548",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39548"
},
{
"name": "CVE-2020-11993",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11993"
},
{
"name": "CVE-2023-22652",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22652"
},
{
"name": "CVE-2024-39528",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39528"
},
{
"name": "CVE-2023-3341",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3341"
},
{
"name": "CVE-2023-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22025"
},
{
"name": "CVE-2021-43527",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43527"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2024-39559",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39559"
},
{
"name": "CVE-2014-7191",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7191"
},
{
"name": "CVE-2021-2356",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2356"
},
{
"name": "CVE-2020-36049",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36049"
},
{
"name": "CVE-2023-4208",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4208"
},
{
"name": "CVE-2021-41524",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41524"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2020-12402",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12402"
},
{
"name": "CVE-2019-11719",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11719"
},
{
"name": "CVE-2021-34798",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34798"
},
{
"name": "CVE-2024-39519",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39519"
},
{
"name": "CVE-2021-32803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32803"
},
{
"name": "CVE-2019-17006",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17006"
},
{
"name": "CVE-2022-21595",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21595"
},
{
"name": "CVE-2019-16775",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16775"
},
{
"name": "CVE-2020-12403",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12403"
},
{
"name": "CVE-2023-3776",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3776"
},
{
"name": "CVE-2023-2700",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2700"
},
{
"name": "CVE-2020-7754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7754"
},
{
"name": "CVE-2024-39533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39533"
},
{
"name": "CVE-2021-22543",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22543"
},
{
"name": "CVE-2021-33909",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33909"
},
{
"name": "CVE-2021-26690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26690"
},
{
"name": "CVE-2022-22719",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22719"
},
{
"name": "CVE-2022-40674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40674"
},
{
"name": "CVE-2022-46663",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46663"
},
{
"name": "CVE-2011-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1473"
},
{
"name": "CVE-2024-39513",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39513"
},
{
"name": "CVE-2021-3803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3803"
},
{
"name": "CVE-2022-21417",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21417"
},
{
"name": "CVE-2024-39518",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39518"
},
{
"name": "CVE-2023-37450",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37450"
},
{
"name": "CVE-2021-30641",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30641"
},
{
"name": "CVE-2021-3177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
},
{
"name": "CVE-2020-7660",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7660"
},
{
"name": "CVE-2022-31813",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31813"
},
{
"name": "CVE-2023-34969",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34969"
},
{
"name": "CVE-2019-9517",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9517"
},
{
"name": "CVE-2018-20834",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20834"
},
{
"name": "CVE-2020-12362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12362"
},
{
"name": "CVE-2020-1927",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1927"
},
{
"name": "CVE-2022-21592",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21592"
},
{
"name": "CVE-2021-3347",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3347"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2023-25690",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25690"
},
{
"name": "CVE-2021-2342",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2342"
},
{
"name": "CVE-2022-22720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22720"
},
{
"name": "CVE-2017-15010",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15010"
},
{
"name": "CVE-2019-10092",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10092"
},
{
"name": "CVE-2024-39541",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39541"
},
{
"name": "CVE-2021-44224",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44224"
},
{
"name": "CVE-2024-39537",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39537"
},
{
"name": "CVE-2022-21444",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21444"
},
{
"name": "CVE-2019-17567",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17567"
},
{
"name": "CVE-2018-7408",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7408"
},
{
"name": "CVE-2019-20149",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20149"
},
{
"name": "CVE-2024-20932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20932"
},
{
"name": "CVE-2023-35001",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35001"
},
{
"name": "CVE-2024-39551",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39551"
},
{
"name": "CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"name": "CVE-2022-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29404"
},
{
"name": "CVE-2020-14145",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14145"
},
{
"name": "CVE-2019-11756",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11756"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2024-39565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39565"
},
{
"name": "CVE-2021-31618",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31618"
},
{
"name": "CVE-2022-21344",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21344"
},
{
"name": "CVE-2023-24329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
},
{
"name": "CVE-2024-39549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39549"
},
{
"name": "CVE-2022-21367",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21367"
},
{
"name": "CVE-2021-33193",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33193"
},
{
"name": "CVE-2021-41773",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41773"
},
{
"name": "CVE-2020-11668",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11668"
},
{
"name": "CVE-2022-26377",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26377"
},
{
"name": "CVE-2021-44790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44790"
},
{
"name": "CVE-2020-9490",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9490"
},
{
"name": "CVE-2020-28502",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28502"
},
{
"name": "CVE-2024-39556",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39556"
},
{
"name": "CVE-2022-37436",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37436"
},
{
"name": "CVE-2021-33033",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33033"
},
{
"name": "CVE-2023-32439",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32439"
},
{
"name": "CVE-2020-12400",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12400"
},
{
"name": "CVE-2023-21912",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21912"
},
{
"name": "CVE-2022-28330",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28330"
},
{
"name": "CVE-2024-39542",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39542"
},
{
"name": "CVE-2022-21454",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21454"
},
{
"name": "CVE-2017-1000048",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000048"
},
{
"name": "CVE-2022-21427",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21427"
},
{
"name": "CVE-2021-40438",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40438"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"name": "CVE-2020-6829",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6829"
},
{
"name": "CVE-2021-2372",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2372"
},
{
"name": "CVE-2022-21245",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21245"
},
{
"name": "CVE-2020-28469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2019-10098",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10098"
},
{
"name": "CVE-2024-39538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39538"
},
{
"name": "CVE-2022-28614",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28614"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0575",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-12T00:00:00.000000"
},
{
"description": "Correction d\u0027identifiants CVE erron\u00e9s",
"revision_date": "2024-10-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
"vendor_advisories": [
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83001",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Inconsistent-information-in-the-TE-database-can-lead-to-an-rpd-crash-CVE-2024-39541"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82976",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-The-802-1X-Authentication-Daemon-crashes-on-running-a-specific-command-CVE-2024-39511"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83027",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83021",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX4600-SRX5000-Series-TCP-packets-with-SYN-FIN-or-SYN-RST-are-transferred-after-enabling-no-syn-check-with-Express-Path-CVE-2024-39561"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83018",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-specific-PIM-packet-causes-rpd-crash-when-PIM-is-configured-along-with-MoFRR-CVE-2024-39558"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82987",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-RPD-crashes-upon-concurrent-deletion-of-a-routing-instance-and-receipt-of-an-SNMP-request-CVE-2024-39528"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82982",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-MX240-MX480-MX960-platforms-using-MPC10E-Memory-leak-will-be-observed-when-subscribed-to-a-specific-subscription-on-Junos-Telemetry-Interface-CVE-2024-39518"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83012",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-MX-Series-with-SPC3-line-card-Port-flaps-causes-rtlogd-memory-leak-leading-to-Denial-of-Service-CVE-2024-39550"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83019",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Receipt-of-a-specific-TCP-packet-may-result-in-a-system-crash-vmcore-on-dual-RE-systems-with-NSR-enabled-CVE-2024-39559"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83004",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-large-RPKI-RTR-PDU-packet-can-cause-rpd-to-crash-CVE-2024-39543"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83010",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Receipt-of-specific-packets-in-the-aftmand-process-will-lead-to-a-memory-leak-CVE-2024-39548"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83014",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-BGP-multipath-incremental-calculation-is-resulting-in-an-rpd-crash-CVE-2024-39554"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82996",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Flaps-of-BFD-sessions-with-authentication-cause-a-ppmd-memory-leak-CVE-2024-39536"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82980",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receiving-specific-traffic-on-devices-with-EVPN-VPWS-with-IGMP-snooping-enabled-will-cause-the-rpd-to-crash-CVE-2024-39514"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83000",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-with-SPC3-Specific-valid-TCP-traffic-can-cause-a-pfe-crash-CVE-2024-39540"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83008",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Local-low-privilege-user-can-gain-root-permissions-leading-to-privilege-escalation-CVE-2024-39546"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82991",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-Protocol-specific-DDoS-configuration-affects-other-protocols-CVE-2024-39531"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83011",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Receipt-of-malformed-BGP-path-attributes-leads-to-a-memory-leak-CVE-2024-39549"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82989",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Attempting-to-access-specific-sensors-on-platforms-not-supporting-these-will-lead-to-a-chassisd-crash-CVE-2024-39530"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82997",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-Ports-which-have-been-inadvertently-exposed-can-be-reached-over-the-network-CVE-2024-39537"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83023",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-EX-Series-J-Web-An-unauthenticated-network-based-attacker-can-perform-XPATH-injection-attack-against-a-device-CVE-2024-39565"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83026",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R1-release"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83013",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-with-SPC3-and-MS-MPC-MIC-Receipt-of-specific-packets-in-H-323-ALG-causes-traffic-drop-CVE-2024-39551"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83002",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-malformed-CFM-packet-or-specific-transit-traffic-leads-to-FPC-crash-CVE-2024-39542"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83015",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specific-malformed-BGP-update-causes-the-session-to-reset-CVE-2024-39555"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83007",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-with-SPC3-and-NFX350-When-VPN-tunnels-parameters-are-not-matching-the-iked-process-will-crash-CVE-2024-39545"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82995",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-When-specific-traffic-is-received-in-a-VPLS-scenario-evo-pfemand-crashes-CVE-2024-39535"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82993",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-QFX5000-Series-and-EX4600-Series-Output-firewall-filter-is-not-applied-if-certain-match-criteria-are-used-CVE-2024-39533"
},
{
"published_at": "2024-07-11",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA75726",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Malformed-BGP-UPDATE-causes-RPD-crash-CVE-2024-39552"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82988",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-If-DNS-traceoptions-are-configured-in-a-DGA-or-tunnel-detection-scenario-specific-DNS-traffic-leads-to-a-PFE-crash-CVE-2024-39529"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83017",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-MAC-table-changes-cause-a-memory-leak-CVE-2024-39557"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82983",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX-7000-Series-Multicast-traffic-is-looped-in-a-multihoming-EVPN-MPLS-scenario-CVE-2024-39519"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83020",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Memory-leak-due-to-RSVP-neighbor-persistent-error-leading-to-kernel-crash-CVE-2024-39560"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82998",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-When-multicast-traffic-with-a-specific-S-G-is-received-evo-pfemand-crashes-CVE-2024-39538"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82999",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-MX-Series-Continuous-subscriber-logins-will-lead-to-a-memory-leak-and-eventually-an-FPC-crash-CVE-2024-39539"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83016",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Loading-a-malicious-certificate-from-the-CLI-may-result-in-a-stack-based-overflow-CVE-2024-39556"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82992",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Confidential-information-in-logs-can-be-accessed-by-another-user-CVE-2024-39532"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82978",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Execution-of-a-specific-CLI-command-will-cause-a-crash-in-the-AFT-manager-CVE-2024-39513"
}
]
}
CERTFR-2024-AVI-0575
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 22.2-EVO antérieures à 22.2R3-S4-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 22.3-EVO antérieures à 22.3R3-S3-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 22.4-EVO antérieures à 22.4R3-S2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 23.2-EVO antérieures à 23.2R2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 23.4-EVO antérieures à 23.4R1-S2-EVO | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 21.2 antérieures à 21.2R3-S8 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 21.4 antérieures à 21.4R3-S6 | ||
| Juniper Networks | N/A | Junos OS versions 22.3 antérieures à 22.3R2-S2 | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 23.4-EVO antérieures à 23.4R2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions antérieures à 21.2R3-S8-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 21.2-EVO antérieures à 21.2R3-S7-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 21.3-EVO antérieures à 21.3R3-S5-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 21.4-EVO antérieures à 21.4R2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 21.4-EVO antérieures à 21.4R3-S8-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.1-EVO antérieures à 22.1R3-S6-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.2-EVO antérieures à 22.2R2-S1-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.2-EVO antérieures à 22.2R3-S4-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.3-EVO antérieures à 22.3R1-S1-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.3-EVO antérieures à 22.3R2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.3-EVO antérieures à 22.3R3-S3-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.4-EVO antérieures à 22.4R2-S2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.4-EVO antérieures à 22.4R3-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.4-EVO antérieures à 22.4R3-S3-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 23.2-EVO antérieures à 23.2R1-S1-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 23.2-EVO antérieures à 23.2R2-S1-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 23.4-EVO antérieures à 23.4R1-S2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 23.4-EVO antérieures à 23.4R2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 24.2-EVO antérieures à 24.2R2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antérieures à 20.4R3-S10-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antérieures à 21.2R3-S8-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antérieures à 21.4R3-S8-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antérieures à 22.4R2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antérieures à 22.4R3-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antérieures à 23.2R1-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antérieures à before 22.1R3-EVO | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 21.4 antérieures à 21.4R3-S6 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 22.1 antérieures à 22.1R3-S5 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 22.2 antérieures à 22.2R3-S3 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 22.3 antérieures à 22.3R3-S2 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 22.4 antérieures à 22.4R3 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 23.2 antérieures à 23.2R2 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions antérieures à 21.2R3-S6 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 22.1 antérieures à 22.1R3-S5 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 22.2 antérieures à 22.2R3-S3 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 22.3 antérieures à 22.3R3-S2 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 22.4 antérieures à 22.4R3-S1 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 23.2 antérieures à 23.2R2 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 23.4 antérieures à 23.4R2 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 21.4 antérieures à 21.4R3-S6 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 22.1 antérieures à 22.1R3-S5 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 22.2 antérieures à 22.2R3-S3 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 22.3 antérieures à 22.3R3-S2 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 22.4 antérieures à 22.4R3 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 23.2 antérieures à 23.2R2 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions antérieures à 21.2R3-S7 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 21.4 antérieures à 21.4R3-S7 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.1 antérieures à 22.1R3-S2 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.2 antérieures à 22.2R3-S1 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.3 antérieures à 22.3R2-S1 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.3 antérieures à 22.3R3 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 antérieures à 22.4R1-S2 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 antérieures à 22.4R2 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 antérieures à 22.4R3 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions antérieures à 21.2R3-S8 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 21.4 antérieures à 21.4R3-S7 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 22.1 antérieures à 22.1R3-S6 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 22.2 antérieures à 22.2R3-S4 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 22.3 antérieures à 22.3R3-S3 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 22.4 antérieures à 22.4R3-S2 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 23.2 antérieures à 23.2R2 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 23.4 antérieures à 23.4R1-S1 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 23.4 antérieures à 23.4R2 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions antérieures à 21.2R3-S8 | ||
| Juniper Networks | N/A | Junos OS versions 21.3 antérieures à 21.3R3-S5 | ||
| Juniper Networks | N/A | Junos OS versions 21.4 antérieures à 21.4R2 | ||
| Juniper Networks | N/A | Junos OS versions 22.1 antérieures à 22.1R3-S6 | ||
| Juniper Networks | N/A | Junos OS versions 22.2 antérieures à 22.2R2-S1 | ||
| Juniper Networks | N/A | Junos OS versions 22.2 antérieures à 22.2R3-S4 | ||
| Juniper Networks | N/A | Junos OS versions 22.3 antérieures à 22.3R1-S2 | ||
| Juniper Networks | N/A | Junos OS versions 22.3 antérieures à 22.3R3-S3 | ||
| Juniper Networks | N/A | Junos OS versions 22.4 antérieures à 22.4R2-S2 | ||
| Juniper Networks | N/A | Junos OS versions 22.4 antérieures à 22.4R3-S3 | ||
| Juniper Networks | N/A | Junos OS versions 23.1 antérieures à 23.1R2 | ||
| Juniper Networks | N/A | Junos OS versions 23.2 antérieures à 23.2R2-S1 | ||
| Juniper Networks | N/A | Junos OS versions 23.4 antérieures à 23.4R1-S2 | ||
| Juniper Networks | N/A | Junos OS versions 23.4 antérieures à 23.4R2 | ||
| Juniper Networks | N/A | Junos OS versions antérieures à 20.4R3-S9 | ||
| Juniper Networks | N/A | Junos OS versions antérieures à 21.2R3-S8 | ||
| Juniper Networks | N/A | Junos OS versions antérieures à 21.4R3-S8 | ||
| Juniper Networks | N/A | Junos OS versions antérieures à 22.1R2-S2 | ||
| Juniper Networks | N/A | Junos Space versions antérieures à 24.1R1 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 20.4 antérieures à 20.4R3-S10 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.2 antérieures à 21.2R3-S6 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.3 antérieures à 21.3R3-S5 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.4 antérieures à 21.4R3-S6 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.1 antérieures à 22.1R3-S4 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.2 antérieures à 22.2R3-S2 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.3 antérieures à 22.3R3-S1 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.4 antérieures à 22.4R3 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 23.2 antérieures à 23.2R2 | ||
| Juniper Networks | N/A | Session Smart Router versions 6.1 antérieures à SSR-6.1.8-lts | ||
| Juniper Networks | N/A | Session Smart Router versions 6.2 antérieures à SSR-6.2.5-r2 | ||
| Juniper Networks | N/A | Session Smart Router versions antérieures à SSR-5.6.14 | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 22.1-EVO antérieures à 22.1R3-S6-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions antérieures à 21.4R3-S7-EVO |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos OS Evolved on ACX7000 Series versions 22.2-EVO ant\u00e9rieures \u00e0 22.2R3-S4-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 22.3-EVO ant\u00e9rieures \u00e0 22.3R3-S3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 22.4-EVO ant\u00e9rieures \u00e0 22.4R3-S2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R1-S2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 21.2 ant\u00e9rieures \u00e0 21.2R3-S8",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.3 ant\u00e9rieures \u00e0 22.3R2-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions ant\u00e9rieures \u00e0 21.2R3-S8-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.2-EVO ant\u00e9rieures \u00e0 21.2R3-S7-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.3-EVO ant\u00e9rieures \u00e0 21.3R3-S5-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.4-EVO ant\u00e9rieures \u00e0 21.4R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.4-EVO ant\u00e9rieures \u00e0 21.4R3-S8-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.1-EVO ant\u00e9rieures \u00e0 22.1R3-S6-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.2-EVO ant\u00e9rieures \u00e0 22.2R2-S1-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.2-EVO ant\u00e9rieures \u00e0 22.2R3-S4-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.3-EVO ant\u00e9rieures \u00e0 22.3R1-S1-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.3-EVO ant\u00e9rieures \u00e0 22.3R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.3-EVO ant\u00e9rieures \u00e0 22.3R3-S3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.4-EVO ant\u00e9rieures \u00e0 22.4R2-S2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.4-EVO ant\u00e9rieures \u00e0 22.4R3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.4-EVO ant\u00e9rieures \u00e0 22.4R3-S3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R1-S1-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R2-S1-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R1-S2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 24.2-EVO ant\u00e9rieures \u00e0 24.2R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S10-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 21.2R3-S8-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 21.4R3-S8-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 22.4R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 22.4R3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 23.2R1-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 before 22.1R3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 22.4 ant\u00e9rieures \u00e0 22.4R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions ant\u00e9rieures \u00e0 21.2R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 22.4 ant\u00e9rieures \u00e0 22.4R3-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 23.4 ant\u00e9rieures \u00e0 23.4R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 22.4 ant\u00e9rieures \u00e0 22.4R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions ant\u00e9rieures \u00e0 21.2R3-S7",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S7",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.3 ant\u00e9rieures \u00e0 22.3R2-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.3 ant\u00e9rieures \u00e0 22.3R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 ant\u00e9rieures \u00e0 22.4R1-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 ant\u00e9rieures \u00e0 22.4R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 ant\u00e9rieures \u00e0 22.4R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions ant\u00e9rieures \u00e0 21.2R3-S8",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S7",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S4",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 22.4 ant\u00e9rieures \u00e0 22.4R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 23.4 ant\u00e9rieures \u00e0 23.4R1-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 23.4 ant\u00e9rieures \u00e0 23.4R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions ant\u00e9rieures \u00e0 21.2R3-S8",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.3 ant\u00e9rieures \u00e0 21.3R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.4 ant\u00e9rieures \u00e0 21.4R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.2 ant\u00e9rieures \u00e0 22.2R2-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S4",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.3 ant\u00e9rieures \u00e0 22.3R1-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.4 ant\u00e9rieures \u00e0 22.4R2-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.4 ant\u00e9rieures \u00e0 22.4R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.1 ant\u00e9rieures \u00e0 23.1R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.2 ant\u00e9rieures \u00e0 23.2R2-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.4 ant\u00e9rieures \u00e0 23.4R1-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.4 ant\u00e9rieures \u00e0 23.4R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 20.4R3-S9",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 21.2R3-S8",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 21.4R3-S8",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 22.1R2-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 24.1R1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 20.4 ant\u00e9rieures \u00e0 20.4R3-S10",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.2 ant\u00e9rieures \u00e0 21.2R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.3 ant\u00e9rieures \u00e0 21.3R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S4",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.4 ant\u00e9rieures \u00e0 22.4R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Session Smart Router versions 6.1 ant\u00e9rieures \u00e0 SSR-6.1.8-lts",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Session Smart Router versions 6.2 ant\u00e9rieures \u00e0 SSR-6.2.5-r2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Session Smart Router versions ant\u00e9rieures \u00e0 SSR-5.6.14",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 22.1-EVO ant\u00e9rieures \u00e0 22.1R3-S6-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions ant\u00e9rieures \u00e0 21.4R3-S7-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-39560",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39560"
},
{
"name": "CVE-2023-32435",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32435"
},
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2024-39554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39554"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2024-39539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39539"
},
{
"name": "CVE-2021-36160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36160"
},
{
"name": "CVE-2020-12401",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12401"
},
{
"name": "CVE-2024-39558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39558"
},
{
"name": "CVE-2022-30522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30522"
},
{
"name": "CVE-2021-37701",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37701"
},
{
"name": "CVE-2022-21460",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21460"
},
{
"name": "CVE-2021-31535",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31535"
},
{
"name": "CVE-2022-36760",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36760"
},
{
"name": "CVE-2021-33034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33034"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2024-39552",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39552"
},
{
"name": "CVE-2021-27290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27290"
},
{
"name": "CVE-2019-11727",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11727"
},
{
"name": "CVE-2023-3390",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3390"
},
{
"name": "CVE-2023-4004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4004"
},
{
"name": "CVE-2021-29469",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29469"
},
{
"name": "CVE-2023-2002",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2002"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2021-23440",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23440"
},
{
"name": "CVE-2021-32804",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32804"
},
{
"name": "CVE-2020-13950",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13950"
},
{
"name": "CVE-2021-26691",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26691"
},
{
"name": "CVE-2024-39546",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39546"
},
{
"name": "CVE-2024-39540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39540"
},
{
"name": "CVE-2018-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3737"
},
{
"name": "CVE-2024-39543",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39543"
},
{
"name": "CVE-2020-11984",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11984"
},
{
"name": "CVE-2022-22721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22721"
},
{
"name": "CVE-2021-35624",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35624"
},
{
"name": "CVE-2023-35788",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35788"
},
{
"name": "CVE-2023-32067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
},
{
"name": "CVE-2024-39514",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39514"
},
{
"name": "CVE-2022-25147",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25147"
},
{
"name": "CVE-2021-35604",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35604"
},
{
"name": "CVE-2021-42013",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42013"
},
{
"name": "CVE-2023-34059",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34059"
},
{
"name": "CVE-2024-39529",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39529"
},
{
"name": "CVE-2006-20001",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-20001"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2021-2385",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2385"
},
{
"name": "CVE-2022-29167",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29167"
},
{
"name": "CVE-2020-7774",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7774"
},
{
"name": "CVE-2019-10747",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10747"
},
{
"name": "CVE-2023-34058",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34058"
},
{
"name": "CVE-2011-5094",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-5094"
},
{
"name": "CVE-2019-16776",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16776"
},
{
"name": "CVE-2022-21589",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21589"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2019-10097",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10097"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2023-2828",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2828"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2023-4206",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4206"
},
{
"name": "CVE-2022-21304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21304"
},
{
"name": "CVE-2023-3090",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3090"
},
{
"name": "CVE-2024-39536",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39536"
},
{
"name": "CVE-2024-39555",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39555"
},
{
"name": "CVE-2022-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3564"
},
{
"name": "CVE-2023-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3611"
},
{
"name": "CVE-2020-13938",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13938"
},
{
"name": "CVE-2016-10540",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10540"
},
{
"name": "CVE-2019-10082",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10082"
},
{
"name": "CVE-2023-42753",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42753"
},
{
"name": "CVE-2016-1000232",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000232"
},
{
"name": "CVE-2015-9262",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9262"
},
{
"name": "CVE-2023-32360",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32360"
},
{
"name": "CVE-2021-37713",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37713"
},
{
"name": "CVE-2021-39275",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39275"
},
{
"name": "CVE-2024-39561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39561"
},
{
"name": "CVE-2022-21303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21303"
},
{
"name": "CVE-2019-17023",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17023"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2020-35452",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35452"
},
{
"name": "CVE-2023-4207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4207"
},
{
"name": "CVE-2022-21617",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21617"
},
{
"name": "CVE-2023-0767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
},
{
"name": "CVE-2022-41741",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41741"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2021-37712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37712"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2023-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30630"
},
{
"name": "CVE-2022-21608",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21608"
},
{
"name": "CVE-2022-2526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2526"
},
{
"name": "CVE-2023-20593",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20593"
},
{
"name": "CVE-2024-39535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39535"
},
{
"name": "CVE-2024-39545",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39545"
},
{
"name": "CVE-2024-39531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39531"
},
{
"name": "CVE-2022-41742",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41742"
},
{
"name": "CVE-2019-16777",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16777"
},
{
"name": "CVE-2021-2389",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2389"
},
{
"name": "CVE-2023-21840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21840"
},
{
"name": "CVE-2019-10081",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10081"
},
{
"name": "CVE-2020-1934",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1934"
},
{
"name": "CVE-2022-30556",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30556"
},
{
"name": "CVE-2020-8648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8648"
},
{
"name": "CVE-2022-21270",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21270"
},
{
"name": "CVE-2023-21963",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21963"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2023-21980",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21980"
},
{
"name": "CVE-2024-39530",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39530"
},
{
"name": "CVE-2024-39532",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39532"
},
{
"name": "CVE-2023-27522",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27522"
},
{
"name": "CVE-2024-39557",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39557"
},
{
"name": "CVE-2021-2390",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2390"
},
{
"name": "CVE-2024-39550",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39550"
},
{
"name": "CVE-2022-28615",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28615"
},
{
"name": "CVE-2022-21451",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21451"
},
{
"name": "CVE-2014-10064",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-10064"
},
{
"name": "CVE-2024-39511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39511"
},
{
"name": "CVE-2022-23943",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23943"
},
{
"name": "CVE-2024-39548",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39548"
},
{
"name": "CVE-2020-11993",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11993"
},
{
"name": "CVE-2023-22652",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22652"
},
{
"name": "CVE-2024-39528",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39528"
},
{
"name": "CVE-2023-3341",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3341"
},
{
"name": "CVE-2023-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22025"
},
{
"name": "CVE-2021-43527",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43527"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2024-39559",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39559"
},
{
"name": "CVE-2014-7191",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7191"
},
{
"name": "CVE-2021-2356",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2356"
},
{
"name": "CVE-2020-36049",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36049"
},
{
"name": "CVE-2023-4208",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4208"
},
{
"name": "CVE-2021-41524",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41524"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2020-12402",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12402"
},
{
"name": "CVE-2019-11719",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11719"
},
{
"name": "CVE-2021-34798",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34798"
},
{
"name": "CVE-2024-39519",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39519"
},
{
"name": "CVE-2021-32803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32803"
},
{
"name": "CVE-2019-17006",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17006"
},
{
"name": "CVE-2022-21595",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21595"
},
{
"name": "CVE-2019-16775",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16775"
},
{
"name": "CVE-2020-12403",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12403"
},
{
"name": "CVE-2023-3776",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3776"
},
{
"name": "CVE-2023-2700",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2700"
},
{
"name": "CVE-2020-7754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7754"
},
{
"name": "CVE-2024-39533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39533"
},
{
"name": "CVE-2021-22543",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22543"
},
{
"name": "CVE-2021-33909",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33909"
},
{
"name": "CVE-2021-26690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26690"
},
{
"name": "CVE-2022-22719",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22719"
},
{
"name": "CVE-2022-40674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40674"
},
{
"name": "CVE-2022-46663",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46663"
},
{
"name": "CVE-2011-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1473"
},
{
"name": "CVE-2024-39513",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39513"
},
{
"name": "CVE-2021-3803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3803"
},
{
"name": "CVE-2022-21417",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21417"
},
{
"name": "CVE-2024-39518",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39518"
},
{
"name": "CVE-2023-37450",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37450"
},
{
"name": "CVE-2021-30641",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30641"
},
{
"name": "CVE-2021-3177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
},
{
"name": "CVE-2020-7660",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7660"
},
{
"name": "CVE-2022-31813",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31813"
},
{
"name": "CVE-2023-34969",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34969"
},
{
"name": "CVE-2019-9517",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9517"
},
{
"name": "CVE-2018-20834",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20834"
},
{
"name": "CVE-2020-12362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12362"
},
{
"name": "CVE-2020-1927",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1927"
},
{
"name": "CVE-2022-21592",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21592"
},
{
"name": "CVE-2021-3347",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3347"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2023-25690",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25690"
},
{
"name": "CVE-2021-2342",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2342"
},
{
"name": "CVE-2022-22720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22720"
},
{
"name": "CVE-2017-15010",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15010"
},
{
"name": "CVE-2019-10092",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10092"
},
{
"name": "CVE-2024-39541",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39541"
},
{
"name": "CVE-2021-44224",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44224"
},
{
"name": "CVE-2024-39537",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39537"
},
{
"name": "CVE-2022-21444",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21444"
},
{
"name": "CVE-2019-17567",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17567"
},
{
"name": "CVE-2018-7408",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7408"
},
{
"name": "CVE-2019-20149",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20149"
},
{
"name": "CVE-2024-20932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20932"
},
{
"name": "CVE-2023-35001",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35001"
},
{
"name": "CVE-2024-39551",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39551"
},
{
"name": "CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"name": "CVE-2022-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29404"
},
{
"name": "CVE-2020-14145",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14145"
},
{
"name": "CVE-2019-11756",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11756"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2024-39565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39565"
},
{
"name": "CVE-2021-31618",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31618"
},
{
"name": "CVE-2022-21344",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21344"
},
{
"name": "CVE-2023-24329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
},
{
"name": "CVE-2024-39549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39549"
},
{
"name": "CVE-2022-21367",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21367"
},
{
"name": "CVE-2021-33193",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33193"
},
{
"name": "CVE-2021-41773",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41773"
},
{
"name": "CVE-2020-11668",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11668"
},
{
"name": "CVE-2022-26377",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26377"
},
{
"name": "CVE-2021-44790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44790"
},
{
"name": "CVE-2020-9490",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9490"
},
{
"name": "CVE-2020-28502",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28502"
},
{
"name": "CVE-2024-39556",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39556"
},
{
"name": "CVE-2022-37436",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37436"
},
{
"name": "CVE-2021-33033",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33033"
},
{
"name": "CVE-2023-32439",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32439"
},
{
"name": "CVE-2020-12400",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12400"
},
{
"name": "CVE-2023-21912",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21912"
},
{
"name": "CVE-2022-28330",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28330"
},
{
"name": "CVE-2024-39542",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39542"
},
{
"name": "CVE-2022-21454",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21454"
},
{
"name": "CVE-2017-1000048",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000048"
},
{
"name": "CVE-2022-21427",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21427"
},
{
"name": "CVE-2021-40438",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40438"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"name": "CVE-2020-6829",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6829"
},
{
"name": "CVE-2021-2372",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2372"
},
{
"name": "CVE-2022-21245",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21245"
},
{
"name": "CVE-2020-28469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2019-10098",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10098"
},
{
"name": "CVE-2024-39538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39538"
},
{
"name": "CVE-2022-28614",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28614"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0575",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-12T00:00:00.000000"
},
{
"description": "Correction d\u0027identifiants CVE erron\u00e9s",
"revision_date": "2024-10-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
"vendor_advisories": [
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83001",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Inconsistent-information-in-the-TE-database-can-lead-to-an-rpd-crash-CVE-2024-39541"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82976",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-The-802-1X-Authentication-Daemon-crashes-on-running-a-specific-command-CVE-2024-39511"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83027",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83021",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX4600-SRX5000-Series-TCP-packets-with-SYN-FIN-or-SYN-RST-are-transferred-after-enabling-no-syn-check-with-Express-Path-CVE-2024-39561"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83018",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-specific-PIM-packet-causes-rpd-crash-when-PIM-is-configured-along-with-MoFRR-CVE-2024-39558"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82987",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-RPD-crashes-upon-concurrent-deletion-of-a-routing-instance-and-receipt-of-an-SNMP-request-CVE-2024-39528"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82982",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-MX240-MX480-MX960-platforms-using-MPC10E-Memory-leak-will-be-observed-when-subscribed-to-a-specific-subscription-on-Junos-Telemetry-Interface-CVE-2024-39518"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83012",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-MX-Series-with-SPC3-line-card-Port-flaps-causes-rtlogd-memory-leak-leading-to-Denial-of-Service-CVE-2024-39550"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83019",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Receipt-of-a-specific-TCP-packet-may-result-in-a-system-crash-vmcore-on-dual-RE-systems-with-NSR-enabled-CVE-2024-39559"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83004",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-large-RPKI-RTR-PDU-packet-can-cause-rpd-to-crash-CVE-2024-39543"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83010",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Receipt-of-specific-packets-in-the-aftmand-process-will-lead-to-a-memory-leak-CVE-2024-39548"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83014",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-BGP-multipath-incremental-calculation-is-resulting-in-an-rpd-crash-CVE-2024-39554"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82996",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Flaps-of-BFD-sessions-with-authentication-cause-a-ppmd-memory-leak-CVE-2024-39536"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82980",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receiving-specific-traffic-on-devices-with-EVPN-VPWS-with-IGMP-snooping-enabled-will-cause-the-rpd-to-crash-CVE-2024-39514"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83000",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-with-SPC3-Specific-valid-TCP-traffic-can-cause-a-pfe-crash-CVE-2024-39540"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83008",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Local-low-privilege-user-can-gain-root-permissions-leading-to-privilege-escalation-CVE-2024-39546"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82991",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-Protocol-specific-DDoS-configuration-affects-other-protocols-CVE-2024-39531"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83011",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Receipt-of-malformed-BGP-path-attributes-leads-to-a-memory-leak-CVE-2024-39549"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82989",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Attempting-to-access-specific-sensors-on-platforms-not-supporting-these-will-lead-to-a-chassisd-crash-CVE-2024-39530"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82997",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-Ports-which-have-been-inadvertently-exposed-can-be-reached-over-the-network-CVE-2024-39537"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83023",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-EX-Series-J-Web-An-unauthenticated-network-based-attacker-can-perform-XPATH-injection-attack-against-a-device-CVE-2024-39565"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83026",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R1-release"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83013",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-with-SPC3-and-MS-MPC-MIC-Receipt-of-specific-packets-in-H-323-ALG-causes-traffic-drop-CVE-2024-39551"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83002",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-malformed-CFM-packet-or-specific-transit-traffic-leads-to-FPC-crash-CVE-2024-39542"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83015",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specific-malformed-BGP-update-causes-the-session-to-reset-CVE-2024-39555"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83007",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-with-SPC3-and-NFX350-When-VPN-tunnels-parameters-are-not-matching-the-iked-process-will-crash-CVE-2024-39545"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82995",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-When-specific-traffic-is-received-in-a-VPLS-scenario-evo-pfemand-crashes-CVE-2024-39535"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82993",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-QFX5000-Series-and-EX4600-Series-Output-firewall-filter-is-not-applied-if-certain-match-criteria-are-used-CVE-2024-39533"
},
{
"published_at": "2024-07-11",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA75726",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Malformed-BGP-UPDATE-causes-RPD-crash-CVE-2024-39552"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82988",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-If-DNS-traceoptions-are-configured-in-a-DGA-or-tunnel-detection-scenario-specific-DNS-traffic-leads-to-a-PFE-crash-CVE-2024-39529"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83017",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-MAC-table-changes-cause-a-memory-leak-CVE-2024-39557"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82983",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX-7000-Series-Multicast-traffic-is-looped-in-a-multihoming-EVPN-MPLS-scenario-CVE-2024-39519"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83020",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Memory-leak-due-to-RSVP-neighbor-persistent-error-leading-to-kernel-crash-CVE-2024-39560"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82998",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-When-multicast-traffic-with-a-specific-S-G-is-received-evo-pfemand-crashes-CVE-2024-39538"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82999",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-MX-Series-Continuous-subscriber-logins-will-lead-to-a-memory-leak-and-eventually-an-FPC-crash-CVE-2024-39539"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83016",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Loading-a-malicious-certificate-from-the-CLI-may-result-in-a-stack-based-overflow-CVE-2024-39556"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82992",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Confidential-information-in-logs-can-be-accessed-by-another-user-CVE-2024-39532"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82978",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Execution-of-a-specific-CLI-command-will-cause-a-crash-in-the-AFT-manager-CVE-2024-39513"
}
]
}
BDU:2021-06310
Vulnerability from fstec - Published: 10.06.2021
VLAI Severity ?
Title
Уязвимость функции mod_proxy_http веб-сервера Apache HTTP Server, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость функции mod_proxy_http веб-сервера Apache HTTP Server связана с ошибками разыменования указателя. Эксплуатация уязвимости позволяет нарушителю, действующему удаленно, вызвать отказ в обслуживании
Severity ?
Vendor
Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», Apache Software Foundation, АО "НППКТ", АО «НТЦ ИТ РОСА», АО «Концерн ВНИИНС»
Software Name
Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), HTTP Server, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ROSA Virtualization (запись в едином реестре российских программ №5091), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177), ROSA Virtualization 3.0 (запись в едином реестре российских программ №21308)
Software Version
9 (Debian GNU/Linux), 1.6 «Смоленск» (Astra Linux Special Edition), 10 (Debian GNU/Linux), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), 11 (Debian GNU/Linux), от 2.4.41 до 2.4.46 включительно (HTTP Server), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), до 2.1 (ОСОН ОСнова Оnyx), 2.1 (ROSA Virtualization), до 16.01.2023 (ОС ОН «Стрелец»), 3.0 (ROSA Virtualization 3.0)
Possible Mitigations
Использование рекомендаций производителя:
Для Apache2:
https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E
Для Debian:
Использование рекомендаций производителя: https://security-tracker.debian.org/tracker/CVE-2020-13950
Для Astra Linux:
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20211126SE16
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47
Для ОСОН Основа:
Обновление программного обеспечения apache2 до версии 2.4.48-3~bpo10+1.osnova7
Для системы управления средой виртуализации "ROSA Virtualization":
https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2159
Для Astra Linux Special Edition для «Эльбрус» 8.1 «Ленинград»:
обновить пакет apache2 до 2.4.46-1~bpo9+1astra.se7 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81
Для ОС ОН «Стрелец»:
Обновление программного обеспечения apache2 до версии 2.4.54-2osnova11.strelets
Для программной системы управления средой виртуализации с подсистемой безагентного резервного копирования виртуальных машин «ROSA Virtualization 3.0»: https://abf.rosa.ru/advisories/ROSA-SA-2025-2900
Для системы управления средой виртуализации «ROSA Virtualization»: https://abf.rosa.ru/advisories/ROSA-SA-2025-2899
Reference
https://httpd.apache.org/security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.
https://lists.apache.org/thread.html/rbe197409ae4a58b629fb792d1aed541ccbbf865121a80e1c5938d223@%3Cannounce.
https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.
https://nvd.nist.gov/vuln/detail/CVE-2020-13950
https://security-tracker.debian.org/tracker/CVE-2020-13950
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20211126SE16
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.1/
https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2159
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
https://abf.rosa.ru/advisories/ROSA-SA-2025-2900
https://abf.rosa.ru/advisories/ROSA-SA-2025-2899
CWE
CWE-476
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Apache Software Foundation, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb, \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 10 (Debian GNU/Linux), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), 11 (Debian GNU/Linux), \u043e\u0442 2.4.41 \u0434\u043e 2.4.46 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (HTTP Server), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), \u0434\u043e 2.1 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), 2.1 (ROSA Virtualization), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb), 3.0 (ROSA Virtualization 3.0)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: \n\u0414\u043b\u044f Apache2:\nhttps://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E\n\n\u0414\u043b\u044f Debian:\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://security-tracker.debian.org/tracker/CVE-2020-13950\n\n\u0414\u043b\u044f Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20211126SE16\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47\n\n\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f apache2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.4.48-3~bpo10+1.osnova7\n\n\u0414\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \"ROSA Virtualization\": \nhttps://abf.rosalinux.ru/advisories/ROSA-SA-2023-2159\n\n\u0414\u043b\u044f Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 apache2 \u0434\u043e 2.4.46-1~bpo9+1astra.se7 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f apache2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.4.54-2osnova11.strelets\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u043e\u0439 \u0431\u0435\u0437\u0430\u0433\u0435\u043d\u0442\u043d\u043e\u0433\u043e \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u043c\u0430\u0448\u0438\u043d \u00abROSA Virtualization 3.0\u00bb: https://abf.rosa.ru/advisories/ROSA-SA-2025-2900\n\n\u0414\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u00abROSA Virtualization\u00bb: https://abf.rosa.ru/advisories/ROSA-SA-2025-2899",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "10.06.2021",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "19.08.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "21.12.2021",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-06310",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-13950",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), HTTP Server, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), ROSA Virtualization (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165091), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), ROSA Virtualization 3.0 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211621308)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.1 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb ROSA Virtualization 2.1 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165091), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb ROSA Virtualization 3.0 3.0 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211621308)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 mod_proxy_http \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 Apache HTTP Server, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0440\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f NULL (CWE-476)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 mod_proxy_http \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 Apache HTTP Server \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0440\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://httpd.apache.org/security/vulnerabilities_24.html\nhttps://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.\nhttps://lists.apache.org/thread.html/rbe197409ae4a58b629fb792d1aed541ccbbf865121a80e1c5938d223@%3Cannounce.\nhttps://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-13950\nhttps://security-tracker.debian.org/tracker/CVE-2020-13950\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20211126SE16\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.1/\nhttps://abf.rosalinux.ru/advisories/ROSA-SA-2023-2159\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-2900\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-2899",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-476",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
bit-apache-2020-13950
Vulnerability from bitnami_vulndb
Published
2024-03-06 10:57
Modified
2025-05-20 10:02
Summary
mod_proxy_http NULL pointer dereference
Details
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "apache",
"purl": "pkg:bitnami/apache"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.41"
},
{
"fixed": "2.4.47"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2020-13950"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"
],
"severity": "High"
},
"details": "Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service",
"id": "BIT-apache-2020-13950",
"modified": "2025-05-20T10:02:07.006Z",
"published": "2024-03-06T10:57:17.183Z",
"references": [
{
"type": "WEB",
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/06/10/4"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rbe197409ae4a58b629fb792d1aed541ccbbf865121a80e1c5938d223%40%3Cannounce.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202107-38"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210702-0001/"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13950"
}
],
"schema_version": "1.5.0",
"summary": "mod_proxy_http NULL pointer dereference"
}
FKIE_CVE-2020-13950
Vulnerability from fkie_nvd - Published: 2021-06-10 07:15 - Updated: 2024-11-21 05:02
Severity ?
Summary
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service
References
| URL | Tags | ||
|---|---|---|---|
| security@apache.org | http://httpd.apache.org/security/vulnerabilities_24.html | Vendor Advisory | |
| security@apache.org | http://www.openwall.com/lists/oss-security/2021/06/10/4 | Mailing List, Third Party Advisory | |
| security@apache.org | https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/rbe197409ae4a58b629fb792d1aed541ccbbf865121a80e1c5938d223%40%3Cannounce.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E | Mailing List, Release Notes | |
| security@apache.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/ | ||
| security@apache.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/ | ||
| security@apache.org | https://security.gentoo.org/glsa/202107-38 | Third Party Advisory | |
| security@apache.org | https://security.netapp.com/advisory/ntap-20210702-0001/ | Third Party Advisory | |
| security@apache.org | https://www.oracle.com/security-alerts/cpuoct2021.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://httpd.apache.org/security/vulnerabilities_24.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2021/06/10/4 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rbe197409ae4a58b629fb792d1aed541ccbbf865121a80e1c5938d223%40%3Cannounce.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E | Mailing List, Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202107-38 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210702-0001/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuoct2021.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | http_server | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 | |
| oracle | enterprise_manager_ops_center | 12.4.0.0 | |
| oracle | instantis_enterprisetrack | 17.1 | |
| oracle | instantis_enterprisetrack | 17.2 | |
| oracle | instantis_enterprisetrack | 17.3 | |
| oracle | zfs_storage_appliance_kit | 8.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "604E7899-D56F-48E7-9629-B8FCB033256B",
"versionEndIncluding": "2.4.46",
"versionStartIncluding": "2.4.41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B095CC03-7077-4A58-AB25-CC5380CDCE5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F69B9A5-F21B-4904-9F27-95C0F7A628E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service"
},
{
"lang": "es",
"value": "Apache HTTP Server versiones 2.4.41 a 2.4.46 la funci\u00f3n mod_proxy_http puede bloquearse (desviaci\u00f3n del puntero NULL) con peticiones especialmente dise\u00f1adas que utilicen las encabezados Content-Length y Transfer-Encoding, provocando una denegaci\u00f3n de servicio"
}
],
"id": "CVE-2020-13950",
"lastModified": "2024-11-21T05:02:13.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-10T07:15:07.440",
"references": [
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/06/10/4"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rbe197409ae4a58b629fb792d1aed541ccbbf865121a80e1c5938d223%40%3Cannounce.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Release Notes"
],
"url": "https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/"
},
{
"source": "security@apache.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-38"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210702-0001/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/06/10/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rbe197409ae4a58b629fb792d1aed541ccbbf865121a80e1c5938d223%40%3Cannounce.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Release Notes"
],
"url": "https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210702-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-PQC6-P826-C5QW
Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2022-05-24 19:04
VLAI?
Details
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service
{
"affected": [],
"aliases": [
"CVE-2020-13950"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-10T07:15:00Z",
"severity": "HIGH"
},
"details": "Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service",
"id": "GHSA-pqc6-p826-c5qw",
"modified": "2022-05-24T19:04:56Z",
"published": "2022-05-24T19:04:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13950"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rbe197409ae4a58b629fb792d1aed541ccbbf865121a80e1c5938d223@%3Cannounce.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202107-38"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210702-0001"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"type": "WEB",
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/06/10/4"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2020-13950
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-13950",
"description": "Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service",
"id": "GSD-2020-13950",
"references": [
"https://www.suse.com/security/cve/CVE-2020-13950.html",
"https://access.redhat.com/errata/RHSA-2021:4614",
"https://access.redhat.com/errata/RHSA-2021:4613",
"https://ubuntu.com/security/CVE-2020-13950",
"https://advisories.mageia.org/CVE-2020-13950.html",
"https://security.archlinux.org/CVE-2020-13950",
"https://alas.aws.amazon.com/cve/html/CVE-2020-13950.html",
"https://linux.oracle.com/cve/CVE-2020-13950.html",
"https://access.redhat.com/errata/RHSA-2022:5163"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-13950"
],
"details": "Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service",
"id": "GSD-2020-13950",
"modified": "2023-12-13T01:21:47.476540Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-13950",
"STATE": "PUBLIC",
"TITLE": "mod_proxy_http NULL pointer dereference"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache HTTP Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "2.4",
"version_value": "2.4.46"
},
{
"version_affected": "=",
"version_name": "2.4",
"version_value": "2.4.43"
},
{
"version_affected": "=",
"version_name": "2.4",
"version_value": "2.4.41"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Reported by Marc Stern (\u003cmarc.stern approach.be\u003e)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{
"other": "low"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "mod_proxy_http NULL pointer dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "MISC",
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-announce] 20210609 CVE-2020-13950: mod_proxy_http NULL pointer dereference",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rbe197409ae4a58b629fb792d1aed541ccbbf865121a80e1c5938d223@%3Cannounce.httpd.apache.org%3E"
},
{
"name": "[httpd-dev] 20210610 Re: svn commit: r1890598 - in /httpd/site/trunk/content/security/json: CVE-2019-17567.json CVE-2020-13938.json CVE-2020-13950.json CVE-2020-35452.json CVE-2021-26690.json CVE-2021-26691.json CVE-2021-30641.json CVE-2021-31618.json",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E"
},
{
"name": "[oss-security] 20210609 CVE-2020-13950: Apache httpd: mod_proxy_http NULL pointer dereference",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/06/10/4"
},
{
"name": "GLSA-202107-38",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-38"
},
{
"name": "FEDORA-2021-dce7e7738e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/"
},
{
"name": "FEDORA-2021-e3f6dd670d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210702-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210702-0001/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.4.46",
"versionStartIncluding": "2.4.41",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-13950"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "N/A",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "N/A",
"refsource": "CONFIRM",
"tags": [
"Mailing List",
"Release Notes"
],
"url": "https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-dev] 20210610 Re: svn commit: r1890598 - in /httpd/site/trunk/content/security/json: CVE-2019-17567.json CVE-2020-13938.json CVE-2020-13950.json CVE-2020-35452.json CVE-2021-26690.json CVE-2021-26691.json CVE-2021-30641.json CVE-2021-31618.json",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E"
},
{
"name": "[httpd-announce] 20210609 CVE-2020-13950: mod_proxy_http NULL pointer dereference",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rbe197409ae4a58b629fb792d1aed541ccbbf865121a80e1c5938d223@%3Cannounce.httpd.apache.org%3E"
},
{
"name": "[oss-security] 20210609 CVE-2020-13950: Apache httpd: mod_proxy_http NULL pointer dereference",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/06/10/4"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210702-0001/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210702-0001/"
},
{
"name": "GLSA-202107-38",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-38"
},
{
"name": "FEDORA-2021-dce7e7738e",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/"
},
{
"name": "FEDORA-2021-e3f6dd670d",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2021-12-01T21:31Z",
"publishedDate": "2021-06-10T07:15Z"
}
}
}
MSRC_CVE-2020-13950
Vulnerability from csaf_microsoft - Published: 2021-06-02 00:00 - Updated: 2021-12-16 00:00Summary
mod_proxy_http NULL pointer dereference
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 19037-16820 | — | ||
| Unresolved product id: 19038-17086 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2021/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2021/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2020-13950 mod_proxy_http NULL pointer dereference - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2020-13950.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "mod_proxy_http NULL pointer dereference",
"tracking": {
"current_release_date": "2021-12-16T00:00:00.000Z",
"generator": {
"date": "2025-10-19T22:02:44.746Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2020-13950",
"initial_release_date": "2021-06-02T00:00:00.000Z",
"revision_history": [
{
"date": "2021-06-17T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2021-12-16T00:00:00.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added httpd to CBL-Mariner 2.0"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "1.0",
"product": {
"name": "CBL Mariner 1.0",
"product_id": "16820"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccm1 httpd 2.4.46-5",
"product": {
"name": "\u003ccm1 httpd 2.4.46-5",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "cm1 httpd 2.4.46-5",
"product": {
"name": "cm1 httpd 2.4.46-5",
"product_id": "19037"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 httpd 2.4.46-10",
"product": {
"name": "\u003ccbl2 httpd 2.4.46-10",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cbl2 httpd 2.4.46-10",
"product": {
"name": "cbl2 httpd 2.4.46-10",
"product_id": "19038"
}
}
],
"category": "product_name",
"name": "httpd"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccm1 httpd 2.4.46-5 as a component of CBL Mariner 1.0",
"product_id": "16820-2"
},
"product_reference": "2",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cm1 httpd 2.4.46-5 as a component of CBL Mariner 1.0",
"product_id": "19037-16820"
},
"product_reference": "19037",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 httpd 2.4.46-10 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 httpd 2.4.46-10 as a component of CBL Mariner 2.0",
"product_id": "19038-17086"
},
"product_reference": "19038",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13950",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "general",
"text": "apache",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"19037-16820",
"19038-17086"
],
"known_affected": [
"16820-2",
"17086-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-13950 mod_proxy_http NULL pointer dereference - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2020-13950.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2021-06-17T00:00:00.000Z",
"details": "2.4.46-5:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"16820-2"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2021-06-17T00:00:00.000Z",
"details": "2.4.46-10:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"16820-2",
"17086-1"
]
}
],
"title": "mod_proxy_http NULL pointer dereference"
}
]
}
OPENSUSE-SU-2021:0908-1
Vulnerability from csaf_opensuse - Published: 2021-06-24 09:52 - Updated: 2021-06-24 09:52Summary
Security update for apache2
Severity
Important
Notes
Title of the patch: Security update for apache2
Description of the patch: This update for apache2 fixes the following issues:
- fixed CVE-2021-30641 [bsc#1187174]: MergeSlashes regression
- fixed CVE-2021-31618 [bsc#1186924]: NULL pointer dereference on specially crafted HTTP/2 request
- fixed CVE-2020-13950 [bsc#1187040]: mod_proxy NULL pointer dereference
- fixed CVE-2020-35452 [bsc#1186922]: Single zero byte stack overflow in mod_auth_digest
- fixed CVE-2021-26690 [bsc#1186923]: mod_session NULL pointer dereference in parser
- fixed CVE-2021-26691 [bsc#1187017]: Heap overflow in mod_session
Patchnames: openSUSE-2021-908
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.1 (High)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
32 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://bugzilla.suse.com/1186922 | self |
| https://bugzilla.suse.com/1186923 | self |
| https://bugzilla.suse.com/1186924 | self |
| https://bugzilla.suse.com/1187017 | self |
| https://bugzilla.suse.com/1187040 | self |
| https://bugzilla.suse.com/1187174 | self |
| https://www.suse.com/security/cve/CVE-2020-13950/ | self |
| https://www.suse.com/security/cve/CVE-2020-35452/ | self |
| https://www.suse.com/security/cve/CVE-2021-26690/ | self |
| https://www.suse.com/security/cve/CVE-2021-26691/ | self |
| https://www.suse.com/security/cve/CVE-2021-30641/ | self |
| https://www.suse.com/security/cve/CVE-2021-31618/ | self |
| https://www.suse.com/security/cve/CVE-2020-13950 | external |
| https://bugzilla.suse.com/1187040 | external |
| https://www.suse.com/security/cve/CVE-2020-35452 | external |
| https://bugzilla.suse.com/1186922 | external |
| https://bugzilla.suse.com/1187933 | external |
| https://www.suse.com/security/cve/CVE-2021-26690 | external |
| https://bugzilla.suse.com/1186923 | external |
| https://bugzilla.suse.com/1187933 | external |
| https://www.suse.com/security/cve/CVE-2021-26691 | external |
| https://bugzilla.suse.com/1187017 | external |
| https://bugzilla.suse.com/1187933 | external |
| https://www.suse.com/security/cve/CVE-2021-30641 | external |
| https://bugzilla.suse.com/1187174 | external |
| https://www.suse.com/security/cve/CVE-2021-31618 | external |
| https://bugzilla.suse.com/1186924 | external |
| https://bugzilla.suse.com/1187933 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for apache2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for apache2 fixes the following issues:\n\n- fixed CVE-2021-30641 [bsc#1187174]: MergeSlashes regression\n- fixed CVE-2021-31618 [bsc#1186924]: NULL pointer dereference on specially crafted HTTP/2 request\n- fixed CVE-2020-13950 [bsc#1187040]: mod_proxy NULL pointer dereference\n- fixed CVE-2020-35452 [bsc#1186922]: Single zero byte stack overflow in mod_auth_digest \n- fixed CVE-2021-26690 [bsc#1186923]: mod_session NULL pointer dereference in parser\n- fixed CVE-2021-26691 [bsc#1187017]: Heap overflow in mod_session\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-908",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0908-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:0908-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F32WQ7K6A45WOBEDFMGMRXDC2F2SL3IF/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:0908-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F32WQ7K6A45WOBEDFMGMRXDC2F2SL3IF/"
},
{
"category": "self",
"summary": "SUSE Bug 1186922",
"url": "https://bugzilla.suse.com/1186922"
},
{
"category": "self",
"summary": "SUSE Bug 1186923",
"url": "https://bugzilla.suse.com/1186923"
},
{
"category": "self",
"summary": "SUSE Bug 1186924",
"url": "https://bugzilla.suse.com/1186924"
},
{
"category": "self",
"summary": "SUSE Bug 1187017",
"url": "https://bugzilla.suse.com/1187017"
},
{
"category": "self",
"summary": "SUSE Bug 1187040",
"url": "https://bugzilla.suse.com/1187040"
},
{
"category": "self",
"summary": "SUSE Bug 1187174",
"url": "https://bugzilla.suse.com/1187174"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13950 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13950/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-35452 page",
"url": "https://www.suse.com/security/cve/CVE-2020-35452/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-26690 page",
"url": "https://www.suse.com/security/cve/CVE-2021-26690/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-26691 page",
"url": "https://www.suse.com/security/cve/CVE-2021-26691/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30641 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30641/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-31618 page",
"url": "https://www.suse.com/security/cve/CVE-2021-31618/"
}
],
"title": "Security update for apache2",
"tracking": {
"current_release_date": "2021-06-24T09:52:47Z",
"generator": {
"date": "2021-06-24T09:52:47Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:0908-1",
"initial_release_date": "2021-06-24T09:52:47Z",
"revision_history": [
{
"date": "2021-06-24T09:52:47Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.43-lp152.2.15.1.i586",
"product": {
"name": "apache2-2.4.43-lp152.2.15.1.i586",
"product_id": "apache2-2.4.43-lp152.2.15.1.i586"
}
},
{
"category": "product_version",
"name": "apache2-devel-2.4.43-lp152.2.15.1.i586",
"product": {
"name": "apache2-devel-2.4.43-lp152.2.15.1.i586",
"product_id": "apache2-devel-2.4.43-lp152.2.15.1.i586"
}
},
{
"category": "product_version",
"name": "apache2-event-2.4.43-lp152.2.15.1.i586",
"product": {
"name": "apache2-event-2.4.43-lp152.2.15.1.i586",
"product_id": "apache2-event-2.4.43-lp152.2.15.1.i586"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.43-lp152.2.15.1.i586",
"product": {
"name": "apache2-example-pages-2.4.43-lp152.2.15.1.i586",
"product_id": "apache2-example-pages-2.4.43-lp152.2.15.1.i586"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.43-lp152.2.15.1.i586",
"product": {
"name": "apache2-prefork-2.4.43-lp152.2.15.1.i586",
"product_id": "apache2-prefork-2.4.43-lp152.2.15.1.i586"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.43-lp152.2.15.1.i586",
"product": {
"name": "apache2-utils-2.4.43-lp152.2.15.1.i586",
"product_id": "apache2-utils-2.4.43-lp152.2.15.1.i586"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.43-lp152.2.15.1.i586",
"product": {
"name": "apache2-worker-2.4.43-lp152.2.15.1.i586",
"product_id": "apache2-worker-2.4.43-lp152.2.15.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-doc-2.4.43-lp152.2.15.1.noarch",
"product": {
"name": "apache2-doc-2.4.43-lp152.2.15.1.noarch",
"product_id": "apache2-doc-2.4.43-lp152.2.15.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.43-lp152.2.15.1.x86_64",
"product": {
"name": "apache2-2.4.43-lp152.2.15.1.x86_64",
"product_id": "apache2-2.4.43-lp152.2.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-devel-2.4.43-lp152.2.15.1.x86_64",
"product": {
"name": "apache2-devel-2.4.43-lp152.2.15.1.x86_64",
"product_id": "apache2-devel-2.4.43-lp152.2.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-event-2.4.43-lp152.2.15.1.x86_64",
"product": {
"name": "apache2-event-2.4.43-lp152.2.15.1.x86_64",
"product_id": "apache2-event-2.4.43-lp152.2.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.43-lp152.2.15.1.x86_64",
"product": {
"name": "apache2-example-pages-2.4.43-lp152.2.15.1.x86_64",
"product_id": "apache2-example-pages-2.4.43-lp152.2.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.43-lp152.2.15.1.x86_64",
"product": {
"name": "apache2-prefork-2.4.43-lp152.2.15.1.x86_64",
"product_id": "apache2-prefork-2.4.43-lp152.2.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.43-lp152.2.15.1.x86_64",
"product": {
"name": "apache2-utils-2.4.43-lp152.2.15.1.x86_64",
"product_id": "apache2-utils-2.4.43-lp152.2.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.43-lp152.2.15.1.x86_64",
"product": {
"name": "apache2-worker-2.4.43-lp152.2.15.1.x86_64",
"product_id": "apache2-worker-2.4.43-lp152.2.15.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.43-lp152.2.15.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.i586"
},
"product_reference": "apache2-2.4.43-lp152.2.15.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.43-lp152.2.15.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.x86_64"
},
"product_reference": "apache2-2.4.43-lp152.2.15.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.43-lp152.2.15.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.i586"
},
"product_reference": "apache2-devel-2.4.43-lp152.2.15.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.43-lp152.2.15.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.x86_64"
},
"product_reference": "apache2-devel-2.4.43-lp152.2.15.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.43-lp152.2.15.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.15.1.noarch"
},
"product_reference": "apache2-doc-2.4.43-lp152.2.15.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-event-2.4.43-lp152.2.15.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.i586"
},
"product_reference": "apache2-event-2.4.43-lp152.2.15.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-event-2.4.43-lp152.2.15.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.x86_64"
},
"product_reference": "apache2-event-2.4.43-lp152.2.15.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.43-lp152.2.15.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.i586"
},
"product_reference": "apache2-example-pages-2.4.43-lp152.2.15.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.43-lp152.2.15.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.x86_64"
},
"product_reference": "apache2-example-pages-2.4.43-lp152.2.15.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.43-lp152.2.15.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.i586"
},
"product_reference": "apache2-prefork-2.4.43-lp152.2.15.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.43-lp152.2.15.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.x86_64"
},
"product_reference": "apache2-prefork-2.4.43-lp152.2.15.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.43-lp152.2.15.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.i586"
},
"product_reference": "apache2-utils-2.4.43-lp152.2.15.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.43-lp152.2.15.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.x86_64"
},
"product_reference": "apache2-utils-2.4.43-lp152.2.15.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.43-lp152.2.15.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.i586"
},
"product_reference": "apache2-worker-2.4.43-lp152.2.15.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.43-lp152.2.15.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.x86_64"
},
"product_reference": "apache2-worker-2.4.43-lp152.2.15.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13950",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13950"
}
],
"notes": [
{
"category": "general",
"text": "Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.15.1.noarch",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13950",
"url": "https://www.suse.com/security/cve/CVE-2020-13950"
},
{
"category": "external",
"summary": "SUSE Bug 1187040 for CVE-2020-13950",
"url": "https://bugzilla.suse.com/1187040"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.15.1.noarch",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.15.1.noarch",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-24T09:52:47Z",
"details": "important"
}
],
"title": "CVE-2020-13950"
},
{
"cve": "CVE-2020-35452",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-35452"
}
],
"notes": [
{
"category": "general",
"text": "Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.15.1.noarch",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-35452",
"url": "https://www.suse.com/security/cve/CVE-2020-35452"
},
{
"category": "external",
"summary": "SUSE Bug 1186922 for CVE-2020-35452",
"url": "https://bugzilla.suse.com/1186922"
},
{
"category": "external",
"summary": "SUSE Bug 1187933 for CVE-2020-35452",
"url": "https://bugzilla.suse.com/1187933"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.15.1.noarch",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.15.1.noarch",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-24T09:52:47Z",
"details": "important"
}
],
"title": "CVE-2020-35452"
},
{
"cve": "CVE-2021-26690",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-26690"
}
],
"notes": [
{
"category": "general",
"text": "Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.15.1.noarch",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-26690",
"url": "https://www.suse.com/security/cve/CVE-2021-26690"
},
{
"category": "external",
"summary": "SUSE Bug 1186923 for CVE-2021-26690",
"url": "https://bugzilla.suse.com/1186923"
},
{
"category": "external",
"summary": "SUSE Bug 1187933 for CVE-2021-26690",
"url": "https://bugzilla.suse.com/1187933"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.15.1.noarch",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.15.1.noarch",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-24T09:52:47Z",
"details": "important"
}
],
"title": "CVE-2021-26690"
},
{
"cve": "CVE-2021-26691",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-26691"
}
],
"notes": [
{
"category": "general",
"text": "In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.15.1.noarch",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-26691",
"url": "https://www.suse.com/security/cve/CVE-2021-26691"
},
{
"category": "external",
"summary": "SUSE Bug 1187017 for CVE-2021-26691",
"url": "https://bugzilla.suse.com/1187017"
},
{
"category": "external",
"summary": "SUSE Bug 1187933 for CVE-2021-26691",
"url": "https://bugzilla.suse.com/1187933"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.15.1.noarch",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.15.1.noarch",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-24T09:52:47Z",
"details": "important"
}
],
"title": "CVE-2021-26691"
},
{
"cve": "CVE-2021-30641",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30641"
}
],
"notes": [
{
"category": "general",
"text": "Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with \u0027MergeSlashes OFF\u0027",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.15.1.noarch",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30641",
"url": "https://www.suse.com/security/cve/CVE-2021-30641"
},
{
"category": "external",
"summary": "SUSE Bug 1187174 for CVE-2021-30641",
"url": "https://bugzilla.suse.com/1187174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.15.1.noarch",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.15.1.noarch",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-24T09:52:47Z",
"details": "moderate"
}
],
"title": "CVE-2021-30641"
},
{
"cve": "CVE-2021-31618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-31618"
}
],
"notes": [
{
"category": "general",
"text": "Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected. This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server. This issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.15.1.noarch",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-31618",
"url": "https://www.suse.com/security/cve/CVE-2021-31618"
},
{
"category": "external",
"summary": "SUSE Bug 1186924 for CVE-2021-31618",
"url": "https://bugzilla.suse.com/1186924"
},
{
"category": "external",
"summary": "SUSE Bug 1187933 for CVE-2021-31618",
"url": "https://bugzilla.suse.com/1187933"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.15.1.noarch",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.15.1.noarch",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.15.1.x86_64",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.i586",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-24T09:52:47Z",
"details": "important"
}
],
"title": "CVE-2021-31618"
}
]
}
OPENSUSE-SU-2021:2127-1
Vulnerability from csaf_opensuse - Published: 2021-07-10 13:52 - Updated: 2021-07-10 13:52Summary
Security update for apache2
Severity
Important
Notes
Title of the patch: Security update for apache2
Description of the patch: This update for apache2 fixes the following issues:
- fixed CVE-2021-30641 [bsc#1187174]: MergeSlashes regression
- fixed CVE-2021-31618 [bsc#1186924]: NULL pointer dereference on specially crafted HTTP/2 request
- fixed CVE-2020-13950 [bsc#1187040]: mod_proxy NULL pointer dereference
- fixed CVE-2020-35452 [bsc#1186922]: Single zero byte stack overflow in mod_auth_digest
- fixed CVE-2021-26690 [bsc#1186923]: mod_session NULL pointer dereference in parser
- fixed CVE-2021-26691 [bsc#1187017]: Heap overflow in mod_session
Patchnames: openSUSE-SLE-15.3-2021-2127
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.1 (High)
Affected products
Recommended
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-doc-2.4.43-3.22.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-doc-2.4.43-3.22.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-doc-2.4.43-3.22.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-doc-2.4.43-3.22.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-doc-2.4.43-3.22.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-doc-2.4.43-3.22.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
32 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://bugzilla.suse.com/1186922 | self |
| https://bugzilla.suse.com/1186923 | self |
| https://bugzilla.suse.com/1186924 | self |
| https://bugzilla.suse.com/1187017 | self |
| https://bugzilla.suse.com/1187040 | self |
| https://bugzilla.suse.com/1187174 | self |
| https://www.suse.com/security/cve/CVE-2020-13950/ | self |
| https://www.suse.com/security/cve/CVE-2020-35452/ | self |
| https://www.suse.com/security/cve/CVE-2021-26690/ | self |
| https://www.suse.com/security/cve/CVE-2021-26691/ | self |
| https://www.suse.com/security/cve/CVE-2021-30641/ | self |
| https://www.suse.com/security/cve/CVE-2021-31618/ | self |
| https://www.suse.com/security/cve/CVE-2020-13950 | external |
| https://bugzilla.suse.com/1187040 | external |
| https://www.suse.com/security/cve/CVE-2020-35452 | external |
| https://bugzilla.suse.com/1186922 | external |
| https://bugzilla.suse.com/1187933 | external |
| https://www.suse.com/security/cve/CVE-2021-26690 | external |
| https://bugzilla.suse.com/1186923 | external |
| https://bugzilla.suse.com/1187933 | external |
| https://www.suse.com/security/cve/CVE-2021-26691 | external |
| https://bugzilla.suse.com/1187017 | external |
| https://bugzilla.suse.com/1187933 | external |
| https://www.suse.com/security/cve/CVE-2021-30641 | external |
| https://bugzilla.suse.com/1187174 | external |
| https://www.suse.com/security/cve/CVE-2021-31618 | external |
| https://bugzilla.suse.com/1186924 | external |
| https://bugzilla.suse.com/1187933 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for apache2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for apache2 fixes the following issues:\n\n- fixed CVE-2021-30641 [bsc#1187174]: MergeSlashes regression\n- fixed CVE-2021-31618 [bsc#1186924]: NULL pointer dereference on specially crafted HTTP/2 request\n- fixed CVE-2020-13950 [bsc#1187040]: mod_proxy NULL pointer dereference\n- fixed CVE-2020-35452 [bsc#1186922]: Single zero byte stack overflow in mod_auth_digest \n- fixed CVE-2021-26690 [bsc#1186923]: mod_session NULL pointer dereference in parser\n- fixed CVE-2021-26691 [bsc#1187017]: Heap overflow in mod_session\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-SLE-15.3-2021-2127",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_2127-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:2127-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KAQGPGA6ZQQT3VO5WOYFSSTZFH57MPWK/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:2127-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KAQGPGA6ZQQT3VO5WOYFSSTZFH57MPWK/"
},
{
"category": "self",
"summary": "SUSE Bug 1186922",
"url": "https://bugzilla.suse.com/1186922"
},
{
"category": "self",
"summary": "SUSE Bug 1186923",
"url": "https://bugzilla.suse.com/1186923"
},
{
"category": "self",
"summary": "SUSE Bug 1186924",
"url": "https://bugzilla.suse.com/1186924"
},
{
"category": "self",
"summary": "SUSE Bug 1187017",
"url": "https://bugzilla.suse.com/1187017"
},
{
"category": "self",
"summary": "SUSE Bug 1187040",
"url": "https://bugzilla.suse.com/1187040"
},
{
"category": "self",
"summary": "SUSE Bug 1187174",
"url": "https://bugzilla.suse.com/1187174"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13950 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13950/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-35452 page",
"url": "https://www.suse.com/security/cve/CVE-2020-35452/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-26690 page",
"url": "https://www.suse.com/security/cve/CVE-2021-26690/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-26691 page",
"url": "https://www.suse.com/security/cve/CVE-2021-26691/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30641 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30641/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-31618 page",
"url": "https://www.suse.com/security/cve/CVE-2021-31618/"
}
],
"title": "Security update for apache2",
"tracking": {
"current_release_date": "2021-07-10T13:52:30Z",
"generator": {
"date": "2021-07-10T13:52:30Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:2127-1",
"initial_release_date": "2021-07-10T13:52:30Z",
"revision_history": [
{
"date": "2021-07-10T13:52:30Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.43-3.22.1.aarch64",
"product": {
"name": "apache2-2.4.43-3.22.1.aarch64",
"product_id": "apache2-2.4.43-3.22.1.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-devel-2.4.43-3.22.1.aarch64",
"product": {
"name": "apache2-devel-2.4.43-3.22.1.aarch64",
"product_id": "apache2-devel-2.4.43-3.22.1.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-event-2.4.43-3.22.1.aarch64",
"product": {
"name": "apache2-event-2.4.43-3.22.1.aarch64",
"product_id": "apache2-event-2.4.43-3.22.1.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.43-3.22.1.aarch64",
"product": {
"name": "apache2-example-pages-2.4.43-3.22.1.aarch64",
"product_id": "apache2-example-pages-2.4.43-3.22.1.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.43-3.22.1.aarch64",
"product": {
"name": "apache2-prefork-2.4.43-3.22.1.aarch64",
"product_id": "apache2-prefork-2.4.43-3.22.1.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.43-3.22.1.aarch64",
"product": {
"name": "apache2-utils-2.4.43-3.22.1.aarch64",
"product_id": "apache2-utils-2.4.43-3.22.1.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.43-3.22.1.aarch64",
"product": {
"name": "apache2-worker-2.4.43-3.22.1.aarch64",
"product_id": "apache2-worker-2.4.43-3.22.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-doc-2.4.43-3.22.1.noarch",
"product": {
"name": "apache2-doc-2.4.43-3.22.1.noarch",
"product_id": "apache2-doc-2.4.43-3.22.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.43-3.22.1.ppc64le",
"product": {
"name": "apache2-2.4.43-3.22.1.ppc64le",
"product_id": "apache2-2.4.43-3.22.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-devel-2.4.43-3.22.1.ppc64le",
"product": {
"name": "apache2-devel-2.4.43-3.22.1.ppc64le",
"product_id": "apache2-devel-2.4.43-3.22.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-event-2.4.43-3.22.1.ppc64le",
"product": {
"name": "apache2-event-2.4.43-3.22.1.ppc64le",
"product_id": "apache2-event-2.4.43-3.22.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.43-3.22.1.ppc64le",
"product": {
"name": "apache2-example-pages-2.4.43-3.22.1.ppc64le",
"product_id": "apache2-example-pages-2.4.43-3.22.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.43-3.22.1.ppc64le",
"product": {
"name": "apache2-prefork-2.4.43-3.22.1.ppc64le",
"product_id": "apache2-prefork-2.4.43-3.22.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.43-3.22.1.ppc64le",
"product": {
"name": "apache2-utils-2.4.43-3.22.1.ppc64le",
"product_id": "apache2-utils-2.4.43-3.22.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.43-3.22.1.ppc64le",
"product": {
"name": "apache2-worker-2.4.43-3.22.1.ppc64le",
"product_id": "apache2-worker-2.4.43-3.22.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.43-3.22.1.s390x",
"product": {
"name": "apache2-2.4.43-3.22.1.s390x",
"product_id": "apache2-2.4.43-3.22.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-devel-2.4.43-3.22.1.s390x",
"product": {
"name": "apache2-devel-2.4.43-3.22.1.s390x",
"product_id": "apache2-devel-2.4.43-3.22.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-event-2.4.43-3.22.1.s390x",
"product": {
"name": "apache2-event-2.4.43-3.22.1.s390x",
"product_id": "apache2-event-2.4.43-3.22.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.43-3.22.1.s390x",
"product": {
"name": "apache2-example-pages-2.4.43-3.22.1.s390x",
"product_id": "apache2-example-pages-2.4.43-3.22.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.43-3.22.1.s390x",
"product": {
"name": "apache2-prefork-2.4.43-3.22.1.s390x",
"product_id": "apache2-prefork-2.4.43-3.22.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.43-3.22.1.s390x",
"product": {
"name": "apache2-utils-2.4.43-3.22.1.s390x",
"product_id": "apache2-utils-2.4.43-3.22.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.43-3.22.1.s390x",
"product": {
"name": "apache2-worker-2.4.43-3.22.1.s390x",
"product_id": "apache2-worker-2.4.43-3.22.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.43-3.22.1.x86_64",
"product": {
"name": "apache2-2.4.43-3.22.1.x86_64",
"product_id": "apache2-2.4.43-3.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-devel-2.4.43-3.22.1.x86_64",
"product": {
"name": "apache2-devel-2.4.43-3.22.1.x86_64",
"product_id": "apache2-devel-2.4.43-3.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-event-2.4.43-3.22.1.x86_64",
"product": {
"name": "apache2-event-2.4.43-3.22.1.x86_64",
"product_id": "apache2-event-2.4.43-3.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.43-3.22.1.x86_64",
"product": {
"name": "apache2-example-pages-2.4.43-3.22.1.x86_64",
"product_id": "apache2-example-pages-2.4.43-3.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.43-3.22.1.x86_64",
"product": {
"name": "apache2-prefork-2.4.43-3.22.1.x86_64",
"product_id": "apache2-prefork-2.4.43-3.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.43-3.22.1.x86_64",
"product": {
"name": "apache2-utils-2.4.43-3.22.1.x86_64",
"product_id": "apache2-utils-2.4.43-3.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.43-3.22.1.x86_64",
"product": {
"name": "apache2-worker-2.4.43-3.22.1.x86_64",
"product_id": "apache2-worker-2.4.43-3.22.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.43-3.22.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-2.4.43-3.22.1.aarch64"
},
"product_reference": "apache2-2.4.43-3.22.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.43-3.22.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-2.4.43-3.22.1.ppc64le"
},
"product_reference": "apache2-2.4.43-3.22.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.43-3.22.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-2.4.43-3.22.1.s390x"
},
"product_reference": "apache2-2.4.43-3.22.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.43-3.22.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-2.4.43-3.22.1.x86_64"
},
"product_reference": "apache2-2.4.43-3.22.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.43-3.22.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.aarch64"
},
"product_reference": "apache2-devel-2.4.43-3.22.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.43-3.22.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.ppc64le"
},
"product_reference": "apache2-devel-2.4.43-3.22.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.43-3.22.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.s390x"
},
"product_reference": "apache2-devel-2.4.43-3.22.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.43-3.22.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.x86_64"
},
"product_reference": "apache2-devel-2.4.43-3.22.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.43-3.22.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-doc-2.4.43-3.22.1.noarch"
},
"product_reference": "apache2-doc-2.4.43-3.22.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-event-2.4.43-3.22.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.aarch64"
},
"product_reference": "apache2-event-2.4.43-3.22.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-event-2.4.43-3.22.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.ppc64le"
},
"product_reference": "apache2-event-2.4.43-3.22.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-event-2.4.43-3.22.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.s390x"
},
"product_reference": "apache2-event-2.4.43-3.22.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-event-2.4.43-3.22.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.x86_64"
},
"product_reference": "apache2-event-2.4.43-3.22.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.43-3.22.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.aarch64"
},
"product_reference": "apache2-example-pages-2.4.43-3.22.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.43-3.22.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.ppc64le"
},
"product_reference": "apache2-example-pages-2.4.43-3.22.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.43-3.22.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.s390x"
},
"product_reference": "apache2-example-pages-2.4.43-3.22.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.43-3.22.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.x86_64"
},
"product_reference": "apache2-example-pages-2.4.43-3.22.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.43-3.22.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.aarch64"
},
"product_reference": "apache2-prefork-2.4.43-3.22.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.43-3.22.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.ppc64le"
},
"product_reference": "apache2-prefork-2.4.43-3.22.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.43-3.22.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.s390x"
},
"product_reference": "apache2-prefork-2.4.43-3.22.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.43-3.22.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.x86_64"
},
"product_reference": "apache2-prefork-2.4.43-3.22.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.43-3.22.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.aarch64"
},
"product_reference": "apache2-utils-2.4.43-3.22.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.43-3.22.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.ppc64le"
},
"product_reference": "apache2-utils-2.4.43-3.22.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.43-3.22.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.s390x"
},
"product_reference": "apache2-utils-2.4.43-3.22.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.43-3.22.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.x86_64"
},
"product_reference": "apache2-utils-2.4.43-3.22.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.43-3.22.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.aarch64"
},
"product_reference": "apache2-worker-2.4.43-3.22.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.43-3.22.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.ppc64le"
},
"product_reference": "apache2-worker-2.4.43-3.22.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.43-3.22.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.s390x"
},
"product_reference": "apache2-worker-2.4.43-3.22.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.43-3.22.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.x86_64"
},
"product_reference": "apache2-worker-2.4.43-3.22.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13950",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13950"
}
],
"notes": [
{
"category": "general",
"text": "Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.43-3.22.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13950",
"url": "https://www.suse.com/security/cve/CVE-2020-13950"
},
{
"category": "external",
"summary": "SUSE Bug 1187040 for CVE-2020-13950",
"url": "https://bugzilla.suse.com/1187040"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.43-3.22.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.43-3.22.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-10T13:52:30Z",
"details": "important"
}
],
"title": "CVE-2020-13950"
},
{
"cve": "CVE-2020-35452",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-35452"
}
],
"notes": [
{
"category": "general",
"text": "Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.43-3.22.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-35452",
"url": "https://www.suse.com/security/cve/CVE-2020-35452"
},
{
"category": "external",
"summary": "SUSE Bug 1186922 for CVE-2020-35452",
"url": "https://bugzilla.suse.com/1186922"
},
{
"category": "external",
"summary": "SUSE Bug 1187933 for CVE-2020-35452",
"url": "https://bugzilla.suse.com/1187933"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.43-3.22.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.43-3.22.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-10T13:52:30Z",
"details": "important"
}
],
"title": "CVE-2020-35452"
},
{
"cve": "CVE-2021-26690",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-26690"
}
],
"notes": [
{
"category": "general",
"text": "Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.43-3.22.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-26690",
"url": "https://www.suse.com/security/cve/CVE-2021-26690"
},
{
"category": "external",
"summary": "SUSE Bug 1186923 for CVE-2021-26690",
"url": "https://bugzilla.suse.com/1186923"
},
{
"category": "external",
"summary": "SUSE Bug 1187933 for CVE-2021-26690",
"url": "https://bugzilla.suse.com/1187933"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.43-3.22.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.43-3.22.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-10T13:52:30Z",
"details": "important"
}
],
"title": "CVE-2021-26690"
},
{
"cve": "CVE-2021-26691",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-26691"
}
],
"notes": [
{
"category": "general",
"text": "In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.43-3.22.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-26691",
"url": "https://www.suse.com/security/cve/CVE-2021-26691"
},
{
"category": "external",
"summary": "SUSE Bug 1187017 for CVE-2021-26691",
"url": "https://bugzilla.suse.com/1187017"
},
{
"category": "external",
"summary": "SUSE Bug 1187933 for CVE-2021-26691",
"url": "https://bugzilla.suse.com/1187933"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.43-3.22.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.43-3.22.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-10T13:52:30Z",
"details": "important"
}
],
"title": "CVE-2021-26691"
},
{
"cve": "CVE-2021-30641",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30641"
}
],
"notes": [
{
"category": "general",
"text": "Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with \u0027MergeSlashes OFF\u0027",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.43-3.22.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30641",
"url": "https://www.suse.com/security/cve/CVE-2021-30641"
},
{
"category": "external",
"summary": "SUSE Bug 1187174 for CVE-2021-30641",
"url": "https://bugzilla.suse.com/1187174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.43-3.22.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.43-3.22.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-10T13:52:30Z",
"details": "moderate"
}
],
"title": "CVE-2021-30641"
},
{
"cve": "CVE-2021-31618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-31618"
}
],
"notes": [
{
"category": "general",
"text": "Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected. This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server. This issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.43-3.22.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-31618",
"url": "https://www.suse.com/security/cve/CVE-2021-31618"
},
{
"category": "external",
"summary": "SUSE Bug 1186924 for CVE-2021-31618",
"url": "https://bugzilla.suse.com/1186924"
},
{
"category": "external",
"summary": "SUSE Bug 1187933 for CVE-2021-31618",
"url": "https://bugzilla.suse.com/1187933"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.43-3.22.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.43-3.22.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.22.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-10T13:52:30Z",
"details": "important"
}
],
"title": "CVE-2021-31618"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…