Action not permitted
Modal body text goes here.
cve-2019-10082
Vulnerability from cvelistv5
Published
2019-09-26 14:40
Modified
2024-08-04 22:10
Severity ?
EPSS score ?
Summary
In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| n/a | Apache HTTP Server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:09.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [13/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache HTTP Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.4.18 to 2.4.39"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "mod_http2, write beyond array on h2 push",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T17:59:23",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [13/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2019-10082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache HTTP Server",
"version": {
"version_data": [
{
"version_value": "2.4.18 to 2.4.39"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "mod_http2, write beyond array on h2 push"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "https://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "MISC",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [13/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2019-10082",
"datePublished": "2019-09-26T14:40:39",
"dateReserved": "2019-03-26T00:00:00",
"dateUpdated": "2024-08-04T22:10:09.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2019-10082\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2019-09-26T16:15:10.503\",\"lastModified\":\"2023-11-07T03:02:22.373\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.\"},{\"lang\":\"es\",\"value\":\"En Apache HTTP Server versiones 2.4.18 hasta 2.4.39, usando la entrada de red difusa, el manejo de la sesi\u00f3n http/2 podr\u00eda ser hecha para leer la memoria despu\u00e9s de ser liberada, durante el apagado de la conexi\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":6.4},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.4.18\",\"versionEndIncluding\":\"2.4.39\",\"matchCriteriaId\":\"4D2016B6-E8F3-4F1D-8931-92E45A3AAE63\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED5503EC-63B6-47EB-AE37-14DD317DDDD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A99F85F8-F374-48B0-9534-BB9C07AFE76E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C57FD3A-0CC1-4BA9-879A-8C4A40234162\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"698FB6D0-B26F-4760-9B9B-1C65FBFF2126\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37209C6F-EF99-4D21-9608-B3A06D283D24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B095CC03-7077-4A58-AB25-CC5380CDCE5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFC79B17-E9D2-44D5-93ED-2F959E7A3D43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD04BEE5-E9A8-4584-A68C-0195CE9C402C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1\",\"versionEndIncluding\":\"17.3\",\"matchCriteriaId\":\"9A74FD5F-4FEA-4A74-8B92-72DFDE6BA464\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0ED83E3-E6BF-4EAA-AF8F-33485A88A218\"}]}]}],\"references\":[{\"url\":\"https://httpd.apache.org/security/vulnerabilities_24.html\",\"source\":\"security@apache.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"security@apache.org\"},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
gsd-2019-10082
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-10082",
"description": "In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.",
"id": "GSD-2019-10082",
"references": [
"https://www.suse.com/security/cve/CVE-2019-10082.html",
"https://www.debian.org/security/2019/dsa-4509",
"https://access.redhat.com/errata/RHSA-2020:4751",
"https://access.redhat.com/errata/RHSA-2020:1337",
"https://access.redhat.com/errata/RHSA-2020:1336",
"https://ubuntu.com/security/CVE-2019-10082",
"https://advisories.mageia.org/CVE-2019-10082.html",
"https://alas.aws.amazon.com/cve/html/CVE-2019-10082.html",
"https://linux.oracle.com/cve/CVE-2019-10082.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-10082"
],
"details": "In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.",
"id": "GSD-2019-10082",
"modified": "2023-12-13T01:23:57.422775Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2019-10082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache HTTP Server",
"version": {
"version_data": [
{
"version_value": "2.4.18 to 2.4.39"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "mod_http2, write beyond array on h2 push"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "https://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "MISC",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [13/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.4.39",
"versionStartIncluding": "2.4.18",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.3",
"versionStartIncluding": "17.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2019-10082"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "N/A",
"refsource": "N/A",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [13/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "N/A",
"refsource": "N/A",
"tags": [],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
},
"lastModifiedDate": "2022-07-25T18:15Z",
"publishedDate": "2019-09-26T16:15Z"
}
}
}
rhsa-2020_1336
Vulnerability from csaf_redhat
Published
2020-04-06 19:09
Modified
2024-11-05 22:02
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP2 security update
Notes
Topic
Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 2 zip release for RHEL 6, RHEL 7 and Microsoft Windows is available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release adds the new Apache HTTP Server 2.4.37 Service Pack 2 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 1 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* openssl: side-channel weak encryption vulnerability (CVE-2019-1547)
* httpd: memory corruption on early pushes (CVE-2019-10081)
* httpd: read-after-free in h2 connection shutdown (CVE-2019-10082)
* httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097)
* openssl: information disclosure in fork() (CVE-2019-1549)
* openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563)
* httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092)
* httpd: mod_rewrite potential open redirect (CVE-2019-10098)
* httpd: mod_rewrite configurations vulnerable to open redirect(CVE-2020-1927)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 2 zip release for RHEL 6, RHEL 7 and Microsoft Windows is available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.\n\nThis release adds the new Apache HTTP Server 2.4.37 Service Pack 2 packages that are part of the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 1 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* openssl: side-channel weak encryption vulnerability (CVE-2019-1547)\n\n* httpd: memory corruption on early pushes (CVE-2019-10081)\n\n* httpd: read-after-free in h2 connection shutdown (CVE-2019-10082)\n\n* httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097)\n\n* openssl: information disclosure in fork() (CVE-2019-1549)\n\n* openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563)\n\n* httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092)\n\n* httpd: mod_rewrite potential open redirect (CVE-2019-10098)\n\n* httpd: mod_rewrite configurations vulnerable to open redirect(CVE-2020-1927)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:1336",
"url": "https://access.redhat.com/errata/RHSA-2020:1336"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp\u0026downloadType=securityPatches\u0026version=2.4.37",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp\u0026downloadType=securityPatches\u0026version=2.4.37"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.openssl\u0026downloadType=securityPatches\u0026version=1.1.1c",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.openssl\u0026downloadType=securityPatches\u0026version=1.1.1c"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.37/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.37/"
},
{
"category": "external",
"summary": "1743956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743956"
},
{
"category": "external",
"summary": "1743959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743959"
},
{
"category": "external",
"summary": "1743966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743966"
},
{
"category": "external",
"summary": "1743974",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743974"
},
{
"category": "external",
"summary": "1743996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743996"
},
{
"category": "external",
"summary": "1752090",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752090"
},
{
"category": "external",
"summary": "1752095",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752095"
},
{
"category": "external",
"summary": "1752100",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752100"
},
{
"category": "external",
"summary": "1820761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820761"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_1336.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP2 security update",
"tracking": {
"current_release_date": "2024-11-05T22:02:20+00:00",
"generator": {
"date": "2024-11-05T22:02:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2020:1336",
"initial_release_date": "2020-04-06T19:09:57+00:00",
"revision_history": [
{
"date": "2020-04-06T19:09:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-04-22T14:04:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T22:02:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "JBoss Core Services Apache HTTP Server 2.4.37 SP2",
"product": {
"name": "JBoss Core Services Apache HTTP Server 2.4.37 SP2",
"product_id": "JBoss Core Services Apache HTTP Server 2.4.37 SP2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Core Services"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-1547",
"cwe": {
"id": "CWE-602",
"name": "Client-Side Enforcement of Server-Side Security"
},
"discovery_date": "2019-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1752090"
}
],
"notes": [
{
"category": "description",
"text": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: side-channel weak encryption vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "As per upstream: In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. Also libssl is not vulnerable because explicit parameters are never used.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"JBoss Core Services Apache HTTP Server 2.4.37 SP2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-1547"
},
{
"category": "external",
"summary": "RHBZ#1752090",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752090"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-1547",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1547"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-1547",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1547"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-06T19:09:57+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update).\n\nBefore applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"JBoss Core Services Apache HTTP Server 2.4.37 SP2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1336"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"JBoss Core Services Apache HTTP Server 2.4.37 SP2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: side-channel weak encryption vulnerability"
},
{
"cve": "CVE-2019-1549",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2019-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1752095"
}
],
"notes": [
{
"category": "description",
"text": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: information disclosure in fork()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"JBoss Core Services Apache HTTP Server 2.4.37 SP2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-1549"
},
{
"category": "external",
"summary": "RHBZ#1752095",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752095"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-1549",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1549"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-1549",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1549"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-06T19:09:57+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update).\n\nBefore applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"JBoss Core Services Apache HTTP Server 2.4.37 SP2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1336"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"JBoss Core Services Apache HTTP Server 2.4.37 SP2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: information disclosure in fork()"
},
{
"cve": "CVE-2019-1563",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2019-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1752100"
}
],
"notes": [
{
"category": "description",
"text": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"JBoss Core Services Apache HTTP Server 2.4.37 SP2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-1563"
},
{
"category": "external",
"summary": "RHBZ#1752100",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752100"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-1563",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1563"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-1563",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1563"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-06T19:09:57+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update).\n\nBefore applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"JBoss Core Services Apache HTTP Server 2.4.37 SP2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1336"
},
{
"category": "workaround",
"details": "This attack is carried out by sending a large number of messages to be decrypted by the victim. The attacker needs to receive a response from the victim if the decryption was successful or not. Therefore only if the user application compiled with openssl is designed above way, the attack will be viable.\nOnly CMS_decrypt and PKCS7_decrypt functions are affected. Applications compiled with openssl are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt.",
"product_ids": [
"JBoss Core Services Apache HTTP Server 2.4.37 SP2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"JBoss Core Services Apache HTTP Server 2.4.37 SP2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey"
},
{
"cve": "CVE-2019-10081",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1743966"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache httpd, in mod_http2. Under certain circumstances, HTTP/2 early pushes could lead to memory corruption, causing a server to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: memory corruption on early pushes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"JBoss Core Services Apache HTTP Server 2.4.37 SP2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10081"
},
{
"category": "external",
"summary": "RHBZ#1743966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743966"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10081",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10081"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10081",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10081"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-08-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-06T19:09:57+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update).\n\nBefore applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"JBoss Core Services Apache HTTP Server 2.4.37 SP2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1336"
},
{
"category": "workaround",
"details": "This flaw is only exploitable if Apache httpd is configured to respond to HTTP/2 requests, which is done by including \"h2\" or \"h2c\" in the \"Protocols\" list in a configuration file. The following command can be used to search for possible vulnerable configurations: \n\n grep -R \u0027^\\s*Protocols\\\u003e.*\\\u003ch2\\\u003e\u0027 /etc/httpd/\n\nSee https://httpd.apache.org/docs/2.4/mod/mod_http2.html",
"product_ids": [
"JBoss Core Services Apache HTTP Server 2.4.37 SP2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"JBoss Core Services Apache HTTP Server 2.4.37 SP2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: memory corruption on early pushes"
},
{
"cve": "CVE-2019-10082",
"discovery_date": "2019-08-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1743974"
}
],
"notes": [
{
"category": "description",
"text": "A read-after-free vulnerability was discovered in Apache httpd, in mod_http2. A specially crafted http/2 client session could cause the server to read memory that was previously freed during connection shutdown, potentially leading to a crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: read-after-free in h2 connection shutdown",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"JBoss Core Services Apache HTTP Server 2.4.37 SP2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10082"
},
{
"category": "external",
"summary": "RHBZ#1743974",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743974"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10082",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10082"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10082",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10082"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-08-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-06T19:09:57+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update).\n\nBefore applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"JBoss Core Services Apache HTTP Server 2.4.37 SP2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1336"
},
{
"category": "workaround",
"details": "This flaw is only exploitable if Apache httpd is configured to respond to HTTP/2 requests, which is done by including \"h2\" or \"h2c\" in the \"Protocols\" list in a configuration file. The following command can be used to search for possible vulnerable configurations: \n\n grep -R \u0027^\\s*Protocols\\\u003e.*\\\u003ch2\\\u003e\u0027 /etc/httpd/\n\nSee https://httpd.apache.org/docs/2.4/mod/mod_http2.html",
"product_ids": [
"JBoss Core Services Apache HTTP Server 2.4.37 SP2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"JBoss Core Services Apache HTTP Server 2.4.37 SP2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: read-after-free in h2 connection shutdown"
},
{
"cve": "CVE-2019-10092",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-08-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1743956"
}
],
"notes": [
{
"category": "description",
"text": "A cross-site scripting vulnerability was found in Apache httpd, affecting the mod_proxy error page. Under certain circumstances, a crafted link could inject content into the HTML displayed in the error page, potentially leading to client-side exploitation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: limited cross-site scripting in mod_proxy error page",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"JBoss Core Services Apache HTTP Server 2.4.37 SP2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10092"
},
{
"category": "external",
"summary": "RHBZ#1743956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743956"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10092",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10092"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10092",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10092"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-08-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-06T19:09:57+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update).\n\nBefore applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"JBoss Core Services Apache HTTP Server 2.4.37 SP2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1336"
},
{
"category": "workaround",
"details": "This flaw is only exploitable if Proxy* directives are used in Apache httpd configuration. The following command can be used to search for possible vulnerable configurations:\n\n grep -R \u0027^\\s*Proxy\u0027 /etc/httpd/\n\nSee https://httpd.apache.org/docs/2.4/mod/mod_proxy.html",
"product_ids": [
"JBoss Core Services Apache HTTP Server 2.4.37 SP2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"JBoss Core Services Apache HTTP Server 2.4.37 SP2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: limited cross-site scripting in mod_proxy error page"
},
{
"cve": "CVE-2019-10097",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2019-08-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1743996"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in Apache httpd, in mod_remoteip. A trusted proxy using the \"PROXY\" protocol could send specially crafted headers that can cause httpd to experience a stack buffer overflow or NULL pointer dereference, leading to a crash or other potential consequences.\r\n\r\nThis issue could only be exploited by configured trusted intermediate proxy servers. HTTP clients such as browsers could not exploit the vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: null-pointer dereference in mod_remoteip",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"JBoss Core Services Apache HTTP Server 2.4.37 SP2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10097"
},
{
"category": "external",
"summary": "RHBZ#1743996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743996"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10097",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10097"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10097",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10097"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-08-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-06T19:09:57+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update).\n\nBefore applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"JBoss Core Services Apache HTTP Server 2.4.37 SP2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1336"
},
{
"category": "workaround",
"details": "This flaw is only exploitable if RemoteIP* directives are used in Apache httpd configuration. The following command can be used to search for possible vulnerable configurations:\n\n grep -R \u0027^\\s*RemoteIP\u0027 /etc/httpd/\n\nSee https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html",
"product_ids": [
"JBoss Core Services Apache HTTP Server 2.4.37 SP2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"JBoss Core Services Apache HTTP Server 2.4.37 SP2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: null-pointer dereference in mod_remoteip"
},
{
"cve": "CVE-2019-10098",
"discovery_date": "2019-08-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1743959"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in Apache httpd, in mod_rewrite. Certain self-referential mod_rewrite rules could be fooled by encoded newlines, causing them to redirect to an unexpected location. An attacker could abuse this flaw in a phishing attack or as part of a client-side attack on browsers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_rewrite potential open redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"JBoss Core Services Apache HTTP Server 2.4.37 SP2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10098"
},
{
"category": "external",
"summary": "RHBZ#1743959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10098",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10098"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10098",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10098"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-08-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-06T19:09:57+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update).\n\nBefore applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"JBoss Core Services Apache HTTP Server 2.4.37 SP2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1336"
},
{
"category": "workaround",
"details": "This flaw requires the use of certain Rewrite configuration directives. The following command can be used to search for possible vulnerable configurations:\n\n grep -R \u0027^\\s*Rewrite\u0027 /etc/httpd/\n\nSee https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html",
"product_ids": [
"JBoss Core Services Apache HTTP Server 2.4.37 SP2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"JBoss Core Services Apache HTTP Server 2.4.37 SP2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_rewrite potential open redirect"
},
{
"cve": "CVE-2020-1927",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2020-04-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1820761"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache HTTP Server (httpd) versions 2.4.0 to 2.4.41. Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirected instead to an unexpected URL within the request URL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_rewrite configurations vulnerable to open redirect",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue only affects httpd versions between 2.4.0 and 2.4.41. Therefore Red Hat Enterprise Linux 5 and 6 are not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"JBoss Core Services Apache HTTP Server 2.4.37 SP2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1927"
},
{
"category": "external",
"summary": "RHBZ#1820761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820761"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1927",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1927"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1927",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1927"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2020-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-06T19:09:57+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update).\n\nBefore applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"JBoss Core Services Apache HTTP Server 2.4.37 SP2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1336"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"JBoss Core Services Apache HTTP Server 2.4.37 SP2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_rewrite configurations vulnerable to open redirect"
}
]
}
rhsa-2020_4751
Vulnerability from csaf_redhat
Published
2020-11-04 01:44
Modified
2024-11-05 22:56
Summary
Red Hat Security Advisory: httpd:2.4 security, bug fix, and enhancement update
Notes
Topic
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
The following packages have been upgraded to a later upstream version: mod_http2 (1.15.7). (BZ#1814236)
Security Fix(es):
* httpd: memory corruption on early pushes (CVE-2019-10081)
* httpd: read-after-free in h2 connection shutdown (CVE-2019-10082)
* httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097)
* httpd: mod_rewrite configurations vulnerable to open redirect (CVE-2020-1927)
* httpd: mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189)
* httpd: mod_http2: read-after-free on a string compare (CVE-2019-0196)
* httpd: mod_http2: possible crash on late upgrade (CVE-2019-0197)
* httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092)
* httpd: mod_rewrite potential open redirect (CVE-2019-10098)
* httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nThe following packages have been upgraded to a later upstream version: mod_http2 (1.15.7). (BZ#1814236)\n\nSecurity Fix(es):\n\n* httpd: memory corruption on early pushes (CVE-2019-10081)\n\n* httpd: read-after-free in h2 connection shutdown (CVE-2019-10082)\n\n* httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097)\n\n* httpd: mod_rewrite configurations vulnerable to open redirect (CVE-2020-1927)\n\n* httpd: mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189)\n\n* httpd: mod_http2: read-after-free on a string compare (CVE-2019-0196)\n\n* httpd: mod_http2: possible crash on late upgrade (CVE-2019-0197)\n\n* httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092)\n\n* httpd: mod_rewrite potential open redirect (CVE-2019-10098)\n\n* httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:4751",
"url": "https://access.redhat.com/errata/RHSA-2020:4751"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/"
},
{
"category": "external",
"summary": "1209162",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1209162"
},
{
"category": "external",
"summary": "1668497",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668497"
},
{
"category": "external",
"summary": "1695030",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695030"
},
{
"category": "external",
"summary": "1695042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695042"
},
{
"category": "external",
"summary": "1743956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743956"
},
{
"category": "external",
"summary": "1743959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743959"
},
{
"category": "external",
"summary": "1743966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743966"
},
{
"category": "external",
"summary": "1743974",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743974"
},
{
"category": "external",
"summary": "1743996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743996"
},
{
"category": "external",
"summary": "1771847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1771847"
},
{
"category": "external",
"summary": "1814236",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1814236"
},
{
"category": "external",
"summary": "1820761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820761"
},
{
"category": "external",
"summary": "1820772",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820772"
},
{
"category": "external",
"summary": "1832844",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1832844"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4751.json"
}
],
"title": "Red Hat Security Advisory: httpd:2.4 security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-05T22:56:17+00:00",
"generator": {
"date": "2024-11-05T22:56:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2020:4751",
"initial_release_date": "2020-11-04T01:44:47+00:00",
"revision_history": [
{
"date": "2020-11-04T01:44:47+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-11-04T01:44:47+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T22:56:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd:2.4:8030020200818000036:30b713e6",
"product": {
"name": "httpd:2.4:8030020200818000036:30b713e6",
"product_id": "httpd:2.4:8030020200818000036:30b713e6",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/httpd@2.4:8030020200818000036:30b713e6"
}
}
},
{
"category": "product_version",
"name": "httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"product": {
"name": "httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"product_id": "httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-filesystem@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"product": {
"name": "httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"product_id": "httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-manual@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"product": {
"name": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"product_id": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=src"
}
}
},
{
"category": "product_version",
"name": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"product": {
"name": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"product_id": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_http2@1.15.7-2.module%2Bel8.3.0%2B7670%2B8bf57d29?arch=src"
}
}
},
{
"category": "product_version",
"name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"product": {
"name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"product_id": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_md@2.0.8-8.module%2Bel8.3.0%2B6814%2B67d1e611?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product": {
"name": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_id": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product": {
"name": "httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_id": "httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product": {
"name": "httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_id": "httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debugsource@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product": {
"name": "httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_id": "httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product": {
"name": "httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_id": "httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product": {
"name": "httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_id": "httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"product": {
"name": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"product_id": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_http2@1.15.7-2.module%2Bel8.3.0%2B7670%2B8bf57d29?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"product": {
"name": "mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"product_id": "mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_http2-debuginfo@1.15.7-2.module%2Bel8.3.0%2B7670%2B8bf57d29?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"product": {
"name": "mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"product_id": "mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_http2-debugsource@1.15.7-2.module%2Bel8.3.0%2B7670%2B8bf57d29?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product": {
"name": "mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_id": "mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product": {
"name": "mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_id": "mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"product": {
"name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"product_id": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_md@2.0.8-8.module%2Bel8.3.0%2B6814%2B67d1e611?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"product": {
"name": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"product_id": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_md-debuginfo@2.0.8-8.module%2Bel8.3.0%2B6814%2B67d1e611?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"product": {
"name": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"product_id": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_md-debugsource@2.0.8-8.module%2Bel8.3.0%2B6814%2B67d1e611?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product": {
"name": "mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_id": "mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product": {
"name": "mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_id": "mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product": {
"name": "mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_id": "mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product": {
"name": "mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_id": "mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product": {
"name": "mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_id": "mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product": {
"name": "mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_id": "mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product": {
"name": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_id": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product": {
"name": "httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_id": "httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product": {
"name": "httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_id": "httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debugsource@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product": {
"name": "httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_id": "httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product": {
"name": "httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_id": "httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product": {
"name": "httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_id": "httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"product": {
"name": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"product_id": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_http2@1.15.7-2.module%2Bel8.3.0%2B7670%2B8bf57d29?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"product": {
"name": "mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"product_id": "mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_http2-debuginfo@1.15.7-2.module%2Bel8.3.0%2B7670%2B8bf57d29?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"product": {
"name": "mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"product_id": "mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_http2-debugsource@1.15.7-2.module%2Bel8.3.0%2B7670%2B8bf57d29?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product": {
"name": "mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_id": "mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product": {
"name": "mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_id": "mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"product": {
"name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"product_id": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_md@2.0.8-8.module%2Bel8.3.0%2B6814%2B67d1e611?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"product": {
"name": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"product_id": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_md-debuginfo@2.0.8-8.module%2Bel8.3.0%2B6814%2B67d1e611?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"product": {
"name": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"product_id": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_md-debugsource@2.0.8-8.module%2Bel8.3.0%2B6814%2B67d1e611?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product": {
"name": "mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_id": "mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product": {
"name": "mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_id": "mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product": {
"name": "mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_id": "mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product": {
"name": "mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_id": "mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product": {
"name": "mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_id": "mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product": {
"name": "mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_id": "mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product": {
"name": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_id": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product": {
"name": "httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_id": "httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product": {
"name": "httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_id": "httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debugsource@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product": {
"name": "httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_id": "httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product": {
"name": "httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_id": "httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product": {
"name": "httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_id": "httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"product": {
"name": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"product_id": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_http2@1.15.7-2.module%2Bel8.3.0%2B7670%2B8bf57d29?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"product": {
"name": "mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"product_id": "mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_http2-debuginfo@1.15.7-2.module%2Bel8.3.0%2B7670%2B8bf57d29?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"product": {
"name": "mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"product_id": "mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_http2-debugsource@1.15.7-2.module%2Bel8.3.0%2B7670%2B8bf57d29?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product": {
"name": "mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_id": "mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product": {
"name": "mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_id": "mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"product": {
"name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"product_id": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_md@2.0.8-8.module%2Bel8.3.0%2B6814%2B67d1e611?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"product": {
"name": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"product_id": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_md-debuginfo@2.0.8-8.module%2Bel8.3.0%2B6814%2B67d1e611?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"product": {
"name": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"product_id": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_md-debugsource@2.0.8-8.module%2Bel8.3.0%2B6814%2B67d1e611?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product": {
"name": "mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_id": "mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product": {
"name": "mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_id": "mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product": {
"name": "mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_id": "mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product": {
"name": "mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_id": "mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product": {
"name": "mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_id": "mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product": {
"name": "mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_id": "mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product": {
"name": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_id": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product": {
"name": "httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_id": "httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product": {
"name": "httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_id": "httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debugsource@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product": {
"name": "httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_id": "httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product": {
"name": "httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_id": "httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product": {
"name": "httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_id": "httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"product": {
"name": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"product_id": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_http2@1.15.7-2.module%2Bel8.3.0%2B7670%2B8bf57d29?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"product": {
"name": "mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"product_id": "mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_http2-debuginfo@1.15.7-2.module%2Bel8.3.0%2B7670%2B8bf57d29?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"product": {
"name": "mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"product_id": "mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_http2-debugsource@1.15.7-2.module%2Bel8.3.0%2B7670%2B8bf57d29?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product": {
"name": "mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_id": "mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product": {
"name": "mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_id": "mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"product": {
"name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"product_id": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_md@2.0.8-8.module%2Bel8.3.0%2B6814%2B67d1e611?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"product": {
"name": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"product_id": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_md-debuginfo@2.0.8-8.module%2Bel8.3.0%2B6814%2B67d1e611?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"product": {
"name": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"product_id": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_md-debugsource@2.0.8-8.module%2Bel8.3.0%2B6814%2B67d1e611?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product": {
"name": "mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_id": "mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product": {
"name": "mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_id": "mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_proxy_html-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product": {
"name": "mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_id": "mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product": {
"name": "mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_id": "mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_session-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product": {
"name": "mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_id": "mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product": {
"name": "mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_id": "mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl-debuginfo@2.4.37-30.module%2Bel8.3.0%2B7001%2B0766b9e7?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
"product_reference": "httpd:2.4:8030020200818000036:30b713e6",
"relates_to_product_reference": "AppStream-8.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64"
},
"product_reference": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le"
},
"product_reference": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x"
},
"product_reference": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src"
},
"product_reference": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
},
"product_reference": "httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64"
},
"product_reference": "httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le"
},
"product_reference": "httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x"
},
"product_reference": "httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64"
},
"product_reference": "httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le"
},
"product_reference": "httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x"
},
"product_reference": "httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
},
"product_reference": "httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64"
},
"product_reference": "httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le"
},
"product_reference": "httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x"
},
"product_reference": "httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
},
"product_reference": "httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch"
},
"product_reference": "httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch"
},
"product_reference": "httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64"
},
"product_reference": "httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le"
},
"product_reference": "httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x"
},
"product_reference": "httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
},
"product_reference": "httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64"
},
"product_reference": "httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le"
},
"product_reference": "httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x"
},
"product_reference": "httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
},
"product_reference": "httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64"
},
"product_reference": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le"
},
"product_reference": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x"
},
"product_reference": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src"
},
"product_reference": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64"
},
"product_reference": "mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64"
},
"product_reference": "mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le"
},
"product_reference": "mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x"
},
"product_reference": "mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64"
},
"product_reference": "mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64"
},
"product_reference": "mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le"
},
"product_reference": "mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x"
},
"product_reference": "mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64"
},
"product_reference": "mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64"
},
"product_reference": "mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le"
},
"product_reference": "mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x"
},
"product_reference": "mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
},
"product_reference": "mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64"
},
"product_reference": "mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le"
},
"product_reference": "mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x"
},
"product_reference": "mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
},
"product_reference": "mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64"
},
"product_reference": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le"
},
"product_reference": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x"
},
"product_reference": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src"
},
"product_reference": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64"
},
"product_reference": "mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64"
},
"product_reference": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le"
},
"product_reference": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x"
},
"product_reference": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64"
},
"product_reference": "mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64"
},
"product_reference": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le"
},
"product_reference": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x"
},
"product_reference": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64"
},
"product_reference": "mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64"
},
"product_reference": "mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le"
},
"product_reference": "mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x"
},
"product_reference": "mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
},
"product_reference": "mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64"
},
"product_reference": "mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le"
},
"product_reference": "mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x"
},
"product_reference": "mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
},
"product_reference": "mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64"
},
"product_reference": "mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le"
},
"product_reference": "mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x"
},
"product_reference": "mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
},
"product_reference": "mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64"
},
"product_reference": "mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le"
},
"product_reference": "mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x"
},
"product_reference": "mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
},
"product_reference": "mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64"
},
"product_reference": "mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le"
},
"product_reference": "mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x"
},
"product_reference": "mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
},
"product_reference": "mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64"
},
"product_reference": "mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le"
},
"product_reference": "mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x"
},
"product_reference": "mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64 as a component of httpd:2.4:8030020200818000036:30b713e6 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
},
"product_reference": "mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-17189",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1668497"
}
],
"notes": [
{
"category": "description",
"text": "In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_http2: DoS via slow, unneeded request bodies",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-17189"
},
{
"category": "external",
"summary": "RHBZ#1668497",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668497"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-17189",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-17189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17189"
}
],
"release_date": "2019-01-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:44:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4751"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_http2: DoS via slow, unneeded request bodies"
},
{
"cve": "CVE-2019-0196",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2019-04-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1695030"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_http2: read-after-free on a string compare",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0196"
},
{
"category": "external",
"summary": "RHBZ#1695030",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695030"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0196",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0196"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0196",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0196"
},
{
"category": "external",
"summary": "http://www.apache.org/dist/httpd/CHANGES_2.4",
"url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:44:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4751"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_http2: read-after-free on a string compare"
},
{
"cve": "CVE-2019-0197",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2019-04-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1695042"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set \"H2Upgrade on\" are unaffected by this issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_http2: possible crash on late upgrade",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0197"
},
{
"category": "external",
"summary": "RHBZ#1695042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695042"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0197",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0197"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0197",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0197"
},
{
"category": "external",
"summary": "http://www.apache.org/dist/httpd/CHANGES_2.4",
"url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:44:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4751"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_http2: possible crash on late upgrade"
},
{
"cve": "CVE-2019-10081",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1743966"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache httpd, in mod_http2. Under certain circumstances, HTTP/2 early pushes could lead to memory corruption, causing a server to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: memory corruption on early pushes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10081"
},
{
"category": "external",
"summary": "RHBZ#1743966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743966"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10081",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10081"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10081",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10081"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-08-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:44:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4751"
},
{
"category": "workaround",
"details": "This flaw is only exploitable if Apache httpd is configured to respond to HTTP/2 requests, which is done by including \"h2\" or \"h2c\" in the \"Protocols\" list in a configuration file. The following command can be used to search for possible vulnerable configurations: \n\n grep -R \u0027^\\s*Protocols\\\u003e.*\\\u003ch2\\\u003e\u0027 /etc/httpd/\n\nSee https://httpd.apache.org/docs/2.4/mod/mod_http2.html",
"product_ids": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: memory corruption on early pushes"
},
{
"cve": "CVE-2019-10082",
"discovery_date": "2019-08-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1743974"
}
],
"notes": [
{
"category": "description",
"text": "A read-after-free vulnerability was discovered in Apache httpd, in mod_http2. A specially crafted http/2 client session could cause the server to read memory that was previously freed during connection shutdown, potentially leading to a crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: read-after-free in h2 connection shutdown",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10082"
},
{
"category": "external",
"summary": "RHBZ#1743974",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743974"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10082",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10082"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10082",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10082"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-08-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:44:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4751"
},
{
"category": "workaround",
"details": "This flaw is only exploitable if Apache httpd is configured to respond to HTTP/2 requests, which is done by including \"h2\" or \"h2c\" in the \"Protocols\" list in a configuration file. The following command can be used to search for possible vulnerable configurations: \n\n grep -R \u0027^\\s*Protocols\\\u003e.*\\\u003ch2\\\u003e\u0027 /etc/httpd/\n\nSee https://httpd.apache.org/docs/2.4/mod/mod_http2.html",
"product_ids": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: read-after-free in h2 connection shutdown"
},
{
"cve": "CVE-2019-10092",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-08-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1743956"
}
],
"notes": [
{
"category": "description",
"text": "A cross-site scripting vulnerability was found in Apache httpd, affecting the mod_proxy error page. Under certain circumstances, a crafted link could inject content into the HTML displayed in the error page, potentially leading to client-side exploitation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: limited cross-site scripting in mod_proxy error page",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10092"
},
{
"category": "external",
"summary": "RHBZ#1743956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743956"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10092",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10092"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10092",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10092"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-08-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:44:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4751"
},
{
"category": "workaround",
"details": "This flaw is only exploitable if Proxy* directives are used in Apache httpd configuration. The following command can be used to search for possible vulnerable configurations:\n\n grep -R \u0027^\\s*Proxy\u0027 /etc/httpd/\n\nSee https://httpd.apache.org/docs/2.4/mod/mod_proxy.html",
"product_ids": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: limited cross-site scripting in mod_proxy error page"
},
{
"cve": "CVE-2019-10097",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2019-08-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1743996"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in Apache httpd, in mod_remoteip. A trusted proxy using the \"PROXY\" protocol could send specially crafted headers that can cause httpd to experience a stack buffer overflow or NULL pointer dereference, leading to a crash or other potential consequences.\r\n\r\nThis issue could only be exploited by configured trusted intermediate proxy servers. HTTP clients such as browsers could not exploit the vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: null-pointer dereference in mod_remoteip",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10097"
},
{
"category": "external",
"summary": "RHBZ#1743996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743996"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10097",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10097"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10097",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10097"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-08-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:44:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4751"
},
{
"category": "workaround",
"details": "This flaw is only exploitable if RemoteIP* directives are used in Apache httpd configuration. The following command can be used to search for possible vulnerable configurations:\n\n grep -R \u0027^\\s*RemoteIP\u0027 /etc/httpd/\n\nSee https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html",
"product_ids": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: null-pointer dereference in mod_remoteip"
},
{
"cve": "CVE-2019-10098",
"discovery_date": "2019-08-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1743959"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in Apache httpd, in mod_rewrite. Certain self-referential mod_rewrite rules could be fooled by encoded newlines, causing them to redirect to an unexpected location. An attacker could abuse this flaw in a phishing attack or as part of a client-side attack on browsers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_rewrite potential open redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10098"
},
{
"category": "external",
"summary": "RHBZ#1743959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10098",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10098"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10098",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10098"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-08-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:44:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4751"
},
{
"category": "workaround",
"details": "This flaw requires the use of certain Rewrite configuration directives. The following command can be used to search for possible vulnerable configurations:\n\n grep -R \u0027^\\s*Rewrite\u0027 /etc/httpd/\n\nSee https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html",
"product_ids": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_rewrite potential open redirect"
},
{
"cve": "CVE-2020-1927",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2020-04-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1820761"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache HTTP Server (httpd) versions 2.4.0 to 2.4.41. Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirected instead to an unexpected URL within the request URL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_rewrite configurations vulnerable to open redirect",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue only affects httpd versions between 2.4.0 and 2.4.41. Therefore Red Hat Enterprise Linux 5 and 6 are not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1927"
},
{
"category": "external",
"summary": "RHBZ#1820761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820761"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1927",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1927"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1927",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1927"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2020-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:44:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4751"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_rewrite configurations vulnerable to open redirect"
},
{
"cve": "CVE-2020-1934",
"cwe": {
"id": "CWE-456",
"name": "Missing Initialization of a Variable"
},
"discovery_date": "2020-04-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1820772"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache\u0027s HTTP server (httpd) .The mod_proxy_ftp module may use uninitialized memory with proxying to a malicious FTP server. The highest threat from this vulnerability is to data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_proxy_ftp use of uninitialized value",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is caused by use of an uninitialized memory variable. Practically this has no impact, but in some corner cases it is possible that the contents of this variable could be read by a remote process, causing loss of confidentiality as a result of this. There is no evidence of code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1934"
},
{
"category": "external",
"summary": "RHBZ#1820772",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820772"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1934",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1934"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1934",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1934"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2020-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T01:44:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4751"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-debugsource-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-devel-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-filesystem-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-manual-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:httpd-tools-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debuginfo-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_http2-debugsource-0:1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ldap-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.src",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debuginfo-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_md-debugsource-1:2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_proxy_html-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_session-debuginfo-0:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.aarch64",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.ppc64le",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.s390x",
"AppStream-8.3.0.GA:httpd:2.4:8030020200818000036:30b713e6:mod_ssl-debuginfo-1:2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_proxy_ftp use of uninitialized value"
}
]
}
rhsa-2020_1337
Vulnerability from csaf_redhat
Published
2020-04-06 19:28
Modified
2024-11-05 22:02
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP2 security update
Notes
Topic
Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release adds the new Apache HTTP Server 2.4.37 Service Pack 2 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 1 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* openssl: side-channel weak encryption vulnerability (CVE-2019-1547)
* httpd: memory corruption on early pushes (CVE-2019-10081)
* httpd: read-after-free in h2 connection shutdown (CVE-2019-10082)
* httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097)
* openssl: information disclosure in fork() (CVE-2019-1549)
* openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563)
* httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092)
* httpd: mod_rewrite potential open redirect (CVE-2019-10098)
* httpd: mod_rewrite configurations vulnerable to open redirect(CVE-2020-1927)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release adds the new Apache HTTP Server 2.4.37 Service Pack 2 packages that are part of the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 1 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* openssl: side-channel weak encryption vulnerability (CVE-2019-1547)\n\n* httpd: memory corruption on early pushes (CVE-2019-10081)\n\n* httpd: read-after-free in h2 connection shutdown (CVE-2019-10082)\n\n* httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097)\n\n* openssl: information disclosure in fork() (CVE-2019-1549)\n\n* openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563)\n\n* httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092)\n\n* httpd: mod_rewrite potential open redirect (CVE-2019-10098)\n\n* httpd: mod_rewrite configurations vulnerable to open redirect(CVE-2020-1927)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:1337",
"url": "https://access.redhat.com/errata/RHSA-2020:1337"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.37/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.37/"
},
{
"category": "external",
"summary": "1743956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743956"
},
{
"category": "external",
"summary": "1743959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743959"
},
{
"category": "external",
"summary": "1743966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743966"
},
{
"category": "external",
"summary": "1743974",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743974"
},
{
"category": "external",
"summary": "1743996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743996"
},
{
"category": "external",
"summary": "1752090",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752090"
},
{
"category": "external",
"summary": "1752095",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752095"
},
{
"category": "external",
"summary": "1752100",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752100"
},
{
"category": "external",
"summary": "1820761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820761"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_1337.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP2 security update",
"tracking": {
"current_release_date": "2024-11-05T22:02:12+00:00",
"generator": {
"date": "2024-11-05T22:02:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2020:1337",
"initial_release_date": "2020-04-06T19:28:23+00:00",
"revision_history": [
{
"date": "2020-04-06T19:28:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-04-22T14:10:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T22:02:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Core Services on RHEL 6 Server",
"product": {
"name": "Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:1::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Core Services on RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:1::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Core Services"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1c-16.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.1.1c-16.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.1.1c-16.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.1.1c-16.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.1.1c-16.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.1.1c-16.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.37-52.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.37-52.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.37-52.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.37-52.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.37-52.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.37-52.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.37-52.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.37-52.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.37-52.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.12-41.Final_redhat_2.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.12-41.Final_redhat_2.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.11.3-22.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2-debuginfo@1.11.3-22.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-86.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.6.3-86.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.6.3-86.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.i686",
"product_id": "jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-brotli@1.0.6-21.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.i686",
"product_id": "jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-brotli-devel@1.0.6-21.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.i686",
"product_id": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-brotli-debuginfo@1.0.6-21.jbcs.el6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1c-16.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.1.1c-16.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.1.1c-16.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.1.1c-16.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.1.1c-16.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.1.1c-16.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.37-52.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.37-52.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.37-52.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.37-52.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.37-52.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.37-52.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.37-52.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.37-52.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.37-52.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.12-41.Final_redhat_2.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.12-41.Final_redhat_2.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.11.3-22.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2-debuginfo@1.11.3-22.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-86.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.6.3-86.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.6.3-86.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-brotli@1.0.6-21.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-brotli-devel@1.0.6-21.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-brotli-debuginfo@1.0.6-21.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1c-16.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.1.1c-16.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.1.1c-16.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.1.1c-16.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.1.1c-16.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.1.1c-16.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.37-52.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.37-52.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.37-52.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.37-52.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.37-52.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.37-52.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.37-52.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.37-52.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.37-52.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.12-41.Final_redhat_2.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.12-41.Final_redhat_2.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.11.3-22.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2-debuginfo@1.11.3-22.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-86.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.6.3-86.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.6.3-86.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-brotli@1.0.6-21.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-brotli-devel@1.0.6-21.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-brotli-debuginfo@1.0.6-21.jbcs.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.src",
"product_id": "jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1c-16.jbcs.el6?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.src",
"product_id": "jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.37-52.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.src",
"product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.12-41.Final_redhat_2.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.src",
"product_id": "jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.11.3-22.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.src",
"product_id": "jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-86.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.src",
"product_id": "jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-brotli@1.0.6-21.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.src",
"product_id": "jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1c-16.jbcs.el7?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.src",
"product_id": "jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.37-52.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.src",
"product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.12-41.Final_redhat_2.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.src",
"product_id": "jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.11.3-22.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.src",
"product_id": "jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-86.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.src",
"product_id": "jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-brotli@1.0.6-21.jbcs.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6.noarch",
"product": {
"name": "jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6.noarch",
"product_id": "jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.37-52.jbcs.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7.noarch",
"product": {
"name": "jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7.noarch",
"product_id": "jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.37-52.jbcs.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6.noarch as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6.noarch"
},
"product_reference": "jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6.noarch",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7.noarch as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7.noarch"
},
"product_reference": "jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7.noarch",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-1547",
"cwe": {
"id": "CWE-602",
"name": "Client-Side Enforcement of Server-Side Security"
},
"discovery_date": "2019-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1752090"
}
],
"notes": [
{
"category": "description",
"text": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: side-channel weak encryption vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "As per upstream: In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. Also libssl is not vulnerable because explicit parameters are never used.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-1547"
},
{
"category": "external",
"summary": "RHBZ#1752090",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752090"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-1547",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1547"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-1547",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1547"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-06T19:28:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1337"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: side-channel weak encryption vulnerability"
},
{
"cve": "CVE-2019-1549",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2019-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1752095"
}
],
"notes": [
{
"category": "description",
"text": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: information disclosure in fork()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-1549"
},
{
"category": "external",
"summary": "RHBZ#1752095",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752095"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-1549",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1549"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-1549",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1549"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-06T19:28:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1337"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: information disclosure in fork()"
},
{
"cve": "CVE-2019-1563",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2019-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1752100"
}
],
"notes": [
{
"category": "description",
"text": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-1563"
},
{
"category": "external",
"summary": "RHBZ#1752100",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752100"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-1563",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1563"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-1563",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1563"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-06T19:28:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1337"
},
{
"category": "workaround",
"details": "This attack is carried out by sending a large number of messages to be decrypted by the victim. The attacker needs to receive a response from the victim if the decryption was successful or not. Therefore only if the user application compiled with openssl is designed above way, the attack will be viable.\nOnly CMS_decrypt and PKCS7_decrypt functions are affected. Applications compiled with openssl are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey"
},
{
"cve": "CVE-2019-10081",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-08-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1743966"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache httpd, in mod_http2. Under certain circumstances, HTTP/2 early pushes could lead to memory corruption, causing a server to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: memory corruption on early pushes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10081"
},
{
"category": "external",
"summary": "RHBZ#1743966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743966"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10081",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10081"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10081",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10081"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-08-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-06T19:28:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1337"
},
{
"category": "workaround",
"details": "This flaw is only exploitable if Apache httpd is configured to respond to HTTP/2 requests, which is done by including \"h2\" or \"h2c\" in the \"Protocols\" list in a configuration file. The following command can be used to search for possible vulnerable configurations: \n\n grep -R \u0027^\\s*Protocols\\\u003e.*\\\u003ch2\\\u003e\u0027 /etc/httpd/\n\nSee https://httpd.apache.org/docs/2.4/mod/mod_http2.html",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: memory corruption on early pushes"
},
{
"cve": "CVE-2019-10082",
"discovery_date": "2019-08-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1743974"
}
],
"notes": [
{
"category": "description",
"text": "A read-after-free vulnerability was discovered in Apache httpd, in mod_http2. A specially crafted http/2 client session could cause the server to read memory that was previously freed during connection shutdown, potentially leading to a crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: read-after-free in h2 connection shutdown",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10082"
},
{
"category": "external",
"summary": "RHBZ#1743974",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743974"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10082",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10082"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10082",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10082"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-08-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-06T19:28:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1337"
},
{
"category": "workaround",
"details": "This flaw is only exploitable if Apache httpd is configured to respond to HTTP/2 requests, which is done by including \"h2\" or \"h2c\" in the \"Protocols\" list in a configuration file. The following command can be used to search for possible vulnerable configurations: \n\n grep -R \u0027^\\s*Protocols\\\u003e.*\\\u003ch2\\\u003e\u0027 /etc/httpd/\n\nSee https://httpd.apache.org/docs/2.4/mod/mod_http2.html",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: read-after-free in h2 connection shutdown"
},
{
"cve": "CVE-2019-10092",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-08-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1743956"
}
],
"notes": [
{
"category": "description",
"text": "A cross-site scripting vulnerability was found in Apache httpd, affecting the mod_proxy error page. Under certain circumstances, a crafted link could inject content into the HTML displayed in the error page, potentially leading to client-side exploitation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: limited cross-site scripting in mod_proxy error page",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10092"
},
{
"category": "external",
"summary": "RHBZ#1743956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743956"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10092",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10092"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10092",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10092"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-08-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-06T19:28:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1337"
},
{
"category": "workaround",
"details": "This flaw is only exploitable if Proxy* directives are used in Apache httpd configuration. The following command can be used to search for possible vulnerable configurations:\n\n grep -R \u0027^\\s*Proxy\u0027 /etc/httpd/\n\nSee https://httpd.apache.org/docs/2.4/mod/mod_proxy.html",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: limited cross-site scripting in mod_proxy error page"
},
{
"cve": "CVE-2019-10097",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2019-08-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1743996"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in Apache httpd, in mod_remoteip. A trusted proxy using the \"PROXY\" protocol could send specially crafted headers that can cause httpd to experience a stack buffer overflow or NULL pointer dereference, leading to a crash or other potential consequences.\r\n\r\nThis issue could only be exploited by configured trusted intermediate proxy servers. HTTP clients such as browsers could not exploit the vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: null-pointer dereference in mod_remoteip",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10097"
},
{
"category": "external",
"summary": "RHBZ#1743996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743996"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10097",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10097"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10097",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10097"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-08-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-06T19:28:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1337"
},
{
"category": "workaround",
"details": "This flaw is only exploitable if RemoteIP* directives are used in Apache httpd configuration. The following command can be used to search for possible vulnerable configurations:\n\n grep -R \u0027^\\s*RemoteIP\u0027 /etc/httpd/\n\nSee https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: null-pointer dereference in mod_remoteip"
},
{
"cve": "CVE-2019-10098",
"discovery_date": "2019-08-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1743959"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in Apache httpd, in mod_rewrite. Certain self-referential mod_rewrite rules could be fooled by encoded newlines, causing them to redirect to an unexpected location. An attacker could abuse this flaw in a phishing attack or as part of a client-side attack on browsers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_rewrite potential open redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10098"
},
{
"category": "external",
"summary": "RHBZ#1743959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10098",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10098"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10098",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10098"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2019-08-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-06T19:28:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1337"
},
{
"category": "workaround",
"details": "This flaw requires the use of certain Rewrite configuration directives. The following command can be used to search for possible vulnerable configurations:\n\n grep -R \u0027^\\s*Rewrite\u0027 /etc/httpd/\n\nSee https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_rewrite potential open redirect"
},
{
"cve": "CVE-2020-1927",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2020-04-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1820761"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache HTTP Server (httpd) versions 2.4.0 to 2.4.41. Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirected instead to an unexpected URL within the request URL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_rewrite configurations vulnerable to open redirect",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue only affects httpd versions between 2.4.0 and 2.4.41. Therefore Red Hat Enterprise Linux 5 and 6 are not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1927"
},
{
"category": "external",
"summary": "RHBZ#1820761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820761"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1927",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1927"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1927",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1927"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2020-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-06T19:28:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1337"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_rewrite configurations vulnerable to open redirect"
}
]
}
ghsa-28c2-r3qq-82vj
Vulnerability from github
Published
2022-05-24 16:56
Modified
2022-05-24 16:56
Severity ?
Details
In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.
{
"affected": [],
"aliases": [
"CVE-2019-10082"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-26T16:15:00Z",
"severity": "MODERATE"
},
"details": "In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.",
"id": "GHSA-28c2-r3qq-82vj",
"modified": "2022-05-24T16:56:54Z",
"published": "2022-05-24T16:56:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10082"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.