Action not permitted
Modal body text goes here.
cve-2021-3688
Vulnerability from cvelistv5
Published
2022-08-26 15:25
Modified
2024-08-03 17:01
Severity ?
EPSS score ?
Summary
A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
References
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2021-3688 | Vendor Advisory | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1990252 | Issue Tracking, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2021-3688 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1990252 | Issue Tracking, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Red Hat JBCS HTTP Server |
Version: Fixed in jbcs-httpd-2.4.37.SP10 GA |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:01:08.137Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1990252" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2021-3688" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Red Hat JBCS HTTP Server", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in jbcs-httpd-2.4.37.SP10 GA" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-26T15:25:40", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1990252" }, { "tags": [ "x_refsource_MISC" ], "url": "https://access.redhat.com/security/cve/CVE-2021-3688" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-3688", "datePublished": "2022-08-26T15:25:40", "dateReserved": "2021-08-05T00:00:00", "dateUpdated": "2024-08-03T17:01:08.137Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2021-3688\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2022-08-26T16:15:09.330\",\"lastModified\":\"2024-11-21T06:22:09.520\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.\"},{\"lang\":\"es\",\"value\":\"Se ha encontrado un fallo en el Servidor HTTP de Red Hat JBoss Core Services en todas las versiones, en el que no normaliza apropiadamente el componente de la ruta de una URL de petici\u00f3n que contenga punto y coma. Este fallo podr\u00eda permitir a un atacante acceder a informaci\u00f3n no autorizada o posiblemente conducir otros ataques. La mayor amenaza de esta vulnerabilidad es para la confidencialidad e integridad de los datos.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_core_services_httpd:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.4.37\",\"matchCriteriaId\":\"970B5B03-B3E4-4E12-9B92-580FC7FD95D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_core_services_httpd:2.4.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"573F58D4-B7C3-440C-8FB4-5D3F83C3A0F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_core_services_httpd:2.4.37:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"68CAE945-14FB-46E8-AC4E-9F97BC0E6A53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_core_services_httpd:2.4.37:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7DD47E0-0144-4EFF-A7A1-FE27A7D70DF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_core_services_httpd:2.4.37:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"882469F8-F936-4BC2-987B-D1635FFF5CF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_core_services_httpd:2.4.37:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11A5C31-69FD-4EF6-BD1F-37BA248CB9BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_core_services_httpd:2.4.37:sp5:*:*:*:*:*:*\",\"matchCriteriaId\":\"32331EA5-EFE2-483B-8691-C9455B116589\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_core_services_httpd:2.4.37:sp6:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B092B2D-F03B-4B8A-9BDF-C0A188D9A659\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_core_services_httpd:2.4.37:sp7:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBE638FF-092C-4A87-9D33-B25484C2F2D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_core_services_httpd:2.4.37:sp8:*:*:*:*:*:*\",\"matchCriteriaId\":\"E18DDC09-33C4-4FA1-BBCF-15D2F6FAAAE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_core_services_httpd:2.4.37:sp9:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B639B08-622C-4312-B71B-AA3A7BCC34C4\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/security/cve/CVE-2021-3688\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1990252\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/security/cve/CVE-2021-3688\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1990252\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]}]}}" } }
gsd-2021-3688
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2021-3688", "description": "A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "id": "GSD-2021-3688", "references": [ "https://access.redhat.com/errata/RHSA-2021:4613", "https://access.redhat.com/errata/RHSA-2021:4614" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2021-3688" ], "details": "A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "id": "GSD-2021-3688", "modified": "2023-12-13T01:23:35.217983Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2021-3688", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Red Hat JBCS HTTP Server", "version": { "version_data": [ { "version_affected": "=", "version_value": "Fixed in jbcs-httpd-2.4.37.SP10 GA" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "cweId": "CWE-200", "lang": "eng", "value": "CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1990252", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1990252" }, { "name": "https://access.redhat.com/security/cve/CVE-2021-3688", "refsource": "MISC", "url": "https://access.redhat.com/security/cve/CVE-2021-3688" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:jboss_core_services_httpd:2.4.37:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_core_services_httpd:2.4.37:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_core_services_httpd:2.4.37:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_core_services_httpd:2.4.37:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_core_services_httpd:2.4.37:sp4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_core_services_httpd:2.4.37:sp5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_core_services_httpd:2.4.37:sp6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_core_services_httpd:2.4.37:sp7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_core_services_httpd:2.4.37:sp8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_core_services_httpd:2.4.37:sp9:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_core_services_httpd:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.4.37", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2021-3688" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-200" } ] } ] }, "references": { "reference_data": [ { "name": "https://access.redhat.com/security/cve/CVE-2021-3688", "refsource": "MISC", "tags": [ "Vendor Advisory" ], "url": "https://access.redhat.com/security/cve/CVE-2021-3688" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1990252", "refsource": "MISC", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1990252" } ] } }, "impact": { "baseMetricV3": { "cvssV3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 2.5 } }, "lastModifiedDate": "2023-02-12T23:42Z", "publishedDate": "2022-08-26T16:15Z" } } }
ghsa-f3rq-463v-2j36
Vulnerability from github
Published
2022-08-27 00:00
Modified
2022-09-01 00:00
Severity ?
Details
A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
{ "affected": [], "aliases": [ "CVE-2021-3688" ], "database_specific": { "cwe_ids": [ "CWE-200", "CWE-22" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2022-08-26T16:15:00Z", "severity": "CRITICAL" }, "details": "A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "id": "GHSA-f3rq-463v-2j36", "modified": "2022-09-01T00:00:17Z", "published": "2022-08-27T00:00:45Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3688" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2021:4614" }, { "type": "WEB", "url": "https://access.redhat.com/security/cve/CVE-2021-3688" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1990252" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "type": "CVSS_V3" } ] }
rhsa-2021_4613
Vulnerability from csaf_redhat
Published
2021-11-10 17:14
Modified
2024-12-08 12:01
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP10 security update
Notes
Topic
Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10 zip release for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows is available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release adds the new Apache HTTP Server 2.4.37 Service Pack 10 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 9 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* httpd: Single zero byte stack overflow in mod_auth_digest (CVE-2020-35452)
* httpd: mod_session NULL pointer dereference in parser (CVE-2021-26690)
* httpd: Heap overflow in mod_session (CVE-2021-26691)
* httpd: mod_proxy_wstunnel tunneling of non Upgraded connection (CVE-2019-17567)
* httpd: MergeSlashes regression (CVE-2021-30641)
* httpd: mod_proxy NULL pointer dereference (CVE-2020-13950)
* jbcs-httpd24-openssl: openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841)
* openssl: Read buffer overruns processing ASN.1 strings (CVE-2021-3712)
* openssl: integer overflow in CipherUpdate (CVE-2021-23840)
* pcre: buffer over-read in JIT when UTF is disabled (CVE-2019-20838)
* pcre: integer overflow in libpcre (CVE-2020-14155)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10 zip release for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows is available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.\n\nThis release adds the new Apache HTTP Server 2.4.37 Service Pack 10 packages that are part of the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 9 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* httpd: Single zero byte stack overflow in mod_auth_digest (CVE-2020-35452)\n* httpd: mod_session NULL pointer dereference in parser (CVE-2021-26690)\n* httpd: Heap overflow in mod_session (CVE-2021-26691)\n* httpd: mod_proxy_wstunnel tunneling of non Upgraded connection (CVE-2019-17567)\n* httpd: MergeSlashes regression (CVE-2021-30641)\n* httpd: mod_proxy NULL pointer dereference (CVE-2020-13950)\n* jbcs-httpd24-openssl: openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841)\n* openssl: Read buffer overruns processing ASN.1 strings (CVE-2021-3712)\n* openssl: integer overflow in CipherUpdate (CVE-2021-23840)\n* pcre: buffer over-read in JIT when UTF is disabled (CVE-2019-20838)\n* pcre: integer overflow in libpcre (CVE-2020-14155)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:4613", "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1848436", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848436" }, { "category": "external", "summary": "1848444", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848444" }, { "category": "external", "summary": "1930310", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930310" }, { "category": "external", "summary": "1930324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930324" }, { "category": "external", "summary": "1966724", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966724" }, { "category": "external", "summary": "1966729", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966729" }, { "category": "external", "summary": "1966732", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966732" }, { "category": "external", "summary": "1966738", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966738" }, { "category": "external", "summary": "1966740", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966740" }, { "category": "external", "summary": "1966743", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966743" }, { "category": "external", "summary": "1995634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995634" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4613.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP10 security update", "tracking": { "current_release_date": "2024-12-08T12:01:34+00:00", "generator": { "date": "2024-12-08T12:01:34+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2021:4613", "initial_release_date": "2021-11-10T17:14:06+00:00", "revision_history": [ { "date": "2021-11-10T17:14:06+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-11-10T17:14:06+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-08T12:01:34+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Core Services 1", "product": { "name": "Red Hat JBoss Core Services 1", "product_id": "Red Hat JBoss Core Services 1", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_core_services:1" } } } ], "category": "product_family", "name": "Red Hat JBoss Core Services" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "the Apache project", "Mikhail Egorov" ] } ], "cve": "CVE-2019-17567", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2021-05-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1966740" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache httpd. The mod_proxy_wstunnel module tunnels non-upgraded connections.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_proxy_wstunnel tunneling of non Upgraded connection", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-17567" }, { "category": "external", "summary": "RHBZ#1966740", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966740" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-17567", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17567" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17567", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17567" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2021-06-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-10T17:14:06+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "category": "workaround", "details": "Only configurations which use mod_proxy_wstunnel are affected by this flaw. It is also safe to comment-out the \"LoadModule proxy_wstunnel_module ... \" line in /etc/httpd/conf.modules.d/00-proxy.conf for configurations which do not rely on a websockets reverse proxy.", "product_ids": [ "Red Hat JBoss Core Services 1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_proxy_wstunnel tunneling of non Upgraded connection" }, { "cve": "CVE-2019-20838", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2020-06-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1848444" } ], "notes": [ { "category": "description", "text": "libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \\X or \\R has more than one fixed quantifier, a related issue to CVE-2019-20454.", "title": "Vulnerability description" }, { "category": "summary", "text": "pcre: Buffer over-read in JIT when UTF is disabled and \\X or \\R has fixed quantifier greater than 1", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-20838" }, { "category": "external", "summary": "RHBZ#1848444", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848444" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-20838", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20838" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20838", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20838" } ], "release_date": "2020-06-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-10T17:14:06+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "category": "workaround", "details": "Do not use more than one fixed quantifier with \\R or \\X with UTF disabled in PCRE or PCRE2, as these are the conditions needed to trigger the flaw.", "product_ids": [ "Red Hat JBoss Core Services 1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "pcre: Buffer over-read in JIT when UTF is disabled and \\X or \\R has fixed quantifier greater than 1" }, { "acknowledgments": [ { "names": [ "the Apache project", "Marc Stern" ] } ], "cve": "CVE-2020-13950", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2021-05-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1966738" } ], "notes": [ { "category": "description", "text": "A flaw was found In Apache httpd. The mod_proxy has a NULL pointer dereference. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_proxy NULL pointer dereference", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-13950" }, { "category": "external", "summary": "RHBZ#1966738", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966738" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-13950", "url": "https://www.cve.org/CVERecord?id=CVE-2020-13950" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13950", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13950" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2021-06-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-10T17:14:06+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4613" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: mod_proxy NULL pointer dereference" }, { "cve": "CVE-2020-14155", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2020-06-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1848436" } ], "notes": [ { "category": "description", "text": "libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.", "title": "Vulnerability description" }, { "category": "summary", "text": "pcre: Integer overflow when parsing callout numeric arguments", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14155" }, { "category": "external", "summary": "RHBZ#1848436", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848436" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14155", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14155" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14155", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14155" } ], "release_date": "2020-06-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-10T17:14:06+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "category": "workaround", "details": "This flaw can be mitigated by not compiling regular expressions with a callout value greater outside of 0-255 or handling the value passed to the callback within the application code.", "product_ids": [ "Red Hat JBoss Core Services 1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "pcre: Integer overflow when parsing callout numeric arguments" }, { "acknowledgments": [ { "names": [ "the Apache project" ] }, { "names": [ "Antonio Morales" ], "organization": "GHSL" } ], "cve": "CVE-2020-35452", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2021-05-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1966724" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache httpd. The mod_auth_digest has a single zero byte stack overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Single zero byte stack overflow in mod_auth_digest", "title": "Vulnerability summary" }, { "category": "other", "text": "This is a one byte overflow and as per upstream it should be non-exploitable in most condtions.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-35452" }, { "category": "external", "summary": "RHBZ#1966724", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966724" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-35452", "url": "https://www.cve.org/CVERecord?id=CVE-2020-35452" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-35452", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35452" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2021-06-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-10T17:14:06+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "category": "workaround", "details": "Only configurations which use mod_auth_digest are affected by this flaw. Also as per upstream this flaw is not exploitable in most conditions, so there should really be no impact of this flaw.", "product_ids": [ "Red Hat JBoss Core Services 1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: Single zero byte stack overflow in mod_auth_digest" }, { "cve": "CVE-2021-3688", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2021-05-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1990252" } ], "notes": [ { "category": "description", "text": "A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "JBCS: URL normalization issue with dot-dot-semicolon(s) leads to information disclosure", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3688" }, { "category": "external", "summary": "RHBZ#1990252", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1990252" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3688", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3688" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3688", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3688" } ], "release_date": "2021-08-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-10T17:14:06+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "category": "workaround", "details": "Manually add LocationMatch directive to deny any possible problem requests in the JBCS httpd configuration. For example:\n~~~\n\u003cLocationMatch \".*\\.\\.;.*\"\u003e\n Require all denied\n\u003c/LocationMatch\u003e\n~~~", "product_ids": [ "Red Hat JBoss Core Services 1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "JBCS: URL normalization issue with dot-dot-semicolon(s) leads to information disclosure" }, { "acknowledgments": [ { "names": [ "the OpenSSL project" ], "organization": "Ingo Schwarze", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2021-3712", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2021-08-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1995634" } ], "notes": [ { "category": "description", "text": "It was found that openssl assumed ASN.1 strings to be NUL terminated. A malicious actor may be able to force an application into calling openssl function with a specially crafted, non-NUL terminated string to deliberately hit this bug, which may result in a crash of the application, causing a Denial of Service attack, or possibly, memory disclosure. The highest threat from this vulnerability is to data confidentiality and system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: Read buffer overruns processing ASN.1 strings", "title": "Vulnerability summary" }, { "category": "other", "text": "The following Red Hat products do not ship the affected OpenSSL component but rely on the Red Hat Enterprise Linux to consume them:\n * Red Hat Satellite\n * Red Hat Update Infrastructure\n * Red Hat CloudForms\n\nThe Red Hat Advanced Cluster Management for Kubernetes is using the vulnerable version of the library, however the vulnerable code path is not reachable.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3712" }, { "category": "external", "summary": "RHBZ#1995634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995634" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3712", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3712" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3712", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3712" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20210824.txt", "url": "https://www.openssl.org/news/secadv/20210824.txt" } ], "release_date": "2021-08-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-10T17:14:06+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4613" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: Read buffer overruns processing ASN.1 strings" }, { "cve": "CVE-2021-23840", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2021-02-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1930324" } ], "notes": [ { "category": "description", "text": "Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissible length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: integer overflow in CipherUpdate", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw only affects applications which are compiled with OpenSSL and using EVP_CipherUpdate, EVP_EncryptUpdate or EVP_DecryptUpdate functions. When specially-crafted values are passed to these functions, it can cause the application to crash or behave incorrectly.\n\nOpenSSL in Red Hat Enterprise Linux 9 was marked as not affected as its already fixed in RHEL9 Alpha release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-23840" }, { "category": "external", "summary": "RHBZ#1930324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930324" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23840", "url": "https://www.cve.org/CVERecord?id=CVE-2021-23840" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23840", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23840" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20210216.txt", "url": "https://www.openssl.org/news/secadv/20210216.txt" } ], "release_date": "2021-02-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-10T17:14:06+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4613" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "openssl: integer overflow in CipherUpdate" }, { "cve": "CVE-2021-23841", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2021-02-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1930310" } ], "notes": [ { "category": "description", "text": "The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: NULL pointer dereference in X509_issuer_and_serial_hash()", "title": "Vulnerability summary" }, { "category": "other", "text": "This is a a null pointer dereference in the X509_issuer_and_serial_hash() function, which can result in crash if called by an application compiled with OpenSSL, by passing a specially-crafted certificate. OpenSSL internally does not use this function.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-23841" }, { "category": "external", "summary": "RHBZ#1930310", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930310" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23841", "url": "https://www.cve.org/CVERecord?id=CVE-2021-23841" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23841", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23841" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20210216.txt", "url": "https://www.openssl.org/news/secadv/20210216.txt" } ], "release_date": "2021-02-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-10T17:14:06+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "category": "workaround", "details": "As per upstream \"The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources.\"", "product_ids": [ "Red Hat JBoss Core Services 1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: NULL pointer dereference in X509_issuer_and_serial_hash()" }, { "acknowledgments": [ { "names": [ "the Apache project" ] }, { "names": [ "Antonio Morales" ], "organization": "GHSL" } ], "cve": "CVE-2021-26690", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2021-05-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1966729" } ], "notes": [ { "category": "description", "text": "A NULL pointer dereference was found in Apache httpd mod_session. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_session: NULL pointer dereference when parsing Cookie header", "title": "Vulnerability summary" }, { "category": "other", "text": "This is a null pointer deference caused when using mod_session. It can result in crash of httpd child process by a remote attacker.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-26690" }, { "category": "external", "summary": "RHBZ#1966729", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966729" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-26690", "url": "https://www.cve.org/CVERecord?id=CVE-2021-26690" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-26690", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26690" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2021-06-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-10T17:14:06+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "category": "workaround", "details": "Only configurations which use the \"SessionEnv\" directive (which is not widely used) are vulnerable to this flaw. SessionEnv is not enabled in default configuration of httpd package shipped with Red Hat Products.", "product_ids": [ "Red Hat JBoss Core Services 1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_session: NULL pointer dereference when parsing Cookie header" }, { "acknowledgments": [ { "names": [ "the Apache project", "Christophe Jaillet" ] } ], "cve": "CVE-2021-26691", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2021-05-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1966732" } ], "notes": [ { "category": "description", "text": "A heap overflow flaw was found In Apache httpd mod_session. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_session: Heap overflow via a crafted SessionHeader value", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw can result in a crash of the httpd child process when mod_session is used.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-26691" }, { "category": "external", "summary": "RHBZ#1966732", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966732" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-26691", "url": "https://www.cve.org/CVERecord?id=CVE-2021-26691" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-26691", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26691" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2021-06-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-10T17:14:06+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "category": "workaround", "details": "Only configurations which use the \"SessionEnv\" directive (which is not widely used) are vulnerable to this flaw. SessionEnv is not enabled in default configuration of httpd package shipped with Red Hat Products.", "product_ids": [ "Red Hat JBoss Core Services 1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_session: Heap overflow via a crafted SessionHeader value" }, { "acknowledgments": [ { "names": [ "the Apache project", "Christoph Anton Mitterer" ] } ], "cve": "CVE-2021-30641", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-05-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1966743" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache httpd. A possible regression from an earlier security fix broke behavior of MergeSlashes. The highest threat from this vulnerability is to data integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Unexpected URL matching with \u0027MergeSlashes OFF\u0027", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw was introduced when fixing https://access.redhat.com/security/cve/cve-2019-0220, therefore versions of httpd package shipped with Red Hat Enterprise Linux 7, 8 and Red Hat Software Collections are affected by this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-30641" }, { "category": "external", "summary": "RHBZ#1966743", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966743" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-30641", "url": "https://www.cve.org/CVERecord?id=CVE-2021-30641" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-30641", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30641" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2021-06-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-10T17:14:06+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "category": "workaround", "details": "This issue can be mitigated by setting the \"MergeSlashes\" directive to OFF", "product_ids": [ "Red Hat JBoss Core Services 1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: Unexpected URL matching with \u0027MergeSlashes OFF\u0027" }, { "cve": "CVE-2021-34798", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2021-09-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2005128" } ], "notes": [ { "category": "description", "text": "A NULL pointer dereference in httpd allows an unauthenticated remote attacker to crash httpd by providing malformed HTTP requests. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: NULL pointer dereference via malformed requests", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-34798" }, { "category": "external", "summary": "RHBZ#2005128", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005128" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-34798", "url": "https://www.cve.org/CVERecord?id=CVE-2021-34798" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-34798", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34798" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2021-09-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-10T17:14:06+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example.", "product_ids": [ "Red Hat JBoss Core Services 1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: NULL pointer dereference via malformed requests" } ] }
rhsa-2021_4614
Vulnerability from csaf_redhat
Published
2021-11-10 17:20
Modified
2024-12-08 12:01
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP10 security update
Notes
Topic
Updated packages that provide Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release adds the new Apache HTTP Server 2.4.37 Service Pack 10 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 9 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* httpd: Single zero byte stack overflow in mod_auth_digest (CVE-2020-35452)
* httpd: mod_session NULL pointer dereference in parser (CVE-2021-26690)
* httpd: Heap overflow in mod_session (CVE-2021-26691)
* httpd: mod_proxy_wstunnel tunneling of non Upgraded connection (CVE-2019-17567)
* httpd: MergeSlashes regression (CVE-2021-30641)
* httpd: mod_proxy NULL pointer dereference (CVE-2020-13950)
* jbcs-httpd24-openssl: openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841)
* openssl: Read buffer overruns processing ASN.1 strings (CVE-2021-3712)
* openssl: integer overflow in CipherUpdate (CVE-2021-23840)
* pcre: buffer over-read in JIT when UTF is disabled (CVE-2019-20838)
* pcre: integer overflow in libpcre (CVE-2020-14155)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated packages that provide Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "This release adds the new Apache HTTP Server 2.4.37 Service Pack 10 packages that are part of the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 9 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* httpd: Single zero byte stack overflow in mod_auth_digest (CVE-2020-35452)\n* httpd: mod_session NULL pointer dereference in parser (CVE-2021-26690)\n* httpd: Heap overflow in mod_session (CVE-2021-26691)\n* httpd: mod_proxy_wstunnel tunneling of non Upgraded connection (CVE-2019-17567)\n* httpd: MergeSlashes regression (CVE-2021-30641)\n* httpd: mod_proxy NULL pointer dereference (CVE-2020-13950)\n* jbcs-httpd24-openssl: openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841)\n* openssl: Read buffer overruns processing ASN.1 strings (CVE-2021-3712)\n* openssl: integer overflow in CipherUpdate (CVE-2021-23840)\n* pcre: buffer over-read in JIT when UTF is disabled (CVE-2019-20838)\n* pcre: integer overflow in libpcre (CVE-2020-14155)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:4614", "url": "https://access.redhat.com/errata/RHSA-2021:4614" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1848436", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848436" }, { "category": "external", "summary": "1848444", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848444" }, { "category": "external", "summary": "1930310", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930310" }, { "category": "external", "summary": "1930324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930324" }, { "category": "external", "summary": "1966724", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966724" }, { "category": "external", "summary": "1966729", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966729" }, { "category": "external", "summary": "1966732", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966732" }, { "category": "external", "summary": "1966738", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966738" }, { "category": "external", "summary": "1966740", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966740" }, { "category": "external", "summary": "1966743", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966743" }, { "category": "external", "summary": "1995634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995634" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4614.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP10 security update", "tracking": { "current_release_date": "2024-12-08T12:01:42+00:00", "generator": { "date": "2024-12-08T12:01:42+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2021:4614", "initial_release_date": "2021-11-10T17:20:46+00:00", "revision_history": [ { "date": "2021-11-10T17:20:46+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-11-10T17:20:46+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-08T12:01:42+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Core Services on RHEL 7 Server", "product": { "name": "Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_core_services:1::el7" } } }, { "category": "product_name", "name": "Red Hat JBoss Core Services on RHEL 8", "product": { "name": "Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_core_services:1::el8" } } } ], "category": "product_family", "name": "Red Hat JBoss Core Services" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "product": { "name": "jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "product_id": "jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-107.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "product": { "name": "jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "product_id": "jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-84.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "product": { "name": "jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "product_id": "jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-curl@7.78.0-2.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "product": { "name": "jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "product_id": "jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.39.2-39.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "product": { "name": "jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "product_id": "jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1g-8.jbcs.el7?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "product": { "name": "jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "product_id": "jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-chil@1.0.0-7.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "product": { "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "product_id": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11@0.4.10-22.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "product": { "name": "jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "product_id": "jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.37-78.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "product": { "name": "jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "product_id": "jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.7-21.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "product": { "name": "jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "product_id": "jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.0.8-40.jbcs.el7?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "product": { "name": "jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.16-9.Final_redhat_2.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "product": { "name": "jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "product_id": "jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.2-67.GA.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "product": { "name": "jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "product_id": "jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.48-20.redhat_1.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "product": { "name": "jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "product_id": "jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-107.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "product": { "name": "jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "product_id": "jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-84.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "product": { "name": "jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "product_id": "jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-curl@7.78.0-2.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "product": { "name": "jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "product_id": "jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.39.2-39.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "product": { "name": "jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "product_id": "jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1g-8.el8jbcs?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "product": { "name": "jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "product_id": "jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-chil@1.0.0-7.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "product": { "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "product_id": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11@0.4.10-22.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "product": { "name": "jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "product_id": "jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.37-78.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "product": { "name": "jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "product_id": "jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.7-21.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "product": { "name": "jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "product_id": "jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.0.8-40.el8jbcs?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "product": { "name": "jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "product_id": "jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.48-20.redhat_1.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "product": { "name": "jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.16-9.Final_redhat_2.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "product": { "name": "jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "product_id": "jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.2-67.GA.el8jbcs?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-107.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.6.3-107.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.6.3-107.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-84.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-84.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-84.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-84.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-84.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-84.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-84.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-84.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-84.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-84.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-curl@7.78.0-2.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl@7.78.0-2.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl-devel@7.78.0-2.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-curl-debuginfo@7.78.0-2.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.39.2-39.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.39.2-39.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.39.2-39.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1g-8.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.1.1g-8.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.1.1g-8.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.1.1g-8.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.1.1g-8.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.1.1g-8.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-chil@1.0.0-7.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-chil-debuginfo@1.0.0-7.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11@0.4.10-22.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11-debuginfo@0.4.10-22.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.37-78.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.37-78.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.37-78.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.37-78.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.37-78.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.37-78.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.37-78.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.37-78.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.37-78.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.7-21.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2-debuginfo@1.15.7-21.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.0.8-40.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md-debuginfo@2.0.8-40.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.16-9.Final_redhat_2.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.16-9.Final_redhat_2.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.2-67.GA.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.2-67.GA.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.48-20.redhat_1.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-manual@1.2.48-20.redhat_1.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.48-20.redhat_1.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-107.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.6.3-107.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.6.3-107.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-84.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-84.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-84.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-84.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-84.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-84.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-84.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-84.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-84.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-84.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap-debuginfo@1.6.1-84.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql-debuginfo@1.6.1-84.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss-debuginfo@1.6.1-84.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc-debuginfo@1.6.1-84.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl-debuginfo@1.6.1-84.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql-debuginfo@1.6.1-84.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite-debuginfo@1.6.1-84.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "product_id": "jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-curl@7.78.0-2.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "product_id": "jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl@7.78.0-2.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "product_id": "jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl-devel@7.78.0-2.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "product_id": "jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-curl-debuginfo@7.78.0-2.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "product_id": "jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl-debuginfo@7.78.0-2.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "product_id": "jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.39.2-39.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "product_id": "jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.39.2-39.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "product_id": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.39.2-39.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1g-8.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.1.1g-8.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.1.1g-8.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.1.1g-8.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.1.1g-8.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.1.1g-8.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs-debuginfo@1.1.1g-8.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-chil@1.0.0-7.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-chil-debuginfo@1.0.0-7.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11@0.4.10-22.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11-debuginfo@0.4.10-22.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.37-78.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.37-78.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.37-78.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.37-78.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.37-78.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.37-78.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.37-78.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.37-78.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.37-78.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools-debuginfo@2.4.37-78.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap-debuginfo@2.4.37-78.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html-debuginfo@2.4.37-78.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session-debuginfo@2.4.37-78.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl-debuginfo@2.4.37-78.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.7-21.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2-debuginfo@1.15.7-21.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.0.8-40.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md-debuginfo@2.0.8-40.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.48-20.redhat_1.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-manual@1.2.48-20.redhat_1.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24-debuginfo@1.2.48-20.redhat_1.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.16-9.Final_redhat_2.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.16-9.Final_redhat_2.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.2-67.GA.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.2-67.GA.el8jbcs?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "product": { "name": "jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "product_id": "jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.37-78.jbcs.el7?arch=noarch" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "product": { "name": "jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "product_id": "jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.37-78.el8jbcs?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch" }, "product_reference": "jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src" }, "product_reference": "jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src" }, "product_reference": "jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src" }, "product_reference": "jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src" }, "product_reference": "jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch" }, "product_reference": "jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src" }, "product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src" }, "product_reference": "jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src" }, "product_reference": "jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src" }, "product_reference": "jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src" }, "product_reference": "jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src" }, "product_reference": "jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src" }, "product_reference": "jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src" }, "product_reference": "jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src" }, "product_reference": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "the Apache project", "Mikhail Egorov" ] } ], "cve": "CVE-2019-17567", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2021-05-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1966740" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache httpd. The mod_proxy_wstunnel module tunnels non-upgraded connections.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_proxy_wstunnel tunneling of non Upgraded connection", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-17567" }, { "category": "external", "summary": "RHBZ#1966740", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966740" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-17567", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17567" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17567", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17567" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2021-06-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-10T17:20:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4614" }, { "category": "workaround", "details": "Only configurations which use mod_proxy_wstunnel are affected by this flaw. It is also safe to comment-out the \"LoadModule proxy_wstunnel_module ... \" line in /etc/httpd/conf.modules.d/00-proxy.conf for configurations which do not rely on a websockets reverse proxy.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_proxy_wstunnel tunneling of non Upgraded connection" }, { "cve": "CVE-2019-20838", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2020-06-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1848444" } ], "notes": [ { "category": "description", "text": "libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \\X or \\R has more than one fixed quantifier, a related issue to CVE-2019-20454.", "title": "Vulnerability description" }, { "category": "summary", "text": "pcre: Buffer over-read in JIT when UTF is disabled and \\X or \\R has fixed quantifier greater than 1", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-20838" }, { "category": "external", "summary": "RHBZ#1848444", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848444" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-20838", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20838" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20838", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20838" } ], "release_date": "2020-06-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-10T17:20:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4614" }, { "category": "workaround", "details": "Do not use more than one fixed quantifier with \\R or \\X with UTF disabled in PCRE or PCRE2, as these are the conditions needed to trigger the flaw.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "pcre: Buffer over-read in JIT when UTF is disabled and \\X or \\R has fixed quantifier greater than 1" }, { "acknowledgments": [ { "names": [ "the Apache project", "Marc Stern" ] } ], "cve": "CVE-2020-13950", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2021-05-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1966738" } ], "notes": [ { "category": "description", "text": "A flaw was found In Apache httpd. The mod_proxy has a NULL pointer dereference. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_proxy NULL pointer dereference", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-13950" }, { "category": "external", "summary": "RHBZ#1966738", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966738" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-13950", "url": "https://www.cve.org/CVERecord?id=CVE-2020-13950" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13950", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13950" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2021-06-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-10T17:20:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4614" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: mod_proxy NULL pointer dereference" }, { "cve": "CVE-2020-14155", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2020-06-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1848436" } ], "notes": [ { "category": "description", "text": "libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.", "title": "Vulnerability description" }, { "category": "summary", "text": "pcre: Integer overflow when parsing callout numeric arguments", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14155" }, { "category": "external", "summary": "RHBZ#1848436", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848436" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14155", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14155" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14155", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14155" } ], "release_date": "2020-06-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-10T17:20:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4614" }, { "category": "workaround", "details": "This flaw can be mitigated by not compiling regular expressions with a callout value greater outside of 0-255 or handling the value passed to the callback within the application code.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "pcre: Integer overflow when parsing callout numeric arguments" }, { "acknowledgments": [ { "names": [ "the Apache project" ] }, { "names": [ "Antonio Morales" ], "organization": "GHSL" } ], "cve": "CVE-2020-35452", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2021-05-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1966724" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache httpd. The mod_auth_digest has a single zero byte stack overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Single zero byte stack overflow in mod_auth_digest", "title": "Vulnerability summary" }, { "category": "other", "text": "This is a one byte overflow and as per upstream it should be non-exploitable in most condtions.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-35452" }, { "category": "external", "summary": "RHBZ#1966724", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966724" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-35452", "url": "https://www.cve.org/CVERecord?id=CVE-2020-35452" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-35452", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35452" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2021-06-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-10T17:20:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4614" }, { "category": "workaround", "details": "Only configurations which use mod_auth_digest are affected by this flaw. Also as per upstream this flaw is not exploitable in most conditions, so there should really be no impact of this flaw.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: Single zero byte stack overflow in mod_auth_digest" }, { "cve": "CVE-2021-3688", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2021-05-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1990252" } ], "notes": [ { "category": "description", "text": "A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "JBCS: URL normalization issue with dot-dot-semicolon(s) leads to information disclosure", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3688" }, { "category": "external", "summary": "RHBZ#1990252", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1990252" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3688", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3688" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3688", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3688" } ], "release_date": "2021-08-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-10T17:20:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4614" }, { "category": "workaround", "details": "Manually add LocationMatch directive to deny any possible problem requests in the JBCS httpd configuration. For example:\n~~~\n\u003cLocationMatch \".*\\.\\.;.*\"\u003e\n Require all denied\n\u003c/LocationMatch\u003e\n~~~", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "JBCS: URL normalization issue with dot-dot-semicolon(s) leads to information disclosure" }, { "acknowledgments": [ { "names": [ "the OpenSSL project" ], "organization": "Ingo Schwarze", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2021-3712", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2021-08-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1995634" } ], "notes": [ { "category": "description", "text": "It was found that openssl assumed ASN.1 strings to be NUL terminated. A malicious actor may be able to force an application into calling openssl function with a specially crafted, non-NUL terminated string to deliberately hit this bug, which may result in a crash of the application, causing a Denial of Service attack, or possibly, memory disclosure. The highest threat from this vulnerability is to data confidentiality and system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: Read buffer overruns processing ASN.1 strings", "title": "Vulnerability summary" }, { "category": "other", "text": "The following Red Hat products do not ship the affected OpenSSL component but rely on the Red Hat Enterprise Linux to consume them:\n * Red Hat Satellite\n * Red Hat Update Infrastructure\n * Red Hat CloudForms\n\nThe Red Hat Advanced Cluster Management for Kubernetes is using the vulnerable version of the library, however the vulnerable code path is not reachable.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3712" }, { "category": "external", "summary": "RHBZ#1995634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995634" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3712", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3712" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3712", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3712" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20210824.txt", "url": "https://www.openssl.org/news/secadv/20210824.txt" } ], "release_date": "2021-08-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-10T17:20:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4614" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: Read buffer overruns processing ASN.1 strings" }, { "cve": "CVE-2021-23840", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2021-02-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1930324" } ], "notes": [ { "category": "description", "text": "Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissible length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: integer overflow in CipherUpdate", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw only affects applications which are compiled with OpenSSL and using EVP_CipherUpdate, EVP_EncryptUpdate or EVP_DecryptUpdate functions. When specially-crafted values are passed to these functions, it can cause the application to crash or behave incorrectly.\n\nOpenSSL in Red Hat Enterprise Linux 9 was marked as not affected as its already fixed in RHEL9 Alpha release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-23840" }, { "category": "external", "summary": "RHBZ#1930324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930324" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23840", "url": "https://www.cve.org/CVERecord?id=CVE-2021-23840" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23840", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23840" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20210216.txt", "url": "https://www.openssl.org/news/secadv/20210216.txt" } ], "release_date": "2021-02-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-10T17:20:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4614" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "openssl: integer overflow in CipherUpdate" }, { "cve": "CVE-2021-23841", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2021-02-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1930310" } ], "notes": [ { "category": "description", "text": "The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: NULL pointer dereference in X509_issuer_and_serial_hash()", "title": "Vulnerability summary" }, { "category": "other", "text": "This is a a null pointer dereference in the X509_issuer_and_serial_hash() function, which can result in crash if called by an application compiled with OpenSSL, by passing a specially-crafted certificate. OpenSSL internally does not use this function.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-23841" }, { "category": "external", "summary": "RHBZ#1930310", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930310" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23841", "url": "https://www.cve.org/CVERecord?id=CVE-2021-23841" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23841", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23841" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20210216.txt", "url": "https://www.openssl.org/news/secadv/20210216.txt" } ], "release_date": "2021-02-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-10T17:20:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4614" }, { "category": "workaround", "details": "As per upstream \"The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources.\"", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: NULL pointer dereference in X509_issuer_and_serial_hash()" }, { "acknowledgments": [ { "names": [ "the Apache project" ] }, { "names": [ "Antonio Morales" ], "organization": "GHSL" } ], "cve": "CVE-2021-26690", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2021-05-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1966729" } ], "notes": [ { "category": "description", "text": "A NULL pointer dereference was found in Apache httpd mod_session. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_session: NULL pointer dereference when parsing Cookie header", "title": "Vulnerability summary" }, { "category": "other", "text": "This is a null pointer deference caused when using mod_session. It can result in crash of httpd child process by a remote attacker.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-26690" }, { "category": "external", "summary": "RHBZ#1966729", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966729" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-26690", "url": "https://www.cve.org/CVERecord?id=CVE-2021-26690" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-26690", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26690" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2021-06-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-10T17:20:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4614" }, { "category": "workaround", "details": "Only configurations which use the \"SessionEnv\" directive (which is not widely used) are vulnerable to this flaw. SessionEnv is not enabled in default configuration of httpd package shipped with Red Hat Products.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_session: NULL pointer dereference when parsing Cookie header" }, { "acknowledgments": [ { "names": [ "the Apache project", "Christophe Jaillet" ] } ], "cve": "CVE-2021-26691", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2021-05-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1966732" } ], "notes": [ { "category": "description", "text": "A heap overflow flaw was found In Apache httpd mod_session. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_session: Heap overflow via a crafted SessionHeader value", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw can result in a crash of the httpd child process when mod_session is used.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-26691" }, { "category": "external", "summary": "RHBZ#1966732", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966732" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-26691", "url": "https://www.cve.org/CVERecord?id=CVE-2021-26691" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-26691", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26691" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2021-06-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-10T17:20:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4614" }, { "category": "workaround", "details": "Only configurations which use the \"SessionEnv\" directive (which is not widely used) are vulnerable to this flaw. SessionEnv is not enabled in default configuration of httpd package shipped with Red Hat Products.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_session: Heap overflow via a crafted SessionHeader value" }, { "acknowledgments": [ { "names": [ "the Apache project", "Christoph Anton Mitterer" ] } ], "cve": "CVE-2021-30641", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-05-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1966743" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache httpd. A possible regression from an earlier security fix broke behavior of MergeSlashes. The highest threat from this vulnerability is to data integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Unexpected URL matching with \u0027MergeSlashes OFF\u0027", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw was introduced when fixing https://access.redhat.com/security/cve/cve-2019-0220, therefore versions of httpd package shipped with Red Hat Enterprise Linux 7, 8 and Red Hat Software Collections are affected by this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-30641" }, { "category": "external", "summary": "RHBZ#1966743", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966743" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-30641", "url": "https://www.cve.org/CVERecord?id=CVE-2021-30641" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-30641", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30641" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2021-06-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-10T17:20:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4614" }, { "category": "workaround", "details": "This issue can be mitigated by setting the \"MergeSlashes\" directive to OFF", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: Unexpected URL matching with \u0027MergeSlashes OFF\u0027" }, { "cve": "CVE-2021-34798", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2021-09-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2005128" } ], "notes": [ { "category": "description", "text": "A NULL pointer dereference in httpd allows an unauthenticated remote attacker to crash httpd by providing malformed HTTP requests. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: NULL pointer dereference via malformed requests", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-34798" }, { "category": "external", "summary": "RHBZ#2005128", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005128" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-34798", "url": "https://www.cve.org/CVERecord?id=CVE-2021-34798" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-34798", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34798" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2021-09-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-10T17:20:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4614" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-107.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-84.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-78.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-9.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-21.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-20.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-40.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-67.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-78.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-39.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-7.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-8.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-8.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: NULL pointer dereference via malformed requests" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.