RHSA-2022:6753
Vulnerability from csaf_redhat
Published
2022-09-29 13:33
Modified
2025-01-09 06:13
Summary
Red Hat Security Advisory: httpd24-httpd security and bug fix update
Notes
Topic
An update for httpd24-httpd is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
* httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943)
* httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193)
* httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)
* httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (CVE-2021-36160)
* httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)
* httpd: possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224)
* httpd: mod_lua: Use of uninitialized value of in r:parsebody (CVE-2022-22719)
* httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721)
* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)
* httpd: mod_lua: DoS in r:parsebody (CVE-2022-29404)
* httpd: mod_sed: DoS vulnerability (CVE-2022-30522)
* httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813)
* httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614)
* httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)
* httpd: mod_lua: Information disclosure with websockets (CVE-2022-30556)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* proxy rewrite to unix socket fails with CVE-2021-40438 fix (BZ#2022319)
Additional changes:
* To fix CVE-2022-29404, the default value for the "LimitRequestBody" directive in the Apache HTTP Server has been changed from 0 (unlimited) to 1 GiB.
On systems where the value of "LimitRequestBody" is not explicitly specified in an httpd configuration file, updating the httpd package sets "LimitRequestBody" to the default value of 1 GiB. As a consequence, if the total size of the HTTP request body exceeds this 1 GiB default limit, httpd returns the 413 Request Entity Too Large error code.
If the new default allowed size of an HTTP request message body is insufficient for your use case, update your httpd configuration files within the respective context (server, per-directory, per-file, or per-location) and set your preferred limit in bytes. For example, to set a new 2 GiB limit, use:
LimitRequestBody 2147483648
Systems already configured to use any explicit value for the "LimitRequestBody" directive are unaffected by this change.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for httpd24-httpd is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n* httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943)\n\n* httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193)\n\n* httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)\n\n* httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (CVE-2021-36160)\n\n* httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)\n\n* httpd: possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224)\n\n* httpd: mod_lua: Use of uninitialized value of in r:parsebody (CVE-2022-22719)\n\n* httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721)\n\n* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)\n\n* httpd: mod_lua: DoS in r:parsebody (CVE-2022-29404)\n\n* httpd: mod_sed: DoS vulnerability (CVE-2022-30522)\n\n* httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813)\n\n* httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614)\n\n* httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)\n\n* httpd: mod_lua: Information disclosure with websockets (CVE-2022-30556)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* proxy rewrite to unix socket fails with CVE-2021-40438 fix (BZ#2022319)\n\nAdditional changes:\n\n* To fix CVE-2022-29404, the default value for the \"LimitRequestBody\" directive in the Apache HTTP Server has been changed from 0 (unlimited) to 1 GiB. \n\nOn systems where the value of \"LimitRequestBody\" is not explicitly specified in an httpd configuration file, updating the httpd package sets \"LimitRequestBody\" to the default value of 1 GiB. As a consequence, if the total size of the HTTP request body exceeds this 1 GiB default limit, httpd returns the 413 Request Entity Too Large error code.\n\nIf the new default allowed size of an HTTP request message body is insufficient for your use case, update your httpd configuration files within the respective context (server, per-directory, per-file, or per-location) and set your preferred limit in bytes. For example, to set a new 2 GiB limit, use:\n\nLimitRequestBody 2147483648\n\nSystems already configured to use any explicit value for the \"LimitRequestBody\" directive are unaffected by this change.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:6753", url: "https://access.redhat.com/errata/RHSA-2022:6753", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/articles/6975397", url: "https://access.redhat.com/articles/6975397", }, { category: "external", summary: "1966728", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1966728", }, { category: "external", summary: "2005119", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2005119", }, { category: "external", summary: "2005124", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2005124", }, { category: "external", summary: "2005128", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2005128", }, { category: "external", summary: "2034672", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2034672", }, { category: "external", summary: "2064319", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064319", }, { category: "external", summary: "2064320", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064320", }, { category: "external", summary: "2064322", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064322", }, { category: "external", summary: "2094997", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094997", }, { category: "external", summary: "2095002", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095002", }, { category: "external", summary: "2095006", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095006", }, { category: "external", summary: "2095012", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095012", }, { category: "external", summary: "2095015", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095015", }, { category: "external", summary: "2095018", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095018", }, { category: "external", summary: "2095020", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095020", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6753.json", }, ], title: "Red Hat Security Advisory: httpd24-httpd security and bug fix update", tracking: { current_release_date: "2025-01-09T06:13:02+00:00", generator: { date: "2025-01-09T06:13:02+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2022:6753", initial_release_date: "2022-09-29T13:33:06+00:00", revision_history: [ { date: "2022-09-29T13:33:06+00:00", number: "1", summary: "Initial version", }, { date: "2022-09-29T13:33:06+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-09T06:13:02+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Software Collections for RHEL Workstation(v. 7)", product: { name: "Red Hat Software Collections for RHEL Workstation(v. 7)", product_id: "7Server-RHSCL-3.8", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_software_collections:3::el7", }, }, }, { category: "product_name", name: "Red Hat Software Collections for RHEL(v. 7)", product: { name: "Red Hat Software Collections for RHEL(v. 7)", product_id: "7Workstation-RHSCL-3.8", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_software_collections:3::el7", }, }, }, ], category: "product_family", name: "Red Hat Software Collections", }, { branches: [ { category: "product_version", name: "httpd24-httpd-0:2.4.34-23.el7.5.src", product: { name: "httpd24-httpd-0:2.4.34-23.el7.5.src", product_id: "httpd24-httpd-0:2.4.34-23.el7.5.src", product_identification_helper: { purl: "pkg:rpm/redhat/httpd24-httpd@2.4.34-23.el7.5?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "httpd24-httpd-0:2.4.34-23.el7.5.x86_64", product: { name: "httpd24-httpd-0:2.4.34-23.el7.5.x86_64", product_id: "httpd24-httpd-0:2.4.34-23.el7.5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd24-httpd@2.4.34-23.el7.5?arch=x86_64", }, }, }, { category: "product_version", name: "httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", product: { name: "httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", product_id: "httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd24-httpd-devel@2.4.34-23.el7.5?arch=x86_64", }, }, }, { category: "product_version", name: "httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", product: { name: "httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", product_id: "httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd24-httpd-tools@2.4.34-23.el7.5?arch=x86_64", }, }, }, { category: "product_version", name: "httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", product: { name: "httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", product_id: "httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd24-mod_ldap@2.4.34-23.el7.5?arch=x86_64", }, }, }, { category: "product_version", name: "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", product: { name: "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", product_id: "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd24-mod_proxy_html@2.4.34-23.el7.5?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", product: { name: "httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", product_id: "httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd24-mod_session@2.4.34-23.el7.5?arch=x86_64", }, }, }, { category: "product_version", name: "httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", product: { name: "httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", product_id: "httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd24-mod_ssl@2.4.34-23.el7.5?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", product: { name: "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", product_id: "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd24-httpd-debuginfo@2.4.34-23.el7.5?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", product: { name: "httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", product_id: "httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/httpd24-httpd-manual@2.4.34-23.el7.5?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "httpd24-httpd-0:2.4.34-23.el7.5.s390x", product: { name: "httpd24-httpd-0:2.4.34-23.el7.5.s390x", product_id: "httpd24-httpd-0:2.4.34-23.el7.5.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd24-httpd@2.4.34-23.el7.5?arch=s390x", }, }, }, { category: "product_version", name: "httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", product: { name: "httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", product_id: "httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd24-httpd-devel@2.4.34-23.el7.5?arch=s390x", }, }, }, { category: "product_version", name: "httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", product: { name: "httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", product_id: "httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd24-httpd-tools@2.4.34-23.el7.5?arch=s390x", }, }, }, { category: "product_version", name: "httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", product: { name: "httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", product_id: "httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd24-mod_ldap@2.4.34-23.el7.5?arch=s390x", }, }, }, { category: "product_version", name: "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", product: { name: "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", product_id: "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd24-mod_proxy_html@2.4.34-23.el7.5?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "httpd24-mod_session-0:2.4.34-23.el7.5.s390x", product: { name: "httpd24-mod_session-0:2.4.34-23.el7.5.s390x", product_id: "httpd24-mod_session-0:2.4.34-23.el7.5.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd24-mod_session@2.4.34-23.el7.5?arch=s390x", }, }, }, { category: "product_version", name: "httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", product: { name: "httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", product_id: "httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd24-mod_ssl@2.4.34-23.el7.5?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", product: { name: "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", product_id: "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd24-httpd-debuginfo@2.4.34-23.el7.5?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", product: { name: "httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", product_id: "httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/httpd24-httpd@2.4.34-23.el7.5?arch=ppc64le", }, }, }, { category: "product_version", name: "httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", product: { name: "httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", product_id: "httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/httpd24-httpd-devel@2.4.34-23.el7.5?arch=ppc64le", }, }, }, { category: "product_version", name: "httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", product: { name: "httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", product_id: "httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/httpd24-httpd-tools@2.4.34-23.el7.5?arch=ppc64le", }, }, }, { category: "product_version", name: "httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", product: { name: "httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", product_id: "httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/httpd24-mod_ldap@2.4.34-23.el7.5?arch=ppc64le", }, }, }, { category: "product_version", name: "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", product: { name: "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", product_id: "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/httpd24-mod_proxy_html@2.4.34-23.el7.5?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", product: { name: "httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", product_id: "httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/httpd24-mod_session@2.4.34-23.el7.5?arch=ppc64le", }, }, }, { category: "product_version", name: "httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", product: { name: "httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", product_id: "httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/httpd24-mod_ssl@2.4.34-23.el7.5?arch=ppc64le&epoch=1", }, }, }, { category: "product_version", name: "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", product: { name: "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", product_id: "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/httpd24-httpd-debuginfo@2.4.34-23.el7.5?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "httpd24-httpd-0:2.4.34-23.el7.5.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", product_id: "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", }, product_reference: "httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", relates_to_product_reference: "7Server-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-httpd-0:2.4.34-23.el7.5.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", product_id: "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", }, product_reference: "httpd24-httpd-0:2.4.34-23.el7.5.s390x", relates_to_product_reference: "7Server-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-httpd-0:2.4.34-23.el7.5.src as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", product_id: "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", }, product_reference: "httpd24-httpd-0:2.4.34-23.el7.5.src", relates_to_product_reference: "7Server-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-httpd-0:2.4.34-23.el7.5.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", product_id: "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", }, product_reference: "httpd24-httpd-0:2.4.34-23.el7.5.x86_64", relates_to_product_reference: "7Server-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", product_id: "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", }, product_reference: "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", relates_to_product_reference: "7Server-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", product_id: "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", }, product_reference: "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", relates_to_product_reference: "7Server-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", product_id: "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", }, product_reference: "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", relates_to_product_reference: "7Server-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", product_id: "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", }, product_reference: "httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", relates_to_product_reference: "7Server-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", product_id: "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", }, product_reference: "httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", relates_to_product_reference: "7Server-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", product_id: "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", }, product_reference: "httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", relates_to_product_reference: "7Server-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", product_id: "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", }, product_reference: "httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", relates_to_product_reference: "7Server-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", product_id: "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", }, product_reference: "httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", relates_to_product_reference: "7Server-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", product_id: "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", }, product_reference: "httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", relates_to_product_reference: "7Server-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", product_id: "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", }, product_reference: "httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", relates_to_product_reference: "7Server-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", product_id: "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", }, product_reference: "httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", relates_to_product_reference: "7Server-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", product_id: "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", }, product_reference: "httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", relates_to_product_reference: "7Server-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", product_id: "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", }, product_reference: "httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", relates_to_product_reference: "7Server-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", product_id: "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", }, product_reference: "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", relates_to_product_reference: "7Server-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", product_id: "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", }, product_reference: "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", relates_to_product_reference: "7Server-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", product_id: "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", }, product_reference: "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", relates_to_product_reference: "7Server-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", product_id: "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", }, product_reference: "httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", relates_to_product_reference: "7Server-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-mod_session-0:2.4.34-23.el7.5.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", product_id: "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", }, product_reference: "httpd24-mod_session-0:2.4.34-23.el7.5.s390x", relates_to_product_reference: "7Server-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-mod_session-0:2.4.34-23.el7.5.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", product_id: "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", }, product_reference: "httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", relates_to_product_reference: "7Server-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", product_id: "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", }, product_reference: "httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", relates_to_product_reference: "7Server-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", product_id: "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", }, product_reference: "httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", relates_to_product_reference: "7Server-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", product_id: "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", }, product_reference: "httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", relates_to_product_reference: "7Server-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-httpd-0:2.4.34-23.el7.5.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", product_id: "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", }, product_reference: "httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", relates_to_product_reference: "7Workstation-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-httpd-0:2.4.34-23.el7.5.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", product_id: "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", }, product_reference: "httpd24-httpd-0:2.4.34-23.el7.5.s390x", relates_to_product_reference: "7Workstation-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-httpd-0:2.4.34-23.el7.5.src as a component of Red Hat Software Collections for RHEL(v. 7)", product_id: "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", }, product_reference: "httpd24-httpd-0:2.4.34-23.el7.5.src", relates_to_product_reference: "7Workstation-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-httpd-0:2.4.34-23.el7.5.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", product_id: "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", }, product_reference: "httpd24-httpd-0:2.4.34-23.el7.5.x86_64", relates_to_product_reference: "7Workstation-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", product_id: "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", }, product_reference: "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", relates_to_product_reference: "7Workstation-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", product_id: "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", }, product_reference: "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", relates_to_product_reference: "7Workstation-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", product_id: "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", }, product_reference: "httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", relates_to_product_reference: "7Workstation-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", product_id: "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", }, product_reference: "httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", relates_to_product_reference: "7Workstation-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", product_id: "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", }, product_reference: "httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", relates_to_product_reference: "7Workstation-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", product_id: "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", }, product_reference: "httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", relates_to_product_reference: "7Workstation-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch as a component of Red Hat Software Collections for RHEL(v. 7)", product_id: "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", }, product_reference: "httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", relates_to_product_reference: "7Workstation-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", product_id: "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", }, product_reference: "httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", relates_to_product_reference: "7Workstation-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", product_id: "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", }, product_reference: "httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", relates_to_product_reference: "7Workstation-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", product_id: "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", }, product_reference: "httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", relates_to_product_reference: "7Workstation-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", product_id: "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", }, product_reference: "httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", relates_to_product_reference: "7Workstation-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", product_id: "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", }, product_reference: "httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", relates_to_product_reference: "7Workstation-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", product_id: "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", }, product_reference: "httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", relates_to_product_reference: "7Workstation-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", product_id: "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", }, product_reference: "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", relates_to_product_reference: "7Workstation-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", product_id: "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", }, product_reference: "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", relates_to_product_reference: "7Workstation-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", product_id: "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", }, product_reference: "httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", relates_to_product_reference: "7Workstation-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", product_id: "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", }, product_reference: "httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", relates_to_product_reference: "7Workstation-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-mod_session-0:2.4.34-23.el7.5.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", product_id: "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", }, product_reference: "httpd24-mod_session-0:2.4.34-23.el7.5.s390x", relates_to_product_reference: "7Workstation-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-mod_session-0:2.4.34-23.el7.5.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", product_id: "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", }, product_reference: "httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", relates_to_product_reference: "7Workstation-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", product_id: "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", }, product_reference: "httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", relates_to_product_reference: "7Workstation-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", product_id: "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", }, product_reference: "httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", relates_to_product_reference: "7Workstation-RHSCL-3.8", }, { category: "default_component_of", full_product_name: { name: "httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", product_id: "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", }, product_reference: "httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", relates_to_product_reference: "7Workstation-RHSCL-3.8", }, ], }, vulnerabilities: [ { cve: "CVE-2021-33193", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, discovery_date: "2021-05-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1966728", }, ], notes: [ { category: "description", text: "A NULL pointer dereference was found in Apache httpd mod_h2. The highest threat from this flaw is to system integrity.", title: "Vulnerability description", }, { category: "summary", text: "httpd: Request splitting via HTTP/2 method injection and mod_proxy", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-33193", }, { category: "external", summary: "RHBZ#1966728", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1966728", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-33193", url: "https://www.cve.org/CVERecord?id=CVE-2021-33193", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-33193", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-33193", }, { category: "external", summary: "https://portswigger.net/research/http2", url: "https://portswigger.net/research/http2", }, ], release_date: "2021-08-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-29T13:33:06+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6753", }, { category: "workaround", details: "This flaw can be mitigated by disabling HTTP/2. More information available at: https://httpd.apache.org/docs/2.4/mod/mod_http2.html", product_ids: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: Request splitting via HTTP/2 method injection and mod_proxy", }, { cve: "CVE-2021-34798", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, discovery_date: "2021-09-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2005128", }, ], notes: [ { category: "description", text: "A NULL pointer dereference in httpd allows an unauthenticated remote attacker to crash httpd by providing malformed HTTP requests. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "httpd: NULL pointer dereference via malformed requests", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-34798", }, { category: "external", summary: "RHBZ#2005128", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2005128", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-34798", url: "https://www.cve.org/CVERecord?id=CVE-2021-34798", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-34798", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-34798", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html", url: "https://httpd.apache.org/security/vulnerabilities_24.html", }, ], release_date: "2021-09-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-29T13:33:06+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6753", }, { category: "workaround", details: "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example.", product_ids: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: NULL pointer dereference via malformed requests", }, { cve: "CVE-2021-36160", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2021-09-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2005124", }, ], notes: [ { category: "description", text: "An out-of-bounds read in mod_proxy_uwsgi of httpd allows a remote unauthenticated attacker to crash the service through a crafted request. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-36160", }, { category: "external", summary: "RHBZ#2005124", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2005124", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-36160", url: "https://www.cve.org/CVERecord?id=CVE-2021-36160", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-36160", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-36160", }, ], release_date: "2021-09-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-29T13:33:06+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6753", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path", }, { cve: "CVE-2021-39275", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2021-09-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2005119", }, ], notes: [ { category: "description", text: "An out-of-bounds write in function ap_escape_quotes of httpd allows an unauthenticated remote attacker to crash the server or potentially execute code on the system with the privileges of the httpd user, by providing malicious input to the function.", title: "Vulnerability description", }, { category: "summary", text: "httpd: Out-of-bounds write in ap_escape_quotes() via malicious input", title: "Vulnerability summary", }, { category: "other", text: "No httpd module in Red Hat Enterprise Linux and Red Hat Software Collections pass untrusted data to ap_escape_quotes function, thus the Impact of the flaw has been set to Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-39275", }, { category: "external", summary: "RHBZ#2005119", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2005119", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-39275", url: "https://www.cve.org/CVERecord?id=CVE-2021-39275", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-39275", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-39275", }, ], release_date: "2021-09-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-29T13:33:06+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6753", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: Out-of-bounds write in ap_escape_quotes() via malicious input", }, { cve: "CVE-2021-44224", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2021-12-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2034672", }, ], notes: [ { category: "description", text: "There's a null pointer dereference and server-side request forgery flaw in httpd's mod_proxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the adjacent network to the forward proxy that could cause a crash, or potentially SSRF via misdirected Unix Domain Socket requests. In the worst case, this could cause a denial of service or compromise to confidentiality of data.", title: "Vulnerability description", }, { category: "summary", text: "httpd: possible NULL dereference or SSRF in forward proxy configurations", title: "Vulnerability summary", }, { category: "other", text: "This flaw does not affect httpd configurations that do not use forward proxy functionality (configurations where ProxyRequests is turned off).", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-44224", }, { category: "external", summary: "RHBZ#2034672", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2034672", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-44224", url: "https://www.cve.org/CVERecord?id=CVE-2021-44224", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-44224", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-44224", }, { category: "external", summary: "http://httpd.apache.org/security/vulnerabilities_24.html", url: "http://httpd.apache.org/security/vulnerabilities_24.html", }, ], release_date: "2021-12-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-29T13:33:06+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6753", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H", version: "3.1", }, products: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: possible NULL dereference or SSRF in forward proxy configurations", }, { cve: "CVE-2022-22719", cwe: { id: "CWE-908", name: "Use of Uninitialized Resource", }, discovery_date: "2022-03-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064322", }, ], notes: [ { category: "description", text: "A flaw was found in the mod_lua module of httpd. A crafted request body can cause a read to a random memory area due to an uninitialized value in functions called by the parsebody function. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_lua: Use of uninitialized value of in r:parsebody", title: "Vulnerability summary", }, { category: "other", text: "httpd as shipped with Red Hat Enterprise Linux 6, is not affected by this flaw because it does not ship mod_lua.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-22719", }, { category: "external", summary: "RHBZ#2064322", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064322", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-22719", url: "https://www.cve.org/CVERecord?id=CVE-2022-22719", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-22719", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-22719", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22719", url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22719", }, ], release_date: "2022-03-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-29T13:33:06+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6753", }, { category: "workaround", details: "Disabling mod_lua and restarting httpd will mitigate this flaw. See https://access.redhat.com/articles/10649 for more information.", product_ids: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: mod_lua: Use of uninitialized value of in r:parsebody", }, { cve: "CVE-2022-22721", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-03-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064320", }, ], notes: [ { category: "description", text: "A flaw was found in httpd, where it incorrectly limits the value of the LimitXMLRequestBody option. This issue can lead to an integer overflow and later causes an out-of-bounds write.", title: "Vulnerability description", }, { category: "summary", text: "httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody", title: "Vulnerability summary", }, { category: "other", text: "The default configuration of the LimitXMLRequestBody option on RHEL is 1MB and therefore is not vulnerable to this flaw. Also, this issue is known to only affect 32bit httpd builds.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-22721", }, { category: "external", summary: "RHBZ#2064320", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064320", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-22721", url: "https://www.cve.org/CVERecord?id=CVE-2022-22721", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-22721", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-22721", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22721", url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22721", }, ], release_date: "2022-03-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-29T13:33:06+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6753", }, { category: "workaround", details: "Set the LimitXMLRequestBody option to a value smaller than 350MB. Setting it to 0 is not recommended as it will use a hard limit (depending on 32bit or 64bit systems) which may result in an overall system out-of-memory. The default configuration is not vulnerable to this flaw, see the statement above.", product_ids: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody", }, { cve: "CVE-2022-23943", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-03-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064319", }, ], notes: [ { category: "description", text: "An out-of-bounds read/write vulnerability was found in the mod_sed module of httpd. This flaw allows an attacker to overwrite the memory of an httpd instance that is using mod_sed with data provided by the attacker.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_sed: Read/write beyond bounds", title: "Vulnerability summary", }, { category: "other", text: "The `mod_sed` module is disabled by default on Red Hat Enterprise Linux 7 and 8. For this reason, the flaw has been rated as having a security impact of Moderate. The httpd package as shipped with Red Hat Enterprise Linux 6 is not affected by this flaw because the `mod_sed` module is available only in httpd 2.3 and later.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23943", }, { category: "external", summary: "RHBZ#2064319", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064319", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23943", url: "https://www.cve.org/CVERecord?id=CVE-2022-23943", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23943", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23943", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-23943", url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-23943", }, ], release_date: "2022-03-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-29T13:33:06+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6753", }, { category: "workaround", details: "Disabling mod_sed and restarting httpd will mitigate this flaw. See https://access.redhat.com/articles/10649 for more information.", product_ids: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: mod_sed: Read/write beyond bounds", }, { cve: "CVE-2022-26377", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2022-06-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2094997", }, ], notes: [ { category: "description", text: "An HTTP request smuggling vulnerability was found in the mod_proxy_ajp module of httpd. This flaw allows an attacker to smuggle requests to the AJP server, where it forwards requests.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy_ajp: Possible request smuggling", title: "Vulnerability summary", }, { category: "other", text: "The httpd mod_proxy_ajp module is enabled by default on Red Hat Enterprise Linux 8, 9, and in RHSCL. However, there are no directives forwarding requests using the AJP protocol.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-26377", }, { category: "external", summary: "RHBZ#2094997", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094997", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-26377", url: "https://www.cve.org/CVERecord?id=CVE-2022-26377", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-26377", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-26377", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-26377", url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-26377", }, ], release_date: "2022-06-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-29T13:33:06+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6753", }, { category: "workaround", details: "Disabling mod_proxy_ajp and restarting httpd will mitigate this flaw.", product_ids: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", version: "3.1", }, products: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: mod_proxy_ajp: Possible request smuggling", }, { cve: "CVE-2022-28614", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2022-06-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2095002", }, ], notes: [ { category: "description", text: "An out-of-bounds read vulnerability was found in httpd. A very large input to the ap_rputs and ap_rwrite functions can lead to an integer overflow and result in an out-of-bounds read.", title: "Vulnerability description", }, { category: "summary", text: "httpd: Out-of-bounds read via ap_rwrite()", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-28614", }, { category: "external", summary: "RHBZ#2095002", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095002", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-28614", url: "https://www.cve.org/CVERecord?id=CVE-2022-28614", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-28614", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-28614", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-28614", url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-28614", }, ], release_date: "2022-06-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-29T13:33:06+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6753", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: Out-of-bounds read via ap_rwrite()", }, { cve: "CVE-2022-28615", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2022-06-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2095006", }, ], notes: [ { category: "description", text: "An out-of-bounds read vulnerability was found in httpd. A very large input to the ap_strcmp_match function can lead to an integer overflow and result in an out-of-bounds read.", title: "Vulnerability description", }, { category: "summary", text: "httpd: Out-of-bounds read in ap_strcmp_match()", title: "Vulnerability summary", }, { category: "other", text: "According to upstream, no code distributed with the httpd server can exploit this flaw, however, third-party modules or Lua scripts that use the ap_strcmp_match function could potentially be affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-28615", }, { category: "external", summary: "RHBZ#2095006", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095006", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-28615", url: "https://www.cve.org/CVERecord?id=CVE-2022-28615", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-28615", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-28615", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-28615", url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-28615", }, ], release_date: "2022-06-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-29T13:33:06+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6753", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: Out-of-bounds read in ap_strcmp_match()", }, { cve: "CVE-2022-29404", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-06-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2095012", }, ], notes: [ { category: "description", text: "A flaw was found in the mod_lua module of httpd. A malicious request to a Lua script that calls parsebody(0) can lead to a denial of service due to no default limit on the possible input size.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_lua: DoS in r:parsebody", title: "Vulnerability summary", }, { category: "other", text: "httpd as shipped with Red Hat Enterprise Linux 6, is not affected by this flaw because it does not ship mod_lua.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-29404", }, { category: "external", summary: "RHBZ#2095012", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095012", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-29404", url: "https://www.cve.org/CVERecord?id=CVE-2022-29404", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-29404", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-29404", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-29404", url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-29404", }, ], release_date: "2022-06-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-29T13:33:06+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6753", }, { category: "workaround", details: "Disabling mod_lua and restarting httpd will mitigate this flaw.", product_ids: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: mod_lua: DoS in r:parsebody", }, { cve: "CVE-2022-30522", cwe: { id: "CWE-789", name: "Memory Allocation with Excessive Size Value", }, discovery_date: "2022-06-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2095015", }, ], notes: [ { category: "description", text: "A flaw was found in the mod_sed module of httpd. A very large input to the mod_sed module can result in a denial of service due to excessively large memory allocations.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_sed: DoS vulnerability", title: "Vulnerability summary", }, { category: "other", text: "The mod_sed module is disabled by default on Red Hat Enterprise Linux 7 and 8. The httpd package as shipped with Red Hat Enterprise Linux 6 is not affected by this flaw because the mod_sed module is not available.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30522", }, { category: "external", summary: "RHBZ#2095015", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095015", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30522", url: "https://www.cve.org/CVERecord?id=CVE-2022-30522", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30522", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30522", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-30522", url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-30522", }, ], release_date: "2022-06-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-29T13:33:06+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6753", }, { category: "workaround", details: "Disabling mod_sed and restating httpd will mitigate this flaw.", product_ids: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: mod_sed: DoS vulnerability", }, { cve: "CVE-2022-30556", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2022-06-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2095018", }, ], notes: [ { category: "description", text: "A flaw was found in the mod_lua module of httpd. The data returned by the wsread function may point past the end of the storage allocated for the buffer, resulting in information disclosure.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_lua: Information disclosure with websockets", title: "Vulnerability summary", }, { category: "other", text: "httpd as shipped with Red Hat Enterprise Linux 6, is not affected by this flaw because it does not ship mod_lua. Red Hat Enterprise Linux 7 is not affected by this flaw because the wsread function is not available.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30556", }, { category: "external", summary: "RHBZ#2095018", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095018", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30556", url: "https://www.cve.org/CVERecord?id=CVE-2022-30556", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30556", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30556", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-30556", url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-30556", }, ], release_date: "2022-06-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-29T13:33:06+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6753", }, { category: "workaround", details: "Disabling mod_lua and restarting httpd will mitigate this flaw.", product_ids: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: mod_lua: Information disclosure with websockets", }, { cve: "CVE-2022-31813", cwe: { id: "CWE-348", name: "Use of Less Trusted Source", }, discovery_date: "2022-06-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2095020", }, ], notes: [ { category: "description", text: "A flaw was found in the mod_proxy module of httpd. The server may remove the X-Forwarded-* headers from a request based on the client-side Connection header hop-by-hop mechanism.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism", title: "Vulnerability summary", }, { category: "other", text: "This flaw has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 7. Red Hat Enterprise Linux 7 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-31813", }, { category: "external", summary: "RHBZ#2095020", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095020", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-31813", url: "https://www.cve.org/CVERecord?id=CVE-2022-31813", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-31813", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-31813", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-31813", url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-31813", }, ], release_date: "2022-06-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-29T13:33:06+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", product_ids: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6753", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Server-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Server-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.src", "7Workstation-RHSCL-3.8:httpd24-httpd-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-debuginfo-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-devel-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-httpd-manual-0:2.4.34-23.el7.5.noarch", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-httpd-tools-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ldap-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_proxy_html-1:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_session-0:2.4.34-23.el7.5.x86_64", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.ppc64le", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.s390x", "7Workstation-RHSCL-3.8:httpd24-mod_ssl-1:2.4.34-23.el7.5.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.