Action not permitted
Modal body text goes here.
cve-2019-0197
Vulnerability from cvelistv5
Published
2019-06-11 21:35
Modified
2024-08-04 17:44
Severity ?
EPSS score ?
Summary
A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set "H2Upgrade on" are unaffected by this issue.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Apache Software Foundation | Apache HTTP Server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:14.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "[oss-security] 20190401 CVE-2019-0197: mod_http2, possible crash on late upgrade",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/02/2"
},
{
"name": "107665",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107665"
},
{
"name": "FEDORA-2019-cf7695b470",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808%40%3Cdev.httpd.apache.org%3E"
},
{
"name": "openSUSE-SU-2019:1190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html"
},
{
"name": "openSUSE-SU-2019:1209",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html"
},
{
"name": "openSUSE-SU-2019:1258",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K44591505"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190617-0002/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03950en_us"
},
{
"name": "USN-4113-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4113-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "RHSA-2019:3933",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"name": "RHSA-2019:3935",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"name": "RHSA-2019:3932",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache HTTP Server",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "2.4.34 to 2.4.38"
}
]
}
],
"datePublic": "2019-04-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set \"H2Upgrade on\" are unaffected by this issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "mod_http2, possible crash on late upgrade",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-06T10:10:51",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "[oss-security] 20190401 CVE-2019-0197: mod_http2, possible crash on late upgrade",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/02/2"
},
{
"name": "107665",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107665"
},
{
"name": "FEDORA-2019-cf7695b470",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808%40%3Cdev.httpd.apache.org%3E"
},
{
"name": "openSUSE-SU-2019:1190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html"
},
{
"name": "openSUSE-SU-2019:1209",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html"
},
{
"name": "openSUSE-SU-2019:1258",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K44591505"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190617-0002/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03950en_us"
},
{
"name": "USN-4113-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4113-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "RHSA-2019:3933",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"name": "RHSA-2019:3935",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"name": "RHSA-2019:3932",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2019-0197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache HTTP Server",
"version": {
"version_data": [
{
"version_value": "2.4.34 to 2.4.38"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set \"H2Upgrade on\" are unaffected by this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "mod_http2, possible crash on late upgrade"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "CONFIRM",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "[oss-security] 20190401 CVE-2019-0197: mod_http2, possible crash on late upgrade",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/04/02/2"
},
{
"name": "107665",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107665"
},
{
"name": "FEDORA-2019-cf7695b470",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/"
},
{
"name": "https://lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808@%3Cdev.httpd.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808@%3Cdev.httpd.apache.org%3E"
},
{
"name": "openSUSE-SU-2019:1190",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html"
},
{
"name": "openSUSE-SU-2019:1209",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html"
},
{
"name": "openSUSE-SU-2019:1258",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html"
},
{
"name": "https://support.f5.com/csp/article/K44591505",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K44591505"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190617-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190617-0002/"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03950en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03950en_us"
},
{
"name": "USN-4113-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4113-1/"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "RHSA-2019:3933",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"name": "RHSA-2019:3935",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"name": "RHSA-2019:3932",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2019-0197",
"datePublished": "2019-06-11T21:35:52",
"dateReserved": "2018-11-14T00:00:00",
"dateUpdated": "2024-08-04T17:44:14.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2019-0197\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2019-06-11T22:29:04.170\",\"lastModified\":\"2023-11-07T03:01:48.147\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set \\\"H2Upgrade on\\\" are unaffected by this issue.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad fue encontrada en Apache HTTP Server 2.4.34 hasta 2.4.38 y clasificada como problem\u00e1tica. Cuando se habilit\u00f3 HTTP / 2 para un http: host o H2Upgrade se habilit\u00f3 para h2 en un https: host, una solicitud de actualizaci\u00f3n de http / 1.1 a http / 2 que no fue la primera solicitud en una conexi\u00f3n podr\u00eda provocar una mala configuraci\u00f3n y un fallo. El servidor que nunca habilit\u00f3 el protocolo h2 o que solo lo habilit\u00f3 para https: y no configur\u00f3 \\\"H2Upgrade en \\\" no se ve afectado por este problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\",\"baseScore\":4.2,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.6,\"impactScore\":2.5}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":4.9},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.8,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-444\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.4.34\",\"versionEndIncluding\":\"2.4.38\",\"matchCriteriaId\":\"4AF58E59-C3D5-4899-808C-7D2F4DF93DFD\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD783B0C-9246-47D9-A937-6144FE8BFF0F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E78106-58E6-4D59-990F-75DA575BFAD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2466282-51AB-478D-9FF4-FA524265ED2E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DDF6809-53A7-4F7D-9FA8-B522BE8F7A21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA86A15F-FAB8-4DF5-95AC-DA3D1CF7A720\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB43DFD4-D058-4001-BD19-488E059F4532\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"086E2E5C-44EB-4C07-B298-C04189533996\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B042935-BC42-4CA8-9379-7F0F894F9653\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B374F86-4EC8-4797-A8C3-5C1FF1DFC9F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5682DAEB-3810-4541-833A-568C868BCE0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01BC9AED-F81D-4344-AD97-EEF19B6EA8C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37209C6F-EF99-4D21-9608-B3A06D283D24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFC79B17-E9D2-44D5-93ED-2F959E7A3D43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F69B9A5-F21B-4904-9F27-95C0F7A628E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F87FC90-16D0-4051-8280-B0DD4441F10B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0ED83E3-E6BF-4EAA-AF8F-33485A88A218\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/04/02/2\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/107665\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3932\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3933\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3935\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://httpd.apache.org/security/vulnerabilities_24.html\",\"source\":\"security@apache.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808%40%3Cdev.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/\",\"source\":\"security@apache.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20190617-0002/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K44591505\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03950en_us\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4113-1/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
rhsa-2020_2646
Vulnerability from csaf_redhat
Published
2020-06-22 13:08
Modified
2024-11-05 22:22
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 security update
Notes
Topic
Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 3 zip release for RHEL 6, RHEL 7 and Microsoft Windows is available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release adds the new Apache HTTP Server 2.4.37 Service Pack 3 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 2 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.
Security fix(es):
* httpd: mod_http2: read-after-free on a string compare (CVE-2019-0196)
* httpd: mod_http2: possible crash on late upgrade (CVE-2019-0197)
* httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934)
* nghttp2: overly large SETTINGS frames can lead to DoS (CVE-2020-11080)
* libxml2: There's a memory leak in xmlParseBalancedChunkMemoryRecover in parser.c that could result in a crash (CVE-2019-19956)
* libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c (CVE-2019-20388)
* libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations (CVE-2020-7595)
* expat: large number of colons in input makes parser consume high amount of resources, leading to DoS (CVE-2018-20843)
* expat: heap-based buffer over-read via crafted XML input (CVE-2019-15903)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 3 zip release for RHEL 6, RHEL 7 and Microsoft Windows is available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.\n\nThis release adds the new Apache HTTP Server 2.4.37 Service Pack 3 packages that are part of the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 2 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.\n\nSecurity fix(es):\n\n* httpd: mod_http2: read-after-free on a string compare (CVE-2019-0196)\n* httpd: mod_http2: possible crash on late upgrade (CVE-2019-0197)\n* httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934)\n* nghttp2: overly large SETTINGS frames can lead to DoS (CVE-2020-11080)\n* libxml2: There\u0027s a memory leak in xmlParseBalancedChunkMemoryRecover in parser.c that could result in a crash (CVE-2019-19956)\n* libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c (CVE-2019-20388)\n* libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations (CVE-2020-7595)\n* expat: large number of colons in input makes parser consume high amount of resources, leading to DoS (CVE-2018-20843)\n* expat: heap-based buffer over-read via crafted XML input (CVE-2019-15903)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:2646",
"url": "https://access.redhat.com/errata/RHSA-2020:2646"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp\u0026downloadType=securityPatches\u0026version=2.4.37",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp\u0026downloadType=securityPatches\u0026version=2.4.37"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.37/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.37/"
},
{
"category": "external",
"summary": "1695030",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695030"
},
{
"category": "external",
"summary": "1695042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695042"
},
{
"category": "external",
"summary": "1723723",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1723723"
},
{
"category": "external",
"summary": "1752592",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752592"
},
{
"category": "external",
"summary": "1788856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788856"
},
{
"category": "external",
"summary": "1799734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1799734"
},
{
"category": "external",
"summary": "1799786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1799786"
},
{
"category": "external",
"summary": "1820772",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820772"
},
{
"category": "external",
"summary": "1844929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1844929"
},
{
"category": "external",
"summary": "JBCS-941",
"url": "https://issues.redhat.com/browse/JBCS-941"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_2646.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 security update",
"tracking": {
"current_release_date": "2024-11-05T22:22:14+00:00",
"generator": {
"date": "2024-11-05T22:22:14+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2020:2646",
"initial_release_date": "2020-06-22T13:08:26+00:00",
"revision_history": [
{
"date": "2020-06-22T13:08:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-06-22T13:08:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T22:22:14+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Core Services 1",
"product": {
"name": "Red Hat JBoss Core Services 1",
"product_id": "Red Hat JBoss Core Services 1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Core Services"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-20843",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-06-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1723723"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the \"setElementTypePrefix()\" function incorrectly extracted XML namespace prefixes. By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: large number of colons in input makes parser consume high amount of resources, leading to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "When processing a specially crafted XML file, expat may use more memory than ultimately necessary, which can also lead to increased CPU usage and longer processing times. Depending on available system resources and configuration, this may also lead to the application triggering the Out-Of-Memory-Killer, causing the application to be terminated.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-20843"
},
{
"category": "external",
"summary": "RHBZ#1723723",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1723723"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-20843",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20843"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-20843",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20843"
},
{
"category": "external",
"summary": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031"
}
],
"release_date": "2019-06-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-06-22T13:08:26+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2646"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: large number of colons in input makes parser consume high amount of resources, leading to DoS"
},
{
"cve": "CVE-2019-0196",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2019-04-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1695030"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_http2: read-after-free on a string compare",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0196"
},
{
"category": "external",
"summary": "RHBZ#1695030",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695030"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0196",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0196"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0196",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0196"
},
{
"category": "external",
"summary": "http://www.apache.org/dist/httpd/CHANGES_2.4",
"url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-06-22T13:08:26+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2646"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_http2: read-after-free on a string compare"
},
{
"cve": "CVE-2019-0197",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2019-04-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1695042"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set \"H2Upgrade on\" are unaffected by this issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_http2: possible crash on late upgrade",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0197"
},
{
"category": "external",
"summary": "RHBZ#1695042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695042"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0197",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0197"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0197",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0197"
},
{
"category": "external",
"summary": "http://www.apache.org/dist/httpd/CHANGES_2.4",
"url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-06-22T13:08:26+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2646"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_http2: possible crash on late upgrade"
},
{
"cve": "CVE-2019-15903",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2019-09-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1752592"
}
],
"notes": [
{
"category": "description",
"text": "In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: heap-based buffer over-read via crafted XML input",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-15903"
},
{
"category": "external",
"summary": "RHBZ#1752592",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752592"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-15903",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15903"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15903",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15903"
}
],
"release_date": "2019-09-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-06-22T13:08:26+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2646"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat JBoss Core Services 1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "expat: heap-based buffer over-read via crafted XML input"
},
{
"cve": "CVE-2019-19956",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"discovery_date": "2020-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1788856"
}
],
"notes": [
{
"category": "description",
"text": "xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-\u003eoldNs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-19956"
},
{
"category": "external",
"summary": "RHBZ#1788856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788856"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-19956",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19956"
}
],
"release_date": "2020-01-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-06-22T13:08:26+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2646"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c"
},
{
"cve": "CVE-2019-20388",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2020-02-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1799734"
}
],
"notes": [
{
"category": "description",
"text": "A memory leak was found in the xmlSchemaValidateStream function of libxml2. Applications that use this library may be vulnerable to memory not being freed leading to a denial of service. System availability is the highest threat from this vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20388"
},
{
"category": "external",
"summary": "RHBZ#1799734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1799734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20388",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20388"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20388",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20388"
}
],
"release_date": "2020-01-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-06-22T13:08:26+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2646"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c"
},
{
"cve": "CVE-2020-1934",
"cwe": {
"id": "CWE-456",
"name": "Missing Initialization of a Variable"
},
"discovery_date": "2020-04-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1820772"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache\u0027s HTTP server (httpd) .The mod_proxy_ftp module may use uninitialized memory with proxying to a malicious FTP server. The highest threat from this vulnerability is to data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_proxy_ftp use of uninitialized value",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is caused by use of an uninitialized memory variable. Practically this has no impact, but in some corner cases it is possible that the contents of this variable could be read by a remote process, causing loss of confidentiality as a result of this. There is no evidence of code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1934"
},
{
"category": "external",
"summary": "RHBZ#1820772",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820772"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1934",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1934"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1934",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1934"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2020-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-06-22T13:08:26+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2646"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_proxy_ftp use of uninitialized value"
},
{
"cve": "CVE-2020-7595",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2020-02-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1799786"
}
],
"notes": [
{
"category": "description",
"text": "xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-7595"
},
{
"category": "external",
"summary": "RHBZ#1799786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1799786"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-7595",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7595"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7595",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7595"
}
],
"release_date": "2020-01-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-06-22T13:08:26+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2646"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations"
},
{
"acknowledgments": [
{
"names": [
"the Envoy security team"
]
}
],
"cve": "CVE-2020-11080",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2020-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1844929"
}
],
"notes": [
{
"category": "description",
"text": "A resource consumption vulnerability was found in nghttp2. This flaw allows an attacker to repeatedly construct an overly large HTTP/2 SETTINGS frame with a length of 14,400 bytes that causes excessive CPU usage, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nghttp2: overly large SETTINGS frames can lead to DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11080"
},
{
"category": "external",
"summary": "RHBZ#1844929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1844929"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11080",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11080"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11080",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11080"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr",
"url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr"
}
],
"release_date": "2020-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-06-22T13:08:26+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2646"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nghttp2: overly large SETTINGS frames can lead to DoS"
}
]
}
rhsa-2019_3935
Vulnerability from csaf_redhat
Published
2019-11-20 16:08
Modified
2024-11-05 21:37
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release
Notes
Topic
Red Hat JBoss Core Services Pack Apache Server 2.4.37 zip release
for RHEL 6, RHEL 7 and Microsoft Windows is available.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) * mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * mod_session_cookie does not respect expiry time (CVE-2018-17199) * mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) * mod_http2: possible crash on late upgrade (CVE-2019-0197) * mod_http2: read-after-free on a string compare (CVE-2019-0196) * nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) * mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Core Services Pack Apache Server 2.4.37 zip release\nfor RHEL 6, RHEL 7 and Microsoft Windows is available.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.\n\nThis release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) * mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * mod_session_cookie does not respect expiry time (CVE-2018-17199) * mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) * mod_http2: possible crash on late upgrade (CVE-2019-0197) * mod_http2: read-after-free on a string compare (CVE-2019-0196) * nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) * mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:3935",
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1568253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568253"
},
{
"category": "external",
"summary": "1644364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644364"
},
{
"category": "external",
"summary": "1645695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
},
{
"category": "external",
"summary": "1668493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668493"
},
{
"category": "external",
"summary": "1668497",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668497"
},
{
"category": "external",
"summary": "1695020",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695020"
},
{
"category": "external",
"summary": "1695030",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695030"
},
{
"category": "external",
"summary": "1695042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695042"
},
{
"category": "external",
"summary": "1735741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735741"
},
{
"category": "external",
"summary": "1741860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741860"
},
{
"category": "external",
"summary": "1741864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741864"
},
{
"category": "external",
"summary": "1741868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741868"
},
{
"category": "external",
"summary": "JBCS-798",
"url": "https://issues.redhat.com/browse/JBCS-798"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3935.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release",
"tracking": {
"current_release_date": "2024-11-05T21:37:29+00:00",
"generator": {
"date": "2024-11-05T21:37:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2019:3935",
"initial_release_date": "2019-11-20T16:08:18+00:00",
"revision_history": [
{
"date": "2019-11-20T16:08:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-01-06T13:01:52+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T21:37:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Core Services 1",
"product": {
"name": "Red Hat JBoss Core Services 1",
"product_id": "Red Hat JBoss Core Services 1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Core Services"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-0734",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2018-10-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1644364"
}
],
"notes": [
{
"category": "description",
"text": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: timing side channel attack in the DSA signature algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-0734"
},
{
"category": "external",
"summary": "RHBZ#1644364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644364"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-0734",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734"
}
],
"release_date": "2018-10-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: timing side channel attack in the DSA signature algorithm"
},
{
"cve": "CVE-2018-0737",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2018-04-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1568253"
}
],
"notes": [
{
"category": "description",
"text": "OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-0737"
},
{
"category": "external",
"summary": "RHBZ#1568253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568253"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-0737",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0737",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0737"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2018/04/16/3",
"url": "http://www.openwall.com/lists/oss-security/2018/04/16/3"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20180416.txt",
"url": "https://www.openssl.org/news/secadv/20180416.txt"
}
],
"release_date": "2018-04-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys"
},
{
"acknowledgments": [
{
"names": [
"Alejandro Cabrera Aldaya"
],
"organization": "Universidad Tecnologica de la Habana CUJAE; Cuba"
},
{
"names": [
"Billy Bob Brumley",
"Cesar Pereida Garcia",
"Sohaib ul Hassan"
]
},
{
"names": [
"Nicola Tuveri"
],
"organization": "Tampere University of Technology; Finland"
}
],
"cve": "CVE-2018-5407",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2018-11-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1645695"
}
],
"notes": [
{
"category": "description",
"text": "A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-5407"
},
{
"category": "external",
"summary": "RHBZ#1645695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-5407",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407"
},
{
"category": "external",
"summary": "https://github.com/bbbrumley/portsmash",
"url": "https://github.com/bbbrumley/portsmash"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20181112.txt",
"url": "https://www.openssl.org/news/secadv/20181112.txt"
}
],
"release_date": "2018-10-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"category": "workaround",
"details": "At this time Red Hat Engineering is working on patches for openssl package in Red Hat Enterprise Linux 7 to address this issue. Until fixes are available, users are advised to review the guidance supplied in the L1 Terminal Fault vulnerability article: https://access.redhat.com/security/vulnerabilities/L1TF and decide what their exposure across shared CPU threads are and act accordingly.",
"product_ids": [
"Red Hat JBoss Core Services 1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)"
},
{
"cve": "CVE-2018-17189",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668497"
}
],
"notes": [
{
"category": "description",
"text": "In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_http2: DoS via slow, unneeded request bodies",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-17189"
},
{
"category": "external",
"summary": "RHBZ#1668497",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668497"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-17189",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-17189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17189"
}
],
"release_date": "2019-01-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_http2: DoS via slow, unneeded request bodies"
},
{
"cve": "CVE-2018-17199",
"cwe": {
"id": "CWE-613",
"name": "Insufficient Session Expiration"
},
"discovery_date": "2019-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668493"
}
],
"notes": [
{
"category": "description",
"text": "In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_session_cookie does not respect expiry time",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-17199"
},
{
"category": "external",
"summary": "RHBZ#1668493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668493"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-17199",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17199"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-17199",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17199"
}
],
"release_date": "2019-01-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_session_cookie does not respect expiry time"
},
{
"cve": "CVE-2019-0196",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2019-04-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1695030"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_http2: read-after-free on a string compare",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0196"
},
{
"category": "external",
"summary": "RHBZ#1695030",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695030"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0196",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0196"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0196",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0196"
},
{
"category": "external",
"summary": "http://www.apache.org/dist/httpd/CHANGES_2.4",
"url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_http2: read-after-free on a string compare"
},
{
"cve": "CVE-2019-0197",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2019-04-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1695042"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set \"H2Upgrade on\" are unaffected by this issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_http2: possible crash on late upgrade",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0197"
},
{
"category": "external",
"summary": "RHBZ#1695042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695042"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0197",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0197"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0197",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0197"
},
{
"category": "external",
"summary": "http://www.apache.org/dist/httpd/CHANGES_2.4",
"url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_http2: possible crash on late upgrade"
},
{
"cve": "CVE-2019-0217",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2019-04-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1695020"
}
],
"notes": [
{
"category": "description",
"text": "A race condition was found in mod_auth_digest when the web server was running in a threaded MPM configuration. It could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_auth_digest: access control bypass due to race condition",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Based on the the fact that digest authentication is rarely used in modern day web applications and httpd package shipped with Red Hat products do not ship threaded MPM configuration by default, this flaw has been rated as having Moderate level security impact. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This flaw has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0217"
},
{
"category": "external",
"summary": "RHBZ#1695020",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695020"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0217"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0217",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0217"
},
{
"category": "external",
"summary": "http://www.apache.org/dist/httpd/CHANGES_2.4",
"url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"category": "workaround",
"details": "This flaw only affects a threaded server configuration, so using the prefork MPM is an effective mitigation. In versions of httpd package shipped with Red Hat Enterprise Linux 7, the prefork MPM is the default configuration.",
"product_ids": [
"Red Hat JBoss Core Services 1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_auth_digest: access control bypass due to race condition"
},
{
"cve": "CVE-2019-9511",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1741860"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: large amount of data requests leads to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "There are no mitigations available for nghttp2 and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9511"
},
{
"category": "external",
"summary": "RHBZ#1741860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741860"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9511",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9511"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/605641/",
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/",
"url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/"
}
],
"release_date": "2019-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"category": "workaround",
"details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3",
"product_ids": [
"Red Hat JBoss Core Services 1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: large amount of data requests leads to denial of service"
},
{
"acknowledgments": [
{
"names": [
"the Envoy security team"
]
}
],
"cve": "CVE-2019-9513",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1735741"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: flood using PRIORITY frames results in excessive resource consumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has no available mitigation for packages nghttp2 and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9513"
},
{
"category": "external",
"summary": "RHBZ#1735741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9513",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9513"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/",
"url": "https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/",
"url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/"
}
],
"release_date": "2019-08-13T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"category": "workaround",
"details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3",
"product_ids": [
"Red Hat JBoss Core Services 1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: flood using PRIORITY frames results in excessive resource consumption"
},
{
"cve": "CVE-2019-9516",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1741864"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. An attacker, sending a stream of header with a 0-length header name and a 0-length header value, could cause some implementations to allocate memory for these headers and keep the allocations alive until the session dies. The can consume excess memory, potentially leading to a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: 0-length headers lead to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9516"
},
{
"category": "external",
"summary": "RHBZ#1741864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741864"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9516",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9516"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/issues/1382#",
"url": "https://github.com/nghttp2/nghttp2/issues/1382#"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/605641/",
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/",
"url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/"
}
],
"release_date": "2019-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"category": "workaround",
"details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3",
"product_ids": [
"Red Hat JBoss Core Services 1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: 0-length headers lead to denial of service"
},
{
"cve": "CVE-2019-9517",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1741868"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in HTTP/2. An attacker can open a HTTP/2 window so the peer can send without constraint. The TCP window remains closed so the peer cannot write the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the server\u0027s queue is setup, the responses can consume excess memory, CPU, or both, potentially leading to a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: request for large response leads to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The package httpd versions as shipped with Red Hat Enterprise Linux 5, 6 and 7 are not affected by this issue as HTTP/2 support is not provided.\nThis flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9517"
},
{
"category": "external",
"summary": "RHBZ#1741868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9517",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9517"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/605641/",
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
}
],
"release_date": "2019-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:08:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"category": "workaround",
"details": "The httpd version shipped with Red Hat Enterprise Linux 8 provides HTTP/2 support through mod_http2 package. While mod_http2 package is not updated, users can disable HTTP/2 support as mitigation action by executing the following steps:\n\n1. Stop httpd service:\n$ systemctl stop httpd\n\n2. Remove http/2 protocol support from configuration files:\n$ sed -i \u0027s/\\(h2\\)\\|\\(h2c\\)//g\u0027 \u003chttpd_config_file\u003e\n\n3. Validate configuration files to make sure all syntax is valid:\n$ apachectl configtest\n\n4. Restart httpd service:\n$ systemctl start httpd",
"product_ids": [
"Red Hat JBoss Core Services 1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: request for large response leads to denial of service"
}
]
}
rhsa-2019_3933
Vulnerability from csaf_redhat
Published
2019-11-20 16:14
Modified
2024-11-05 21:36
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 7
Notes
Topic
An update is now available for JBoss Core Services on RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737)
* openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734)
* mod_auth_digest: access control bypass due to race condition (CVE-2019-0217)
* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)
* mod_session_cookie does not respect expiry time (CVE-2018-17199)
* mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189)
* mod_http2: possible crash on late upgrade (CVE-2019-0197)
* mod_http2: read-after-free on a string compare (CVE-2019-0196)
* nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511)
* nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)
* mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)
* mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for JBoss Core Services on RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737)\n* openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734)\n* mod_auth_digest: access control bypass due to race condition (CVE-2019-0217)\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)\n* mod_session_cookie does not respect expiry time (CVE-2018-17199)\n* mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189)\n* mod_http2: possible crash on late upgrade (CVE-2019-0197)\n* mod_http2: read-after-free on a string compare (CVE-2019-0196)\n* nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511)\n* nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)\n* mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)\n* mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:3933",
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1568253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568253"
},
{
"category": "external",
"summary": "1644364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644364"
},
{
"category": "external",
"summary": "1645695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
},
{
"category": "external",
"summary": "1668493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668493"
},
{
"category": "external",
"summary": "1668497",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668497"
},
{
"category": "external",
"summary": "1695020",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695020"
},
{
"category": "external",
"summary": "1695030",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695030"
},
{
"category": "external",
"summary": "1695042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695042"
},
{
"category": "external",
"summary": "1735741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735741"
},
{
"category": "external",
"summary": "1741860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741860"
},
{
"category": "external",
"summary": "1741864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741864"
},
{
"category": "external",
"summary": "1741868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741868"
},
{
"category": "external",
"summary": "JBCS-798",
"url": "https://issues.redhat.com/browse/JBCS-798"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3933.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 7",
"tracking": {
"current_release_date": "2024-11-05T21:36:45+00:00",
"generator": {
"date": "2024-11-05T21:36:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2019:3933",
"initial_release_date": "2019-11-20T16:14:21+00:00",
"revision_history": [
{
"date": "2019-11-20T16:14:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-01-06T13:04:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T21:36:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Core Services on RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:1::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Core Services"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-jansson@2.11-20.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-jansson-devel@2.11-20.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-jansson-debuginfo@2.11-20.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-63.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.6.3-63.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.6.3-63.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1-25.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.1.1-25.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.1.1-25.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.1.1-25.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.1.1-25.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.1.1-25.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-48.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-48.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-48.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-48.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-48.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-48.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-48.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-48.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-48.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-48.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-brotli@1.0.6-7.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-brotli-devel@1.0.6-7.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-brotli-debuginfo@1.0.6-7.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.39.2-4.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.39.2-4.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.39.2-4.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-curl@7.64.1-14.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl@7.64.1-14.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl-devel@7.64.1-14.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-curl-debuginfo@7.64.1-14.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.37-33.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.37-33.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.37-33.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.37-33.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.37-33.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.4.37-33.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.37-33.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.37-33.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.37-33.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.37-33.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.46-22.redhat_1.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-manual@1.2.46-22.redhat_1.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.46-22.redhat_1.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.12-9.Final_redhat_2.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.12-9.Final_redhat_2.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.2-16.GA.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.2-16.GA.jbcs.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"product_id": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-jansson@2.11-20.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"product_id": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-63.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"product_id": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1-25.jbcs.el7?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"product_id": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-48.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"product_id": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-brotli@1.0.6-7.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"product_id": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.39.2-4.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"product_id": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-curl@7.64.1-14.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"product_id": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.37-33.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"product_id": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.46-22.redhat_1.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.12-9.Final_redhat_2.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"product_id": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.2-16.GA.jbcs.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"product": {
"name": "jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"product_id": "jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.37-33.jbcs.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch"
},
"product_reference": "jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-0734",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2018-10-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1644364"
}
],
"notes": [
{
"category": "description",
"text": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: timing side channel attack in the DSA signature algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-0734"
},
{
"category": "external",
"summary": "RHBZ#1644364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644364"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-0734",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734"
}
],
"release_date": "2018-10-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:14:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: timing side channel attack in the DSA signature algorithm"
},
{
"cve": "CVE-2018-0737",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2018-04-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1568253"
}
],
"notes": [
{
"category": "description",
"text": "OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-0737"
},
{
"category": "external",
"summary": "RHBZ#1568253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568253"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-0737",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0737",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0737"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2018/04/16/3",
"url": "http://www.openwall.com/lists/oss-security/2018/04/16/3"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20180416.txt",
"url": "https://www.openssl.org/news/secadv/20180416.txt"
}
],
"release_date": "2018-04-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:14:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys"
},
{
"acknowledgments": [
{
"names": [
"Alejandro Cabrera Aldaya"
],
"organization": "Universidad Tecnologica de la Habana CUJAE; Cuba"
},
{
"names": [
"Billy Bob Brumley",
"Cesar Pereida Garcia",
"Sohaib ul Hassan"
]
},
{
"names": [
"Nicola Tuveri"
],
"organization": "Tampere University of Technology; Finland"
}
],
"cve": "CVE-2018-5407",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2018-11-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1645695"
}
],
"notes": [
{
"category": "description",
"text": "A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-5407"
},
{
"category": "external",
"summary": "RHBZ#1645695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-5407",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407"
},
{
"category": "external",
"summary": "https://github.com/bbbrumley/portsmash",
"url": "https://github.com/bbbrumley/portsmash"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20181112.txt",
"url": "https://www.openssl.org/news/secadv/20181112.txt"
}
],
"release_date": "2018-10-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:14:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"category": "workaround",
"details": "At this time Red Hat Engineering is working on patches for openssl package in Red Hat Enterprise Linux 7 to address this issue. Until fixes are available, users are advised to review the guidance supplied in the L1 Terminal Fault vulnerability article: https://access.redhat.com/security/vulnerabilities/L1TF and decide what their exposure across shared CPU threads are and act accordingly.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)"
},
{
"cve": "CVE-2018-17189",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668497"
}
],
"notes": [
{
"category": "description",
"text": "In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_http2: DoS via slow, unneeded request bodies",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-17189"
},
{
"category": "external",
"summary": "RHBZ#1668497",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668497"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-17189",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-17189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17189"
}
],
"release_date": "2019-01-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:14:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_http2: DoS via slow, unneeded request bodies"
},
{
"cve": "CVE-2018-17199",
"cwe": {
"id": "CWE-613",
"name": "Insufficient Session Expiration"
},
"discovery_date": "2019-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668493"
}
],
"notes": [
{
"category": "description",
"text": "In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_session_cookie does not respect expiry time",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-17199"
},
{
"category": "external",
"summary": "RHBZ#1668493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668493"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-17199",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17199"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-17199",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17199"
}
],
"release_date": "2019-01-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:14:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_session_cookie does not respect expiry time"
},
{
"cve": "CVE-2019-0196",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2019-04-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1695030"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_http2: read-after-free on a string compare",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0196"
},
{
"category": "external",
"summary": "RHBZ#1695030",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695030"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0196",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0196"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0196",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0196"
},
{
"category": "external",
"summary": "http://www.apache.org/dist/httpd/CHANGES_2.4",
"url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:14:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_http2: read-after-free on a string compare"
},
{
"cve": "CVE-2019-0197",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2019-04-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1695042"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set \"H2Upgrade on\" are unaffected by this issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_http2: possible crash on late upgrade",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0197"
},
{
"category": "external",
"summary": "RHBZ#1695042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695042"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0197",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0197"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0197",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0197"
},
{
"category": "external",
"summary": "http://www.apache.org/dist/httpd/CHANGES_2.4",
"url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:14:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_http2: possible crash on late upgrade"
},
{
"cve": "CVE-2019-0217",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2019-04-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1695020"
}
],
"notes": [
{
"category": "description",
"text": "A race condition was found in mod_auth_digest when the web server was running in a threaded MPM configuration. It could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_auth_digest: access control bypass due to race condition",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Based on the the fact that digest authentication is rarely used in modern day web applications and httpd package shipped with Red Hat products do not ship threaded MPM configuration by default, this flaw has been rated as having Moderate level security impact. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This flaw has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0217"
},
{
"category": "external",
"summary": "RHBZ#1695020",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695020"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0217"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0217",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0217"
},
{
"category": "external",
"summary": "http://www.apache.org/dist/httpd/CHANGES_2.4",
"url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:14:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"category": "workaround",
"details": "This flaw only affects a threaded server configuration, so using the prefork MPM is an effective mitigation. In versions of httpd package shipped with Red Hat Enterprise Linux 7, the prefork MPM is the default configuration.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_auth_digest: access control bypass due to race condition"
},
{
"cve": "CVE-2019-9511",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1741860"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: large amount of data requests leads to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "There are no mitigations available for nghttp2 and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9511"
},
{
"category": "external",
"summary": "RHBZ#1741860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741860"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9511",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9511"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/605641/",
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/",
"url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/"
}
],
"release_date": "2019-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:14:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"category": "workaround",
"details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: large amount of data requests leads to denial of service"
},
{
"acknowledgments": [
{
"names": [
"the Envoy security team"
]
}
],
"cve": "CVE-2019-9513",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1735741"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: flood using PRIORITY frames results in excessive resource consumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has no available mitigation for packages nghttp2 and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9513"
},
{
"category": "external",
"summary": "RHBZ#1735741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9513",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9513"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/",
"url": "https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/",
"url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/"
}
],
"release_date": "2019-08-13T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:14:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"category": "workaround",
"details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: flood using PRIORITY frames results in excessive resource consumption"
},
{
"cve": "CVE-2019-9516",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1741864"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. An attacker, sending a stream of header with a 0-length header name and a 0-length header value, could cause some implementations to allocate memory for these headers and keep the allocations alive until the session dies. The can consume excess memory, potentially leading to a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: 0-length headers lead to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9516"
},
{
"category": "external",
"summary": "RHBZ#1741864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741864"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9516",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9516"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/issues/1382#",
"url": "https://github.com/nghttp2/nghttp2/issues/1382#"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/605641/",
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/",
"url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/"
}
],
"release_date": "2019-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:14:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"category": "workaround",
"details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: 0-length headers lead to denial of service"
},
{
"cve": "CVE-2019-9517",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1741868"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in HTTP/2. An attacker can open a HTTP/2 window so the peer can send without constraint. The TCP window remains closed so the peer cannot write the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the server\u0027s queue is setup, the responses can consume excess memory, CPU, or both, potentially leading to a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: request for large response leads to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The package httpd versions as shipped with Red Hat Enterprise Linux 5, 6 and 7 are not affected by this issue as HTTP/2 support is not provided.\nThis flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9517"
},
{
"category": "external",
"summary": "RHBZ#1741868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9517",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9517"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/605641/",
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
}
],
"release_date": "2019-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:14:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"category": "workaround",
"details": "The httpd version shipped with Red Hat Enterprise Linux 8 provides HTTP/2 support through mod_http2 package. While mod_http2 package is not updated, users can disable HTTP/2 support as mitigation action by executing the following steps:\n\n1. Stop httpd service:\n$ systemctl stop httpd\n\n2. Remove http/2 protocol support from configuration files:\n$ sed -i \u0027s/\\(h2\\)\\|\\(h2c\\)//g\u0027 \u003chttpd_config_file\u003e\n\n3. Validate configuration files to make sure all syntax is valid:\n$ apachectl configtest\n\n4. Restart httpd service:\n$ systemctl start httpd",
"product_ids": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: request for large response leads to denial of service"
}
]
}
rhsa-2020_2644
Vulnerability from csaf_redhat
Published
2020-06-22 12:28
Modified
2024-11-05 22:22
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 security update
Notes
Topic
Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release adds the new Apache HTTP Server 2.4.37 Service Pack 3 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 2 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.
Security fix(es):
* httpd: mod_http2: read-after-free on a string compare (CVE-2019-0196)
* httpd: mod_http2: possible crash on late upgrade (CVE-2019-0197)
* httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934)
* nghttp2: overly large SETTINGS frames can lead to DoS (CVE-2020-11080)
* libxml2: There's a memory leak in xmlParseBalancedChunkMemoryRecover in parser.c that could result in a crash (CVE-2019-19956)
* libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c (CVE-2019-20388)
* libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations (CVE-2020-7595)
* expat: large number of colons in input makes parser consume high amount of resources, leading to DoS (CVE-2018-20843)
* expat: heap-based buffer over-read via crafted XML input (CVE-2019-15903)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release adds the new Apache HTTP Server 2.4.37 Service Pack 3 packages that are part of the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 2 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.\n\nSecurity fix(es):\n\n* httpd: mod_http2: read-after-free on a string compare (CVE-2019-0196)\n* httpd: mod_http2: possible crash on late upgrade (CVE-2019-0197)\n* httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934)\n* nghttp2: overly large SETTINGS frames can lead to DoS (CVE-2020-11080)\n* libxml2: There\u0027s a memory leak in xmlParseBalancedChunkMemoryRecover in parser.c that could result in a crash (CVE-2019-19956)\n* libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c (CVE-2019-20388)\n* libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations (CVE-2020-7595)\n* expat: large number of colons in input makes parser consume high amount of resources, leading to DoS (CVE-2018-20843)\n* expat: heap-based buffer over-read via crafted XML input (CVE-2019-15903)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:2644",
"url": "https://access.redhat.com/errata/RHSA-2020:2644"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1695030",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695030"
},
{
"category": "external",
"summary": "1695042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695042"
},
{
"category": "external",
"summary": "1723723",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1723723"
},
{
"category": "external",
"summary": "1752592",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752592"
},
{
"category": "external",
"summary": "1788856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788856"
},
{
"category": "external",
"summary": "1799734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1799734"
},
{
"category": "external",
"summary": "1799786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1799786"
},
{
"category": "external",
"summary": "1820772",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820772"
},
{
"category": "external",
"summary": "1844929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1844929"
},
{
"category": "external",
"summary": "JBCS-941",
"url": "https://issues.redhat.com/browse/JBCS-941"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_2644.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 security update",
"tracking": {
"current_release_date": "2024-11-05T22:22:06+00:00",
"generator": {
"date": "2024-11-05T22:22:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2020:2644",
"initial_release_date": "2020-06-22T12:28:02+00:00",
"revision_history": [
{
"date": "2020-06-22T12:28:02+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-06-22T12:28:02+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T22:22:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Core Services on RHEL 6 Server",
"product": {
"name": "Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:1::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Core Services on RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:1::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Core Services"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.i686",
"product_id": "jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.39.2-25.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.i686",
"product_id": "jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.39.2-25.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.i686",
"product_id": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.39.2-25.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.i686",
"product_id": "jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-curl@7.64.1-36.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.i686",
"product_id": "jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl@7.64.1-36.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.i686",
"product_id": "jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl-devel@7.64.1-36.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.i686",
"product_id": "jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-curl-debuginfo@7.64.1-36.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.37-57.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.37-57.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.37-57.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.37-57.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.37-57.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.37-57.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.37-57.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.37-57.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.37-57.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.7-3.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2-debuginfo@1.15.7-3.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.48-4.redhat_1.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-manual@1.2.48-4.redhat_1.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.48-4.redhat_1.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.0.8-24.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md-debuginfo@2.0.8-24.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.2-51.GA.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.2-51.GA.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.14-4.Final_redhat_2.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.14-4.Final_redhat_2.jbcs.el6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.39.2-25.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.39.2-25.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.39.2-25.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-curl@7.64.1-36.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl@7.64.1-36.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl-devel@7.64.1-36.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-curl-debuginfo@7.64.1-36.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.37-57.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.37-57.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.37-57.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.37-57.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.37-57.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.37-57.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.37-57.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.37-57.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.37-57.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.7-3.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2-debuginfo@1.15.7-3.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.48-4.redhat_1.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-manual@1.2.48-4.redhat_1.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.48-4.redhat_1.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.0.8-24.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md-debuginfo@2.0.8-24.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.2-51.GA.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.2-51.GA.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.14-4.Final_redhat_2.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.14-4.Final_redhat_2.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.39.2-25.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.39.2-25.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.39.2-25.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-curl@7.64.1-36.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl@7.64.1-36.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl-devel@7.64.1-36.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-curl-debuginfo@7.64.1-36.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.37-57.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.37-57.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.37-57.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.37-57.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.37-57.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.37-57.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.37-57.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.37-57.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.37-57.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11@0.4.10-7.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11-debuginfo@0.4.10-7.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.7-3.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2-debuginfo@1.15.7-3.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.48-4.redhat_1.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-manual@1.2.48-4.redhat_1.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.48-4.redhat_1.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.0.8-24.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md-debuginfo@2.0.8-24.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.2-51.GA.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.2-51.GA.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.14-4.Final_redhat_2.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.14-4.Final_redhat_2.jbcs.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.src",
"product_id": "jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.39.2-25.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.src",
"product_id": "jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-curl@7.64.1-36.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.src",
"product_id": "jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.37-57.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.src",
"product_id": "jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.7-3.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el6.src",
"product_id": "jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.48-4.redhat_1.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.src",
"product_id": "jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.0.8-24.jbcs.el6?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.src",
"product_id": "jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.2-51.GA.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.src",
"product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.14-4.Final_redhat_2.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.src",
"product_id": "jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.39.2-25.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.src",
"product_id": "jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-curl@7.64.1-36.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.src",
"product_id": "jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.37-57.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.src",
"product_id": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11@0.4.10-7.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.src",
"product_id": "jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.7-3.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el7.src",
"product_id": "jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.48-4.redhat_1.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.src",
"product_id": "jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.0.8-24.jbcs.el7?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.src",
"product_id": "jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.2-51.GA.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.src",
"product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.14-4.Final_redhat_2.jbcs.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6.noarch",
"product": {
"name": "jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6.noarch",
"product_id": "jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.37-57.jbcs.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7.noarch",
"product": {
"name": "jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7.noarch",
"product_id": "jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.37-57.jbcs.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6.noarch as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6.noarch"
},
"product_reference": "jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6.noarch",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7.noarch as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7.noarch"
},
"product_reference": "jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7.noarch",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-20843",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-06-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1723723"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the \"setElementTypePrefix()\" function incorrectly extracted XML namespace prefixes. By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: large number of colons in input makes parser consume high amount of resources, leading to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "When processing a specially crafted XML file, expat may use more memory than ultimately necessary, which can also lead to increased CPU usage and longer processing times. Depending on available system resources and configuration, this may also lead to the application triggering the Out-Of-Memory-Killer, causing the application to be terminated.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-20843"
},
{
"category": "external",
"summary": "RHBZ#1723723",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1723723"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-20843",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20843"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-20843",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20843"
},
{
"category": "external",
"summary": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031"
}
],
"release_date": "2019-06-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-06-22T12:28:02+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2644"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: large number of colons in input makes parser consume high amount of resources, leading to DoS"
},
{
"cve": "CVE-2019-0196",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2019-04-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1695030"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_http2: read-after-free on a string compare",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0196"
},
{
"category": "external",
"summary": "RHBZ#1695030",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695030"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0196",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0196"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0196",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0196"
},
{
"category": "external",
"summary": "http://www.apache.org/dist/httpd/CHANGES_2.4",
"url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-06-22T12:28:02+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2644"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_http2: read-after-free on a string compare"
},
{
"cve": "CVE-2019-0197",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2019-04-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1695042"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set \"H2Upgrade on\" are unaffected by this issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_http2: possible crash on late upgrade",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0197"
},
{
"category": "external",
"summary": "RHBZ#1695042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695042"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0197",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0197"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0197",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0197"
},
{
"category": "external",
"summary": "http://www.apache.org/dist/httpd/CHANGES_2.4",
"url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-06-22T12:28:02+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2644"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_http2: possible crash on late upgrade"
},
{
"cve": "CVE-2019-15903",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2019-09-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1752592"
}
],
"notes": [
{
"category": "description",
"text": "In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: heap-based buffer over-read via crafted XML input",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-15903"
},
{
"category": "external",
"summary": "RHBZ#1752592",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752592"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-15903",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15903"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15903",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15903"
}
],
"release_date": "2019-09-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-06-22T12:28:02+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2644"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "expat: heap-based buffer over-read via crafted XML input"
},
{
"cve": "CVE-2019-19956",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"discovery_date": "2020-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1788856"
}
],
"notes": [
{
"category": "description",
"text": "xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-\u003eoldNs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-19956"
},
{
"category": "external",
"summary": "RHBZ#1788856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788856"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-19956",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19956"
}
],
"release_date": "2020-01-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-06-22T12:28:02+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2644"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c"
},
{
"cve": "CVE-2019-20388",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2020-02-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1799734"
}
],
"notes": [
{
"category": "description",
"text": "A memory leak was found in the xmlSchemaValidateStream function of libxml2. Applications that use this library may be vulnerable to memory not being freed leading to a denial of service. System availability is the highest threat from this vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20388"
},
{
"category": "external",
"summary": "RHBZ#1799734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1799734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20388",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20388"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20388",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20388"
}
],
"release_date": "2020-01-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-06-22T12:28:02+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2644"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c"
},
{
"cve": "CVE-2020-1934",
"cwe": {
"id": "CWE-456",
"name": "Missing Initialization of a Variable"
},
"discovery_date": "2020-04-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1820772"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache\u0027s HTTP server (httpd) .The mod_proxy_ftp module may use uninitialized memory with proxying to a malicious FTP server. The highest threat from this vulnerability is to data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_proxy_ftp use of uninitialized value",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is caused by use of an uninitialized memory variable. Practically this has no impact, but in some corner cases it is possible that the contents of this variable could be read by a remote process, causing loss of confidentiality as a result of this. There is no evidence of code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1934"
},
{
"category": "external",
"summary": "RHBZ#1820772",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820772"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1934",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1934"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1934",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1934"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2020-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-06-22T12:28:02+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2644"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_proxy_ftp use of uninitialized value"
},
{
"cve": "CVE-2020-7595",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2020-02-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1799786"
}
],
"notes": [
{
"category": "description",
"text": "xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-7595"
},
{
"category": "external",
"summary": "RHBZ#1799786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1799786"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-7595",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7595"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7595",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7595"
}
],
"release_date": "2020-01-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-06-22T12:28:02+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2644"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations"
},
{
"acknowledgments": [
{
"names": [
"the Envoy security team"
]
}
],
"cve": "CVE-2020-11080",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2020-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1844929"
}
],
"notes": [
{
"category": "description",
"text": "A resource consumption vulnerability was found in nghttp2. This flaw allows an attacker to repeatedly construct an overly large HTTP/2 SETTINGS frame with a length of 14,400 bytes that causes excessive CPU usage, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nghttp2: overly large SETTINGS frames can lead to DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11080"
},
{
"category": "external",
"summary": "RHBZ#1844929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1844929"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11080",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11080"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11080",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11080"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr",
"url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr"
}
],
"release_date": "2020-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-06-22T12:28:02+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2644"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nghttp2: overly large SETTINGS frames can lead to DoS"
}
]
}
rhsa-2020_4751
Vulnerability from csaf_redhat
Published
2020-11-04 01:44
Modified
2024-11-05 22:56
Summary
Red Hat Security Advisory: httpd:2.4 security, bug fix, and enhancement update
Notes
Topic
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
The following packages have been upgraded to a later upstream version: mod_http2 (1.15.7). (BZ#1814236)
Security Fix(es):
* httpd: memory corruption on early pushes (CVE-2019-10081)
* httpd: read-after-free in h2 connection shutdown (CVE-2019-10082)
* httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097)
* httpd: mod_rewrite configurations vulnerable to open redirect (CVE-2020-1927)
* httpd: mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189)
* httpd: mod_http2: read-after-free on a string compare (CVE-2019-0196)
* httpd: mod_http2: possible crash on late upgrade (CVE-2019-0197)
* httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092)
* httpd: mod_rewrite potential open redirect (CVE-2019-10098)
* httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nThe following packages have been upgraded to a later upstream version: mod_http2 (1.15.7). (BZ#1814236)\n\nSecurity Fix(es):\n\n* httpd: memory corruption on early pushes (CVE-2019-10081)\n\n* httpd: read-after-free in h2 connection shutdown (CVE-2019-10082)\n\n* httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097)\n\n* httpd: mod_rewrite configurations vulnerable to open redirect (CVE-2020-1927)\n\n* httpd: mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189)\n\n* httpd: mod_http2: read-after-free on a string compare (CVE-2019-0196)\n\n* httpd: mod_http2: possible crash on late upgrade (CVE-2019-0197)\n\n* httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092)\n\n* httpd: mod_rewrite potential open redirect (CVE-2019-10098)\n\n* httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:4751",
"url": "https://access.redhat.com/errata/RHSA-2020:4751"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/"
},
{
"category": "external",
"summary": "1209162",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1209162"
},
{
"category": "external",
"summary": "1668497",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668497"
},
{
"category": "external",
"summary": "1695030",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695030"
},
{
"category": "external",
"summary": "1695042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695042"
},
{
"category": "external",
"summary": "1743956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743956"
},
{
"category": "external",
"summary": "1743959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743959"
},
{
"category": "external",
"summary": "1743966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743966"
},
{
"category": "external",
"summary": "1743974",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743974"
},
{
"category": "external",
"summary": "1743996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743996"
},
{
"category": "external",
"summary": "1771847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1771847"
},
{
"category": "external",
"summary": "1814236",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1814236"
},
{
"category": "external",
"summary": "1820761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820761"
},
{
"category": "external",
"summary": "1820772",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820772"
},
{
"category": "external",
"summary": "1832844",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1832844"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4751.json"
}
],
"title": "Red Hat Security Advisory: httpd:2.4 security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-05T22:56:17+00:00",
"generator": {
"date": "2024-11-05T22:56:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2020:4751",
"initial_release_date": "2020-11-04T01:44:47+00:00",
"revision_history": [
{
"date": "2020-11-04T01:44:47+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-11-04T01:44:47+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T22:56:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd:2.4:8030020200818000036:30b713e6",
"product": {
"name": "httpd:2.4:8030020200818000036:30b713e6",
"product_id": "httpd:2.4:8030020200818000036:30b713e6",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/httpd@2.4:8030020200818000036:30b713e6"
}
}
},
{
"category": "product_version",
"name": "httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"product": {
"name": "httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"product_id": "httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-filesystem@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"product": {
"name": "httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"product_id": "httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-manual@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"product": {
"name": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"product_id": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=src"
}
}
},
{
"category": "product_version",
"name": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"product": {
"name": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"product_id": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_http2@1.15.7-2.module%2Bel8.3.0%2B7670%2B8bf57d29?arch=src"
}
}
},
{
"category": "product_version",
"name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"product": {
"name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"product_id": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_md@2.0.8-8.module%2Bel8.3.0%2B6814%2B67d1e611?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product": {
"name": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_id": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product": {
"name": "httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_id": "httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product": {
"name": "httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_id": "httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debugsource@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product": {
"name": "httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_id": "httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product": {
"name": "httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_id": "httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product": {
"name": "httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_id": "httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"product": {
"name": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"product_id": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_http2@1.15.7-2.module%2Bel8.3.0%2B7670%2B8bf57d29?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"product": {
"name": "mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"product_id": "mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_http2-debuginfo@1.15.7-2.module%2Bel8.3.0%2B7670%2B8bf57d29?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"product": {
"name": "mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"product_id": "mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_http2-debugsource@1.15.7-2.module%2Bel8.3.0%2B7670%2B8bf57d29?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product": {
"name": "mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_id": "mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product": {
"name": "mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_id": "mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"product": {
"name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"product_id": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_md@2.0.8-8.module%2Bel8.3.0%2B6814%2B67d1e611?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"product": {
"name": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"product_id": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_md-debuginfo@2.0.8-8.module%2Bel8.3.0%2B6814%2B67d1e611?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"product": {
"name": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"product_id": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_md-debugsource@2.0.8-8.module%2Bel8.3.0%2B6814%2B67d1e611?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product": {
"name": "mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_id": "mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product": {
"name": "mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_id": "mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product": {
"name": "mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_id": "mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product": {
"name": "mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_id": "mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product": {
"name": "mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_id": "mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product": {
"name": "mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_id": "mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product": {
"name": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_id": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product": {
"name": "httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_id": "httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product": {
"name": "httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_id": "httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debugsource@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product": {
"name": "httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_id": "httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product": {
"name": "httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_id": "httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product": {
"name": "httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_id": "httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"product": {
"name": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"product_id": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_http2@1.15.7-2.module%2Bel8.3.0%2B7670%2B8bf57d29?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"product": {
"name": "mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"product_id": "mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_http2-debuginfo@1.15.7-2.module%2Bel8.3.0%2B7670%2B8bf57d29?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"product": {
"name": "mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"product_id": "mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_http2-debugsource@1.15.7-2.module%2Bel8.3.0%2B7670%2B8bf57d29?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product": {
"name": "mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_id": "mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product": {
"name": "mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_id": "mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"product": {
"name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"product_id": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_md@2.0.8-8.module%2Bel8.3.0%2B6814%2B67d1e611?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"product": {
"name": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"product_id": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_md-debuginfo@2.0.8-8.module%2Bel8.3.0%2B6814%2B67d1e611?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"product": {
"name": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"product_id": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_md-debugsource@2.0.8-8.module%2Bel8.3.0%2B6814%2B67d1e611?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product": {
"name": "mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_id": "mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product": {
"name": "mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_id": "mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product": {
"name": "mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_id": "mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product": {
"name": "mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_id": "mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product": {
"name": "mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_id": "mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product": {
"name": "mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_id": "mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product": {
"name": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_id": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product": {
"name": "httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_id": "httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product": {
"name": "httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_id": "httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debugsource@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product": {
"name": "httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_id": "httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product": {
"name": "httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_id": "httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product": {
"name": "httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_id": "httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"product": {
"name": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"product_id": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_http2@1.15.7-2.module%2Bel8.3.0%2B7670%2B8bf57d29?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"product": {
"name": "mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"product_id": "mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_http2-debuginfo@1.15.7-2.module%2Bel8.3.0%2B7670%2B8bf57d29?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"product": {
"name": "mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"product_id": "mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_http2-debugsource@1.15.7-2.module%2Bel8.3.0%2B7670%2B8bf57d29?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product": {
"name": "mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_id": "mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product": {
"name": "mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_id": "mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"product": {
"name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"product_id": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_md@2.0.8-8.module%2Bel8.3.0%2B6814%2B67d1e611?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"product": {
"name": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"product_id": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_md-debuginfo@2.0.8-8.module%2Bel8.3.0%2B6814%2B67d1e611?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"product": {
"name": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"product_id": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_md-debugsource@2.0.8-8.module%2Bel8.3.0%2B6814%2B67d1e611?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product": {
"name": "mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_id": "mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product": {
"name": "mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_id": "mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product": {
"name": "mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_id": "mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product": {
"name": "mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_id": "mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product": {
"name": "mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_id": "mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product": {
"name": "mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_id": "mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product": {
"name": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_id": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product": {
"name": "httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_id": "httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product": {
"name": "httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_id": "httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debugsource@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product": {
"name": "httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_id": "httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product": {
"name": "httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_id": "httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product": {
"name": "httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_id": "httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"product": {
"name": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"product_id": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_http2@1.15.7-2.module%2Bel8.3.0%2B7670%2B8bf57d29?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"product": {
"name": "mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"product_id": "mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_http2-debuginfo@1.15.7-2.module%2Bel8.3.0%2B7670%2B8bf57d29?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"product": {
"name": "mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"product_id": "mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_http2-debugsource@1.15.7-2.module%2Bel8.3.0%2B7670%2B8bf57d29?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product": {
"name": "mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_id": "mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product": {
"name": "mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_id": "mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"product": {
"name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"product_id": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_md@2.0.8-8.module%2Bel8.3.0%2B6814%2B67d1e611?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"product": {
"name": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"product_id": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_md-debuginfo@2.0.8-8.module%2Bel8.3.0%2B6814%2B67d1e611?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"product": {
"name": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"product_id": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_md-debugsource@2.0.8-8.module%2Bel8.3.0%2B6814%2B67d1e611?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product": {
"name": "mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_id": "mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product": {
"name": "mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_id": "mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product": {
"name": "mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_id": "mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product": {
"name": "mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_id": "mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product": {
"name": "mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_id": "mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product": {
"name": "mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_id": "mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
"product_reference": "httpd:2.4:8030020200818000036:30b713e6",
"relates_to_product_reference": "AppStream-8.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64"
},
"product_reference": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le"
},
"product_reference": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x"
},
"product_reference": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src"
},
"product_reference": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
},
"product_reference": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64"
},
"product_reference": "httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le"
},
"product_reference": "httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x"
},
"product_reference": "httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64"
},
"product_reference": "httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le"
},
"product_reference": "httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x"
},
"product_reference": "httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
},
"product_reference": "httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64"
},
"product_reference": "httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le"
},
"product_reference": "httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x"
},
"product_reference": "httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
},
"product_reference": "httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch"
},
"product_reference": "httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch"
},
"product_reference": "httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64"
},
"product_reference": "httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le"
},
"product_reference": "httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x"
},
"product_reference": "httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
},
"product_reference": "httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64"
},
"product_reference": "httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le"
},
"product_reference": "httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x"
},
"product_reference": "httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
},
"product_reference": "httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64"
},
"product_reference": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le"
},
"product_reference": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x"
},
"product_reference": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src"
},
"product_reference": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64"
},
"product_reference": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64"
},
"product_reference": "mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le"
},
"product_reference": "mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x"
},
"product_reference": "mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64"
},
"product_reference": "mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64"
},
"product_reference": "mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le"
},
"product_reference": "mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x"
},
"product_reference": "mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64"
},
"product_reference": "mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64"
},
"product_reference": "mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le"
},
"product_reference": "mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x"
},
"product_reference": "mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
},
"product_reference": "mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64"
},
"product_reference": "mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le"
},
"product_reference": "mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x"
},
"product_reference": "mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
},
"product_reference": "mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64"
},
"product_reference": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le"
},
"product_reference": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x"
},
"product_reference": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src"
},
"product_reference": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64"
},
"product_reference": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64"
},
"product_reference": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le"
},
"product_reference": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x"
},
"product_reference": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64"
},
"product_reference": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64"
},
"product_reference": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le"
},
"product_reference": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x"
},
"product_reference": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64"
},
"product_reference": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64"
},
"product_reference": "mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le"
},
"product_reference": "mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x"
},
"product_reference": "mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
},
"product_reference": "mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64"
},
"product_reference": "mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le"
},
"product_reference": "mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x"
},
"product_reference": "mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
},
"product_reference": "mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64"
},
"product_reference": "mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le"
},
"product_reference": "mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x"
},
"product_reference": "mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
},
"product_reference": "mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64"
},
"product_reference": "mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le"
},
"product_reference": "mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x"
},
"product_reference": "mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
},
"product_reference": "mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64"
},
"product_reference": "mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le"
},
"product_reference": "mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x"
},
"product_reference": "mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
},
"product_reference": "mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64"
},
"product_reference": "mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le"
},
"product_reference": "mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x"
},
"product_reference": "mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
},
"product_reference": "mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-17189",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668497"
}
],
"notes": [
{
"category": "description",
"text": "In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_http2: DoS via slow, unneeded request bodies",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-17189"
},
{
"category": "external",
"summary": "RHBZ#1668497",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668497"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-17189",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-17189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17189"
}
],
"release_date": "2019-01-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:44:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4751"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_http2: DoS via slow, unneeded request bodies"
},
{
"cve": "CVE-2019-0196",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2019-04-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1695030"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_http2: read-after-free on a string compare",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0196"
},
{
"category": "external",
"summary": "RHBZ#1695030",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695030"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0196",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0196"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0196",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0196"
},
{
"category": "external",
"summary": "http://www.apache.org/dist/httpd/CHANGES_2.4",
"url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:44:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4751"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_http2: read-after-free on a string compare"
},
{
"cve": "CVE-2019-0197",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2019-04-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1695042"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set \"H2Upgrade on\" are unaffected by this issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_http2: possible crash on late upgrade",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0197"
},
{
"category": "external",
"summary": "RHBZ#1695042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695042"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0197",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0197"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0197",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0197"
},
{
"category": "external",
"summary": "http://www.apache.org/dist/httpd/CHANGES_2.4",
"url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:44:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4751"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_http2: possible crash on late upgrade"
},
{
"cve": "CVE-2019-10081",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1743966"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache httpd, in mod_http2. Under certain circumstances, HTTP/2 early pushes could lead to memory corruption, causing a server to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: memory corruption on early pushes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10081"
},
{
"category": "external",
"summary": "RHBZ#1743966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743966"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10081",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10081"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10081",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10081"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-08-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:44:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4751"
},
{
"category": "workaround",
"details": "This flaw is only exploitable if Apache httpd is configured to respond to HTTP/2 requests, which is done by including \"h2\" or \"h2c\" in the \"Protocols\" list in a configuration file. The following command can be used to search for possible vulnerable configurations: \n\n grep -R \u0027^\\s*Protocols\\\u003e.*\\\u003ch2\\\u003e\u0027 /etc/httpd/\n\nSee https://httpd.apache.org/docs/2.4/mod/mod_http2.html",
"product_ids": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: memory corruption on early pushes"
},
{
"cve": "CVE-2019-10082",
"discovery_date": "2019-08-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1743974"
}
],
"notes": [
{
"category": "description",
"text": "A read-after-free vulnerability was discovered in Apache httpd, in mod_http2. A specially crafted http/2 client session could cause the server to read memory that was previously freed during connection shutdown, potentially leading to a crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: read-after-free in h2 connection shutdown",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10082"
},
{
"category": "external",
"summary": "RHBZ#1743974",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743974"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10082",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10082"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10082",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10082"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-08-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:44:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4751"
},
{
"category": "workaround",
"details": "This flaw is only exploitable if Apache httpd is configured to respond to HTTP/2 requests, which is done by including \"h2\" or \"h2c\" in the \"Protocols\" list in a configuration file. The following command can be used to search for possible vulnerable configurations: \n\n grep -R \u0027^\\s*Protocols\\\u003e.*\\\u003ch2\\\u003e\u0027 /etc/httpd/\n\nSee https://httpd.apache.org/docs/2.4/mod/mod_http2.html",
"product_ids": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: read-after-free in h2 connection shutdown"
},
{
"cve": "CVE-2019-10092",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-08-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1743956"
}
],
"notes": [
{
"category": "description",
"text": "A cross-site scripting vulnerability was found in Apache httpd, affecting the mod_proxy error page. Under certain circumstances, a crafted link could inject content into the HTML displayed in the error page, potentially leading to client-side exploitation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: limited cross-site scripting in mod_proxy error page",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10092"
},
{
"category": "external",
"summary": "RHBZ#1743956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743956"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10092",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10092"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10092",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10092"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-08-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:44:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4751"
},
{
"category": "workaround",
"details": "This flaw is only exploitable if Proxy* directives are used in Apache httpd configuration. The following command can be used to search for possible vulnerable configurations:\n\n grep -R \u0027^\\s*Proxy\u0027 /etc/httpd/\n\nSee https://httpd.apache.org/docs/2.4/mod/mod_proxy.html",
"product_ids": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: limited cross-site scripting in mod_proxy error page"
},
{
"cve": "CVE-2019-10097",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2019-08-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1743996"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in Apache httpd, in mod_remoteip. A trusted proxy using the \"PROXY\" protocol could send specially crafted headers that can cause httpd to experience a stack buffer overflow or NULL pointer dereference, leading to a crash or other potential consequences.\r\n\r\nThis issue could only be exploited by configured trusted intermediate proxy servers. HTTP clients such as browsers could not exploit the vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: null-pointer dereference in mod_remoteip",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10097"
},
{
"category": "external",
"summary": "RHBZ#1743996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743996"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10097",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10097"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10097",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10097"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-08-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:44:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4751"
},
{
"category": "workaround",
"details": "This flaw is only exploitable if RemoteIP* directives are used in Apache httpd configuration. The following command can be used to search for possible vulnerable configurations:\n\n grep -R \u0027^\\s*RemoteIP\u0027 /etc/httpd/\n\nSee https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html",
"product_ids": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: null-pointer dereference in mod_remoteip"
},
{
"cve": "CVE-2019-10098",
"discovery_date": "2019-08-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1743959"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in Apache httpd, in mod_rewrite. Certain self-referential mod_rewrite rules could be fooled by encoded newlines, causing them to redirect to an unexpected location. An attacker could abuse this flaw in a phishing attack or as part of a client-side attack on browsers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_rewrite potential open redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10098"
},
{
"category": "external",
"summary": "RHBZ#1743959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10098",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10098"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10098",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10098"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-08-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:44:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4751"
},
{
"category": "workaround",
"details": "This flaw requires the use of certain Rewrite configuration directives. The following command can be used to search for possible vulnerable configurations:\n\n grep -R \u0027^\\s*Rewrite\u0027 /etc/httpd/\n\nSee https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html",
"product_ids": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_rewrite potential open redirect"
},
{
"cve": "CVE-2020-1927",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2020-04-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1820761"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache HTTP Server (httpd) versions 2.4.0 to 2.4.41. Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirected instead to an unexpected URL within the request URL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_rewrite configurations vulnerable to open redirect",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue only affects httpd versions between 2.4.0 and 2.4.41. Therefore Red Hat Enterprise Linux 5 and 6 are not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1927"
},
{
"category": "external",
"summary": "RHBZ#1820761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820761"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1927",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1927"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1927",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1927"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2020-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:44:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4751"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_rewrite configurations vulnerable to open redirect"
},
{
"cve": "CVE-2020-1934",
"cwe": {
"id": "CWE-456",
"name": "Missing Initialization of a Variable"
},
"discovery_date": "2020-04-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1820772"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache\u0027s HTTP server (httpd) .The mod_proxy_ftp module may use uninitialized memory with proxying to a malicious FTP server. The highest threat from this vulnerability is to data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_proxy_ftp use of uninitialized value",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is caused by use of an uninitialized memory variable. Practically this has no impact, but in some corner cases it is possible that the contents of this variable could be read by a remote process, causing loss of confidentiality as a result of this. There is no evidence of code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1934"
},
{
"category": "external",
"summary": "RHBZ#1820772",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820772"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1934",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1934"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1934",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1934"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2020-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:44:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4751"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_proxy_ftp use of uninitialized value"
}
]
}
rhsa-2019_3932
Vulnerability from csaf_redhat
Published
2019-11-20 16:22
Modified
2024-11-05 21:37
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 6
Notes
Topic
Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) * mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * mod_session_cookie does not respect expiry time (CVE-2018-17199) * mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) * mod_http2: possible crash on late upgrade (CVE-2019-0197) * mod_http2: read-after-free on a string compare (CVE-2019-0196) * nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) * mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) * mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * mod_session_cookie does not respect expiry time (CVE-2018-17199) * mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) * mod_http2: possible crash on late upgrade (CVE-2019-0197) * mod_http2: read-after-free on a string compare (CVE-2019-0196) * nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) * mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:3932",
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1568253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568253"
},
{
"category": "external",
"summary": "1644364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644364"
},
{
"category": "external",
"summary": "1645695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
},
{
"category": "external",
"summary": "1668493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668493"
},
{
"category": "external",
"summary": "1668497",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668497"
},
{
"category": "external",
"summary": "1695020",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695020"
},
{
"category": "external",
"summary": "1695030",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695030"
},
{
"category": "external",
"summary": "1695042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695042"
},
{
"category": "external",
"summary": "1735741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735741"
},
{
"category": "external",
"summary": "1741860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741860"
},
{
"category": "external",
"summary": "1741864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741864"
},
{
"category": "external",
"summary": "1741868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741868"
},
{
"category": "external",
"summary": "JBCS-798",
"url": "https://issues.redhat.com/browse/JBCS-798"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3932.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 6",
"tracking": {
"current_release_date": "2024-11-05T21:37:07+00:00",
"generator": {
"date": "2024-11-05T21:37:07+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2019:3932",
"initial_release_date": "2019-11-20T16:22:09+00:00",
"revision_history": [
{
"date": "2019-11-20T16:22:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-01-06T13:05:52+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T21:37:07+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Core Services on RHEL 6 Server",
"product": {
"name": "Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:1::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Core Services"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"product_id": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-jansson@2.11-20.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"product_id": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-jansson-devel@2.11-20.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"product_id": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-jansson-debuginfo@2.11-20.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-63.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.6.3-63.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.6.3-63.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1-25.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.1.1-25.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.1.1-25.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.1.1-25.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.1.1-25.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.1.1-25.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-48.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-48.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-48.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-48.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-48.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-48.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-48.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-48.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-48.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-48.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"product_id": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-brotli@1.0.6-7.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"product_id": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-brotli-devel@1.0.6-7.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"product_id": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-brotli-debuginfo@1.0.6-7.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"product_id": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.39.2-4.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"product_id": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.39.2-4.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"product_id": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.39.2-4.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"product_id": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-curl@7.64.1-14.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"product_id": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl@7.64.1-14.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"product_id": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl-devel@7.64.1-14.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"product_id": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-curl-debuginfo@7.64.1-14.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.37-33.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.37-33.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.37-33.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.37-33.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.37-33.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.4.37-33.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.37-33.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.37-33.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.37-33.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.37-33.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.12-9.Final_redhat_2.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.12-9.Final_redhat_2.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.46-22.redhat_1.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-manual@1.2.46-22.redhat_1.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.46-22.redhat_1.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.2-16.GA.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.2-16.GA.jbcs.el6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-jansson@2.11-20.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-jansson-devel@2.11-20.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-jansson-debuginfo@2.11-20.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-63.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.6.3-63.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.6.3-63.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1-25.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.1.1-25.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.1.1-25.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.1.1-25.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.1.1-25.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.1.1-25.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-48.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-48.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-48.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-48.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-48.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-48.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-48.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-48.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-48.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-48.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-brotli@1.0.6-7.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-brotli-devel@1.0.6-7.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-brotli-debuginfo@1.0.6-7.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.39.2-4.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.39.2-4.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.39.2-4.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-curl@7.64.1-14.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl@7.64.1-14.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl-devel@7.64.1-14.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-curl-debuginfo@7.64.1-14.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.37-33.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.37-33.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.37-33.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.37-33.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.37-33.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.4.37-33.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.37-33.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.37-33.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.37-33.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.37-33.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.12-9.Final_redhat_2.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.12-9.Final_redhat_2.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.46-22.redhat_1.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-manual@1.2.46-22.redhat_1.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.46-22.redhat_1.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.2-16.GA.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.2-16.GA.jbcs.el6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"product_id": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-jansson@2.11-20.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"product_id": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-63.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"product_id": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1-25.jbcs.el6?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"product_id": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-48.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"product_id": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-brotli@1.0.6-7.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"product_id": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.39.2-4.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"product_id": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-curl@7.64.1-14.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"product_id": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.37-33.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.12-9.Final_redhat_2.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"product_id": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.46-22.redhat_1.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"product_id": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.2-16.GA.jbcs.el6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"product": {
"name": "jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"product_id": "jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.37-33.jbcs.el6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch"
},
"product_reference": "jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-0734",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2018-10-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1644364"
}
],
"notes": [
{
"category": "description",
"text": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: timing side channel attack in the DSA signature algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-0734"
},
{
"category": "external",
"summary": "RHBZ#1644364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644364"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-0734",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734"
}
],
"release_date": "2018-10-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:22:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: timing side channel attack in the DSA signature algorithm"
},
{
"cve": "CVE-2018-0737",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2018-04-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1568253"
}
],
"notes": [
{
"category": "description",
"text": "OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-0737"
},
{
"category": "external",
"summary": "RHBZ#1568253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568253"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-0737",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0737",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0737"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2018/04/16/3",
"url": "http://www.openwall.com/lists/oss-security/2018/04/16/3"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20180416.txt",
"url": "https://www.openssl.org/news/secadv/20180416.txt"
}
],
"release_date": "2018-04-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:22:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys"
},
{
"acknowledgments": [
{
"names": [
"Alejandro Cabrera Aldaya"
],
"organization": "Universidad Tecnologica de la Habana CUJAE; Cuba"
},
{
"names": [
"Billy Bob Brumley",
"Cesar Pereida Garcia",
"Sohaib ul Hassan"
]
},
{
"names": [
"Nicola Tuveri"
],
"organization": "Tampere University of Technology; Finland"
}
],
"cve": "CVE-2018-5407",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2018-11-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1645695"
}
],
"notes": [
{
"category": "description",
"text": "A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-5407"
},
{
"category": "external",
"summary": "RHBZ#1645695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-5407",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407"
},
{
"category": "external",
"summary": "https://github.com/bbbrumley/portsmash",
"url": "https://github.com/bbbrumley/portsmash"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20181112.txt",
"url": "https://www.openssl.org/news/secadv/20181112.txt"
}
],
"release_date": "2018-10-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:22:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"category": "workaround",
"details": "At this time Red Hat Engineering is working on patches for openssl package in Red Hat Enterprise Linux 7 to address this issue. Until fixes are available, users are advised to review the guidance supplied in the L1 Terminal Fault vulnerability article: https://access.redhat.com/security/vulnerabilities/L1TF and decide what their exposure across shared CPU threads are and act accordingly.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)"
},
{
"cve": "CVE-2018-17189",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668497"
}
],
"notes": [
{
"category": "description",
"text": "In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_http2: DoS via slow, unneeded request bodies",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-17189"
},
{
"category": "external",
"summary": "RHBZ#1668497",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668497"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-17189",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-17189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17189"
}
],
"release_date": "2019-01-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:22:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_http2: DoS via slow, unneeded request bodies"
},
{
"cve": "CVE-2018-17199",
"cwe": {
"id": "CWE-613",
"name": "Insufficient Session Expiration"
},
"discovery_date": "2019-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668493"
}
],
"notes": [
{
"category": "description",
"text": "In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_session_cookie does not respect expiry time",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-17199"
},
{
"category": "external",
"summary": "RHBZ#1668493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668493"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-17199",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17199"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-17199",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17199"
}
],
"release_date": "2019-01-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:22:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_session_cookie does not respect expiry time"
},
{
"cve": "CVE-2019-0196",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2019-04-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1695030"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_http2: read-after-free on a string compare",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0196"
},
{
"category": "external",
"summary": "RHBZ#1695030",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695030"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0196",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0196"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0196",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0196"
},
{
"category": "external",
"summary": "http://www.apache.org/dist/httpd/CHANGES_2.4",
"url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:22:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_http2: read-after-free on a string compare"
},
{
"cve": "CVE-2019-0197",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2019-04-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1695042"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set \"H2Upgrade on\" are unaffected by this issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_http2: possible crash on late upgrade",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0197"
},
{
"category": "external",
"summary": "RHBZ#1695042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695042"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0197",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0197"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0197",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0197"
},
{
"category": "external",
"summary": "http://www.apache.org/dist/httpd/CHANGES_2.4",
"url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:22:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_http2: possible crash on late upgrade"
},
{
"cve": "CVE-2019-0217",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2019-04-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1695020"
}
],
"notes": [
{
"category": "description",
"text": "A race condition was found in mod_auth_digest when the web server was running in a threaded MPM configuration. It could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_auth_digest: access control bypass due to race condition",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Based on the the fact that digest authentication is rarely used in modern day web applications and httpd package shipped with Red Hat products do not ship threaded MPM configuration by default, this flaw has been rated as having Moderate level security impact. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This flaw has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0217"
},
{
"category": "external",
"summary": "RHBZ#1695020",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695020"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0217"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0217",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0217"
},
{
"category": "external",
"summary": "http://www.apache.org/dist/httpd/CHANGES_2.4",
"url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:22:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"category": "workaround",
"details": "This flaw only affects a threaded server configuration, so using the prefork MPM is an effective mitigation. In versions of httpd package shipped with Red Hat Enterprise Linux 7, the prefork MPM is the default configuration.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_auth_digest: access control bypass due to race condition"
},
{
"cve": "CVE-2019-9511",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1741860"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: large amount of data requests leads to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "There are no mitigations available for nghttp2 and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9511"
},
{
"category": "external",
"summary": "RHBZ#1741860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741860"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9511",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9511"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/605641/",
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/",
"url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/"
}
],
"release_date": "2019-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:22:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"category": "workaround",
"details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: large amount of data requests leads to denial of service"
},
{
"acknowledgments": [
{
"names": [
"the Envoy security team"
]
}
],
"cve": "CVE-2019-9513",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1735741"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: flood using PRIORITY frames results in excessive resource consumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has no available mitigation for packages nghttp2 and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9513"
},
{
"category": "external",
"summary": "RHBZ#1735741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9513",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9513"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/",
"url": "https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/",
"url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/"
}
],
"release_date": "2019-08-13T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:22:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"category": "workaround",
"details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: flood using PRIORITY frames results in excessive resource consumption"
},
{
"cve": "CVE-2019-9516",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1741864"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2. An attacker, sending a stream of header with a 0-length header name and a 0-length header value, could cause some implementations to allocate memory for these headers and keep the allocations alive until the session dies. The can consume excess memory, potentially leading to a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: 0-length headers lead to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9516"
},
{
"category": "external",
"summary": "RHBZ#1741864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741864"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9516",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9516"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/issues/1382#",
"url": "https://github.com/nghttp2/nghttp2/issues/1382#"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/605641/",
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/",
"url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/"
}
],
"release_date": "2019-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:22:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"category": "workaround",
"details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: 0-length headers lead to denial of service"
},
{
"cve": "CVE-2019-9517",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1741868"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in HTTP/2. An attacker can open a HTTP/2 window so the peer can send without constraint. The TCP window remains closed so the peer cannot write the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the server\u0027s queue is setup, the responses can consume excess memory, CPU, or both, potentially leading to a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: request for large response leads to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The package httpd versions as shipped with Red Hat Enterprise Linux 5, 6 and 7 are not affected by this issue as HTTP/2 support is not provided.\nThis flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9517"
},
{
"category": "external",
"summary": "RHBZ#1741868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9517",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9517"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517"
},
{
"category": "external",
"summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/605641/",
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
}
],
"release_date": "2019-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-20T16:22:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"category": "workaround",
"details": "The httpd version shipped with Red Hat Enterprise Linux 8 provides HTTP/2 support through mod_http2 package. While mod_http2 package is not updated, users can disable HTTP/2 support as mitigation action by executing the following steps:\n\n1. Stop httpd service:\n$ systemctl stop httpd\n\n2. Remove http/2 protocol support from configuration files:\n$ sed -i \u0027s/\\(h2\\)\\|\\(h2c\\)//g\u0027 \u003chttpd_config_file\u003e\n\n3. Validate configuration files to make sure all syntax is valid:\n$ apachectl configtest\n\n4. Restart httpd service:\n$ systemctl start httpd",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: request for large response leads to denial of service"
}
]
}
ghsa-g33m-gfwr-29g4
Vulnerability from github
Published
2022-05-24 16:47
Modified
2022-09-08 00:00
Severity ?
Details
A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set "H2Upgrade on" are unaffected by this issue.
{
"affected": [],
"aliases": [
"CVE-2019-0197"
],
"database_specific": {
"cwe_ids": [
"CWE-444"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-06-11T22:29:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set \"H2Upgrade on\" are unaffected by this issue.",
"id": "GHSA-g33m-gfwr-29g4",
"modified": "2022-09-08T00:00:32Z",
"published": "2022-05-24T16:47:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0197"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4113-1"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03950en_us"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K44591505"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190617-0002"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808@%3Cdev.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/04/02/2"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/107665"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
]
}
gsd-2019-0197
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set "H2Upgrade on" are unaffected by this issue.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-0197",
"description": "A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set \"H2Upgrade on\" are unaffected by this issue.",
"id": "GSD-2019-0197",
"references": [
"https://www.suse.com/security/cve/CVE-2019-0197.html",
"https://access.redhat.com/errata/RHSA-2020:4751",
"https://access.redhat.com/errata/RHSA-2020:2646",
"https://access.redhat.com/errata/RHSA-2020:2644",
"https://access.redhat.com/errata/RHSA-2019:3935",
"https://access.redhat.com/errata/RHSA-2019:3933",
"https://access.redhat.com/errata/RHSA-2019:3932",
"https://ubuntu.com/security/CVE-2019-0197",
"https://security.archlinux.org/CVE-2019-0197",
"https://alas.aws.amazon.com/cve/html/CVE-2019-0197.html",
"https://linux.oracle.com/cve/CVE-2019-0197.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-0197"
],
"details": "A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set \"H2Upgrade on\" are unaffected by this issue.",
"id": "GSD-2019-0197",
"modified": "2023-12-13T01:23:39.968291Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2019-0197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache HTTP Server",
"version": {
"version_data": [
{
"version_value": "2.4.34 to 2.4.38"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set \"H2Upgrade on\" are unaffected by this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "mod_http2, possible crash on late upgrade"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "CONFIRM",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "[oss-security] 20190401 CVE-2019-0197: mod_http2, possible crash on late upgrade",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/04/02/2"
},
{
"name": "107665",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107665"
},
{
"name": "FEDORA-2019-cf7695b470",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/"
},
{
"name": "https://lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808@%3Cdev.httpd.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808@%3Cdev.httpd.apache.org%3E"
},
{
"name": "openSUSE-SU-2019:1190",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html"
},
{
"name": "openSUSE-SU-2019:1209",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html"
},
{
"name": "openSUSE-SU-2019:1258",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html"
},
{
"name": "https://support.f5.com/csp/article/K44591505",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K44591505"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190617-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190617-0002/"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03950en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03950en_us"
},
{
"name": "USN-4113-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4113-1/"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "RHSA-2019:3933",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"name": "RHSA-2019:3935",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"name": "RHSA-2019:3932",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.4.38",
"versionStartIncluding": "2.4.34",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2019-0197"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set \"H2Upgrade on\" are unaffected by this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K44591505",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K44591505"
},
{
"name": "FEDORA-2019-cf7695b470",
"refsource": "FEDORA",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/"
},
{
"name": "https://lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808@%3Cdev.httpd.apache.org%3E",
"refsource": "MISC",
"tags": [
"Mailing List",
"Release Notes",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808@%3Cdev.httpd.apache.org%3E"
},
{
"name": "https://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "107665",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107665"
},
{
"name": "[oss-security] 20190401 CVE-2019-0197: mod_http2, possible crash on late upgrade",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/02/2"
},
{
"name": "openSUSE-SU-2019:1258",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html"
},
{
"name": "openSUSE-SU-2019:1209",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html"
},
{
"name": "openSUSE-SU-2019:1190",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190617-0002/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190617-0002/"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03950en_us",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03950en_us"
},
{
"name": "USN-4113-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4113-1/"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "RHSA-2019:3933",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"name": "RHSA-2019:3935",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"name": "RHSA-2019:3932",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "N/A",
"refsource": "N/A",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 2.5
}
},
"lastModifiedDate": "2022-09-07T17:36Z",
"publishedDate": "2019-06-11T22:29Z"
}
}
}
wid-sec-w-2023-2047
Vulnerability from csaf_certbund
Published
2019-04-02 22:00
Modified
2023-08-13 22:00
Summary
Apache HTTP Server: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Apache ist ein Webserver für verschiedene Plattformen.
Angriff
Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen im Apache HTTP Server ausnutzen, um seine Rechte zu erweitern, Sicherheitsrestriktionen zu umgehen oder um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- NetApp Appliance
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Apache ist ein Webserver f\u00fcr verschiedene Plattformen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen im Apache HTTP Server ausnutzen, um seine Rechte zu erweitern, Sicherheitsrestriktionen zu umgehen oder um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows\n- NetApp Appliance",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2047 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2023-2047.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2047 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2047"
},
{
"category": "external",
"summary": "HPE Securi+y Bulletin",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-hpesbst04494en_us"
},
{
"category": "external",
"summary": "Eintr\u00e4ge in der OSS Mailing Liste vom 2019-04-02",
"url": "https://seclists.org/oss-sec/2019/q2/0"
},
{
"category": "external",
"summary": "Eintr\u00e4ge in der OSS Mailing Liste vom 2019-04-02",
"url": "https://seclists.org/oss-sec/2019/q2/1"
},
{
"category": "external",
"summary": "Eintr\u00e4ge in der OSS Mailing Liste vom 2019-04-02",
"url": "https://seclists.org/oss-sec/2019/q2/2"
},
{
"category": "external",
"summary": "Eintr\u00e4ge in der OSS Mailing Liste vom 2019-04-02",
"url": "https://seclists.org/oss-sec/2019/q2/3"
},
{
"category": "external",
"summary": "Eintr\u00e4ge in der OSS Mailing Liste vom 2019-04-02",
"url": "https://seclists.org/oss-sec/2019/q2/4"
},
{
"category": "external",
"summary": "Eintr\u00e4ge in der OSS Mailing Liste vom 2019-04-02",
"url": "https://seclists.org/oss-sec/2019/q2/5"
},
{
"category": "external",
"summary": "Apache Release Notes Stand 2019-04-02",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4422 vom 2019-04-04 vom 2019-04-03",
"url": "https://lists.debian.org/debian-security-announce/2019/msg00066.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notices USN-3937-1 vom 2019-04-04",
"url": "https://usn.ubuntu.com/3937-1/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:0878-1 vom 2019-04-04",
"url": "https://www.suse.com/de-de/support/update/announcement/2019/suse-su-20190878-1/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:0873-1 vom 2019-04-04",
"url": "http://lists.suse.com/pipermail/sle-security-updates/2019-April/005295.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:0889-1 vom 2019-04-05",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190889-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:0888-1 vom 2019-04-05",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190888-1.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3937-2 vom 2019-04-10",
"url": "https://usn.ubuntu.com/3937-2/"
},
{
"category": "external",
"summary": "Arch Linux Security Advisory ASA-201904-3 vom 2019-04-05",
"url": "https://security.archlinux.org/ASA-201904-3"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:0746 vom 2019-04-11",
"url": "https://access.redhat.com/errata/RHSA-2019:0746"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:0888-2 vom 2019-04-12",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190888-2.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:0251 vom 2020-01-27",
"url": "https://access.redhat.com/errata/RHSA-2020:0251"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:0250 vom 2020-01-27",
"url": "https://access.redhat.com/errata/RHSA-2020:0250"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:0980 vom 2019-05-07",
"url": "https://access.redhat.com/errata/RHSA-2019:0980"
},
{
"category": "external",
"summary": "Exploit f\u00fcr CVE-2019-0211 vom 2019-05-16",
"url": "https://github.com/cfreal/exploits/tree/master/CVE-2019-0211-apache"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:1296 vom 2019-05-30",
"url": "https://access.redhat.com/errata/RHSA-2019:1296"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:1297 vom 2019-05-30",
"url": "https://access.redhat.com/errata/RHSA-2019:1297"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20190423-0001 vom 2019-06-06",
"url": "https://security.netapp.com/advisory/ntap-20190423-0001/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:1543 vom 2019-06-19",
"url": "https://access.redhat.com/errata/RHSA-2019:1543"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20190625-0007 vom 2019-06-25",
"url": "https://security.netapp.com/advisory/ntap-20190625-0007/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2343 vom 2019-08-06",
"url": "https://access.redhat.com/errata/RHSA-2019:2343"
},
{
"category": "external",
"summary": "HP SECURITY BULLETIN hpesbux03950en_us vom 2019-08-22",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=hpesbux03950en_us"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-4113-1 vom 2019-08-30",
"url": "https://usn.ubuntu.com/4113-1/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-4113-2 vom 2019-09-17",
"url": "https://usn.ubuntu.com/4113-2/"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2019:2343 vom 2019-09-18",
"url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2019-2343-Moderate-CentOS-7-httpd-Security-Update-tp4645680.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:3436 vom 2019-11-05",
"url": "https://access.redhat.com/errata/RHSA-2019:3436"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:3933 vom 2019-11-20",
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:3935 vom 2019-11-20",
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:3932 vom 2019-11-20",
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:4126 vom 2019-12-10",
"url": "https://access.redhat.com/errata/RHSA-2019:4126"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:2644 vom 2020-06-22",
"url": "https://access.redhat.com/errata/RHSA-2020:2644"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:2646 vom 2020-06-22",
"url": "https://access.redhat.com/errata/RHSA-2020:2646"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA11023 vom 2020-07-08",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11023"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:4751 vom 2020-11-04",
"url": "https://access.redhat.com/errata/RHSA-2020:4751"
},
{
"category": "external",
"summary": "AVAYA Security Advisory ASA-2020-161 vom 2020-12-08",
"url": "https://downloads.avaya.com/css/P8/documents/101072834"
}
],
"source_lang": "en-US",
"title": "Apache HTTP Server: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-08-13T22:00:00.000+00:00",
"generator": {
"date": "2024-02-15T17:40:20.256+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2023-2047",
"initial_release_date": "2019-04-02T22:00:00.000+00:00",
"revision_history": [
{
"date": "2019-04-02T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2019-04-03T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Debian und Fedora aufgenommen"
},
{
"date": "2019-04-04T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2019-04-04T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-04-04T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-04-07T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-04-10T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Ubuntu und Arch Linux aufgenommen"
},
{
"date": "2019-04-11T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2019-04-14T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-04-22T22:00:00.000+00:00",
"number": "10",
"summary": "Referenz(en) aufgenommen: GLSA/201904-20"
},
{
"date": "2019-05-06T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2019-05-16T22:00:00.000+00:00",
"number": "12",
"summary": "Exploit aufgenommen"
},
{
"date": "2019-05-23T22:00:00.000+00:00",
"number": "13",
"summary": "Referenz(en) aufgenommen: FEDORA-2019-B99E48E883, FEDORA-2019-08E57D15FD"
},
{
"date": "2019-05-30T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2019-05-30T22:00:00.000+00:00",
"number": "15",
"summary": "Referenz(en) aufgenommen: FEDORA-2019-C7187E6DC7"
},
{
"date": "2019-06-02T22:00:00.000+00:00",
"number": "16",
"summary": "Schreibfehler korrigiert"
},
{
"date": "2019-06-06T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von NetApp aufgenommen"
},
{
"date": "2019-06-18T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2019-06-24T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von NetApp aufgenommen"
},
{
"date": "2019-08-06T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2019-08-25T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von HP aufgenommen"
},
{
"date": "2019-08-29T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2019-09-17T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2019-09-18T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von CentOS aufgenommen"
},
{
"date": "2019-11-05T23:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2019-11-20T23:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2019-12-09T23:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-01-27T23:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-06-22T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-07-08T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Juniper aufgenommen"
},
{
"date": "2020-11-03T23:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-12-09T23:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von AVAYA aufgenommen"
},
{
"date": "2023-08-13T22:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von HP aufgenommen"
}
],
"status": "final",
"version": "33"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Apache HTTP Server \u003c 2.4.39",
"product": {
"name": "Apache HTTP Server \u003c 2.4.39",
"product_id": "T013862",
"product_identification_helper": {
"cpe": "cpe:/a:apache:http_server:2.4.39"
}
}
}
],
"category": "vendor",
"name": "Apache"
},
{
"branches": [
{
"category": "product_name",
"name": "Avaya Aura Experience Portal",
"product": {
"name": "Avaya Aura Experience Portal",
"product_id": "T015519",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:aura_experience_portal:-"
}
}
}
],
"category": "vendor",
"name": "Avaya"
},
{
"branches": [
{
"category": "product_name",
"name": "Broadcom Brocade Switch",
"product": {
"name": "Broadcom Brocade Switch",
"product_id": "T015844",
"product_identification_helper": {
"cpe": "cpe:/h:brocade:switch:-"
}
}
}
],
"category": "vendor",
"name": "Broadcom"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "HPE HP-UX",
"product": {
"name": "HPE HP-UX",
"product_id": "4871",
"product_identification_helper": {
"cpe": "cpe:/o:hp:hp-ux:-"
}
}
},
{
"category": "product_name",
"name": "HPE Switch",
"product": {
"name": "HPE Switch",
"product_id": "T005119",
"product_identification_helper": {
"cpe": "cpe:/h:hp:switch:-"
}
}
}
],
"category": "vendor",
"name": "HPE"
},
{
"branches": [
{
"category": "product_name",
"name": "Juniper Junos Space \u003c 20.1R1",
"product": {
"name": "Juniper Junos Space \u003c 20.1R1",
"product_id": "T016874",
"product_identification_helper": {
"cpe": "cpe:/a:juniper:junos_space:20.1r1"
}
}
}
],
"category": "vendor",
"name": "Juniper"
},
{
"branches": [
{
"category": "product_name",
"name": "NetApp Data ONTAP",
"product": {
"name": "NetApp Data ONTAP",
"product_id": "7654",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:data_ontap:-"
}
}
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source Arch Linux",
"product": {
"name": "Open Source Arch Linux",
"product_id": "T013312",
"product_identification_helper": {
"cpe": "cpe:/o:archlinux:archlinux:-"
}
}
},
{
"category": "product_name",
"name": "Open Source CentOS",
"product": {
"name": "Open Source CentOS",
"product_id": "1727",
"product_identification_helper": {
"cpe": "cpe:/o:centos:centos:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-0196",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle im Apache HTTP Server. In mod_http2 besteht ein read-after-free Fehler in einem String Vergleich. Ein entfernter anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service zu verursachen."
}
],
"product_status": {
"known_affected": [
"T015519",
"2951",
"T002207",
"67646",
"4871",
"T000126",
"7654",
"T015844",
"T013312",
"T005119",
"1727"
]
},
"release_date": "2019-04-02T22:00:00Z",
"title": "CVE-2019-0196"
},
{
"cve": "CVE-2019-0197",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle im Apache HTTP Server. Diese besteht aufgrund unsachgem\u00e4\u00df behandelter Upgrade request from http/1.1 auf http/2 in mod_http2. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service zu verursachen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T015844",
"T013312",
"T005119",
"1727"
]
},
"release_date": "2019-04-02T22:00:00Z",
"title": "CVE-2019-0197"
},
{
"cve": "CVE-2019-0211",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle im Apache HTTP Server. Unter bestimmten Umst\u00e4nden kann Code, der in weniger privilegierten Kindprozessen oder Threads ausgef\u00fchrt wird, beliebigen Code mit den Privilegien des \u00fcbergeordneten Prozesses ausf\u00fchren. Ein lokaler Angreifer kann diese Schwachstelle durch Manipulation des Scoreboards ausnutzen, um seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T015844",
"T013312",
"T005119",
"1727"
]
},
"release_date": "2019-04-02T22:00:00Z",
"title": "CVE-2019-0211"
},
{
"cve": "CVE-2019-0215",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle im Apache HTTP Server. Diese besteht aufgrund eines Fehlers in mod_ssl bei der Verifizierung von Client-Zertifikaten. Ein authentisierter Angreifer kann diese Schwachstelle ausnutzen, um Zugriffsbeschr\u00e4nkungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"2951",
"67646",
"T015844",
"T013312",
"T005119",
"1727"
]
},
"release_date": "2019-04-02T22:00:00Z",
"title": "CVE-2019-0215"
},
{
"cve": "CVE-2019-0217",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle im Apache HTTP Server. Es besteht eine Race Condition in mod_auth_digest w\u00e4hrend der Ausf\u00fchrung in einem Thread-Server. Ein authentisierter Angreifer kann kann diese Schwachstelle ausnutzen, um konfigurierte Zugriffsbeschr\u00e4nkungen zu umgehen und sich mit einem anderen Benutzernamen zu authentifizieren."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T015844",
"T013312",
"T005119",
"1727"
]
},
"release_date": "2019-04-02T22:00:00Z",
"title": "CVE-2019-0217"
},
{
"cve": "CVE-2019-0220",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle im Apache HTTP Server. Diese besteht wegen einer unsachgem\u00e4\u00dfen Behandlung von regul\u00e4ren Ausdr\u00fccken in der Pfadkomponente einer Request-URL. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service zu verursachen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"7654",
"T015844",
"T013312",
"T005119",
"1727"
]
},
"release_date": "2019-04-02T22:00:00Z",
"title": "CVE-2019-0220"
}
]
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.