Action not permitted
Modal body text goes here.
cve-2020-11985
Vulnerability from cvelistv5
Published
2020-08-07 15:36
Modified
2024-08-04 11:48
Severity ?
EPSS score ?
Summary
IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
n/a | Apache HTTP Server |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T11:48:58.232Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "name": "GLSA-202008-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202008-04" }, { "name": "FEDORA-2020-189a1e6c3e", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/" }, { "name": "FEDORA-2020-0d3d3f5072", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20200827-0002/" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [13/13] - /httpd/site/trunk/content/security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [13/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache HTTP Server", "vendor": "n/a", "versions": [ { "status": "affected", "version": "2.4.1 to 2.4.23" } ] } ], "descriptions": [ { "lang": "en", "value": "IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-345", "description": "CWE-345: Insufficient verification of data authenticity", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-06T10:11:46", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "name": "GLSA-202008-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202008-04" }, { "name": "FEDORA-2020-189a1e6c3e", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/" }, { "name": "FEDORA-2020-0d3d3f5072", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20200827-0002/" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [13/13] - /httpd/site/trunk/content/security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [13/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2020-11985", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache HTTP Server", "version": { "version_data": [ { "version_value": "2.4.1 to 2.4.23" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-345: Insufficient verification of data authenticity" } ] } ] }, "references": { "reference_data": [ { "name": "https://httpd.apache.org/security/vulnerabilities_24.html", "refsource": "MISC", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "name": "GLSA-202008-04", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202008-04" }, { "name": "FEDORA-2020-189a1e6c3e", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/" }, { "name": "FEDORA-2020-0d3d3f5072", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/" }, { "name": "https://www.oracle.com/security-alerts/cpujan2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "name": "https://security.netapp.com/advisory/ntap-20200827-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200827-0002/" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [13/13] - /httpd/site/trunk/content/security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [13/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2020-11985", "datePublished": "2020-08-07T15:36:31", "dateReserved": "2020-04-21T00:00:00", "dateUpdated": "2024-08-04T11:48:58.232Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2020-11985\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2020-08-07T16:15:11.810\",\"lastModified\":\"2023-11-07T03:15:17.380\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020.\"},{\"lang\":\"es\",\"value\":\"Una falsificaci\u00f3n de direcciones IP cuando se est\u00e1 usando un proxy por medio de mod_remoteip y mod_rewrite para las configuraciones que usan el proxy con mod_remoteip y determinadas reglas de mod_rewrite, un atacante podr\u00eda falsificar su direcci\u00f3n IP para el registro y los scripts PHP. Note que este problema se corrigi\u00f3 en Apache HTTP Server versi\u00f3n 2.4.24, pero se le asign\u00f3 retrospectivamente un CVE de poca gravedad en 2020\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-345\"}]},{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-345\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.4.1\",\"versionEndIncluding\":\"2.4.23\",\"matchCriteriaId\":\"8805C987-A5BB-403B-BB9F-B745A2AE7865\"}]}]}],\"references\":[{\"url\":\"https://httpd.apache.org/security/vulnerabilities_24.html\",\"source\":\"security@apache.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/\",\"source\":\"security@apache.org\"},{\"url\":\"https://security.gentoo.org/glsa/202008-04\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20200827-0002/\",\"source\":\"security@apache.org\"},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2021.html\",\"source\":\"security@apache.org\"}]}}" } }
rhsa-2017_1161
Vulnerability from csaf_redhat
Published
2017-04-26 10:19
Modified
2024-11-05 20:00
Summary
Red Hat Security Advisory: httpd24-httpd security, bug fix, and enhancement update
Notes
Topic
Updated httpd24 packages are now available as a part of Red Hat Software Collections 2.4 for Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module.
The httpd24 Software Collection has been upgraded to version 2.4.25, which provides a number of bug fixes and enhancements over the previous version. For detailed changes, see the Red Hat Software Collections 2.4 Release Notes linked from the References section. (BZ#1404778)
Security Fix(es):
* It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack. (CVE-2016-0736)
* A denial of service flaw was found in httpd's mod_http2 module. A remote attacker could use this flaw to block server threads for long times, causing starvation of worker threads, by manipulating the flow control windows on streams. (CVE-2016-1546)
* It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication. (CVE-2016-2161)
* It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)
Note: The fix for the CVE-2016-8743 issue causes httpd to return "400 Bad Request" error to HTTP clients which do not strictly follow HTTP protocol specification. A newly introduced configuration directive "HttpProtocolOptions Unsafe" can be used to re-enable the old less strict parsing. However, such setting also re-introduces the CVE-2016-8743 issue.
* A vulnerability was found in httpd's handling of the LimitRequestFields directive in mod_http2, affecting servers with HTTP/2 enabled. An attacker could send crafted requests with headers larger than the server's available memory, causing httpd to crash. (CVE-2016-8740)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated httpd24 packages are now available as a part of Red Hat Software Collections 2.4 for Red Hat Enterprise Linux.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module.\n\nThe httpd24 Software Collection has been upgraded to version 2.4.25, which provides a number of bug fixes and enhancements over the previous version. For detailed changes, see the Red Hat Software Collections 2.4 Release Notes linked from the References section. (BZ#1404778)\n\nSecurity Fix(es):\n\n* It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user\u0027s browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack. (CVE-2016-0736)\n\n* A denial of service flaw was found in httpd\u0027s mod_http2 module. A remote attacker could use this flaw to block server threads for long times, causing starvation of worker threads, by manipulating the flow control windows on streams. (CVE-2016-1546)\n\n* It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication. (CVE-2016-2161)\n\n* It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)\n\nNote: The fix for the CVE-2016-8743 issue causes httpd to return \"400 Bad Request\" error to HTTP clients which do not strictly follow HTTP protocol specification. A newly introduced configuration directive \"HttpProtocolOptions Unsafe\" can be used to re-enable the old less strict parsing. However, such setting also re-introduces the CVE-2016-8743 issue.\n\n* A vulnerability was found in httpd\u0027s handling of the LimitRequestFields directive in mod_http2, affecting servers with HTTP/2 enabled. An attacker could send crafted requests with headers larger than the server\u0027s available memory, causing httpd to crash. (CVE-2016-8740)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2017:1161", "url": "https://access.redhat.com/errata/RHSA-2017:1161" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-US/Red_Hat_Software_Collections/2/html/2.4_Release_Notes/chap-RHSCL.html#sect-RHSCL-Changes-httpd", "url": "https://access.redhat.com/documentation/en-US/Red_Hat_Software_Collections/2/html/2.4_Release_Notes/chap-RHSCL.html#sect-RHSCL-Changes-httpd" }, { "category": "external", "summary": "1329639", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329639" }, { "category": "external", "summary": "1335616", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335616" }, { "category": "external", "summary": "1336350", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1336350" }, { "category": "external", "summary": "1401528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1401528" }, { "category": "external", "summary": "1406744", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406744" }, { "category": "external", "summary": "1406753", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406753" }, { "category": "external", "summary": "1406822", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406822" }, { "category": "external", "summary": "1414037", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414037" }, { "category": "external", "summary": "1432249", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432249" }, { "category": "external", "summary": "1433474", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1433474" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_1161.json" } ], "title": "Red Hat Security Advisory: httpd24-httpd security, bug fix, and enhancement update", "tracking": { "current_release_date": "2024-11-05T20:00:01+00:00", "generator": { "date": "2024-11-05T20:00:01+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2017:1161", "initial_release_date": "2017-04-26T10:19:21+00:00", "revision_history": [ { "date": "2017-04-26T10:19:21+00:00", "number": "1", "summary": "Initial version" }, { "date": "2017-04-26T10:19:21+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T20:00:01+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-RHSCL-2.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-RHSCL-2.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-RHSCL-2.4-6.7.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-2.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-2.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-2.4-7.3.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7" } } } ], "category": "product_family", "name": "Red Hat Software Collections" }, { "branches": [ { "category": "product_version", "name": "httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "product": { "name": "httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "product_id": "httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-httpd-manual@2.4.25-9.el6?arch=noarch" } } }, { "category": "product_version", "name": "httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "product": { "name": "httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "product_id": "httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-httpd-manual@2.4.25-9.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "product": { "name": "httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "product_id": "httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-mod_ssl@2.4.25-9.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "product": { "name": "httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "product_id": "httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-httpd-debuginfo@2.4.25-9.el6?arch=x86_64" } } }, { "category": "product_version", "name": "httpd24-mod_session-0:2.4.25-9.el6.x86_64", "product": { "name": "httpd24-mod_session-0:2.4.25-9.el6.x86_64", "product_id": "httpd24-mod_session-0:2.4.25-9.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-mod_session@2.4.25-9.el6?arch=x86_64" } } }, { "category": "product_version", "name": "httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "product": { "name": "httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "product_id": "httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-mod_proxy_html@2.4.25-9.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "product": { "name": "httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "product_id": "httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-mod_ldap@2.4.25-9.el6?arch=x86_64" } } }, { "category": "product_version", "name": "httpd24-httpd-0:2.4.25-9.el6.x86_64", "product": { "name": "httpd24-httpd-0:2.4.25-9.el6.x86_64", "product_id": "httpd24-httpd-0:2.4.25-9.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-httpd@2.4.25-9.el6?arch=x86_64" } } }, { "category": "product_version", "name": "httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "product": { "name": "httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "product_id": "httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-httpd-devel@2.4.25-9.el6?arch=x86_64" } } }, { "category": "product_version", "name": "httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "product": { "name": "httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "product_id": "httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-httpd-tools@2.4.25-9.el6?arch=x86_64" } } }, { "category": "product_version", "name": "httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "product": { "name": "httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "product_id": "httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-mod_ssl@2.4.25-9.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd24-mod_session-0:2.4.25-9.el7.x86_64", "product": { "name": "httpd24-mod_session-0:2.4.25-9.el7.x86_64", "product_id": "httpd24-mod_session-0:2.4.25-9.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-mod_session@2.4.25-9.el7?arch=x86_64" } } }, { "category": "product_version", "name": "httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "product": { "name": "httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "product_id": "httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-httpd-debuginfo@2.4.25-9.el7?arch=x86_64" } } }, { "category": "product_version", "name": "httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "product": { "name": "httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "product_id": "httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-mod_proxy_html@2.4.25-9.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "product": { "name": "httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "product_id": "httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-mod_ldap@2.4.25-9.el7?arch=x86_64" } } }, { "category": "product_version", "name": "httpd24-httpd-0:2.4.25-9.el7.x86_64", "product": { "name": "httpd24-httpd-0:2.4.25-9.el7.x86_64", "product_id": "httpd24-httpd-0:2.4.25-9.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-httpd@2.4.25-9.el7?arch=x86_64" } } }, { "category": "product_version", "name": "httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "product": { "name": "httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "product_id": "httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-httpd-devel@2.4.25-9.el7?arch=x86_64" } } }, { "category": "product_version", "name": "httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "product": { "name": "httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "product_id": "httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-httpd-tools@2.4.25-9.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "httpd24-httpd-0:2.4.25-9.el6.src", "product": { "name": "httpd24-httpd-0:2.4.25-9.el6.src", "product_id": "httpd24-httpd-0:2.4.25-9.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-httpd@2.4.25-9.el6?arch=src" } } }, { "category": "product_version", "name": "httpd24-httpd-0:2.4.25-9.el7.src", "product": { "name": "httpd24-httpd-0:2.4.25-9.el7.src", "product_id": "httpd24-httpd-0:2.4.25-9.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-httpd@2.4.25-9.el7?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-0:2.4.25-9.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.src" }, "product_reference": "httpd24-httpd-0:2.4.25-9.el6.src", "relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-0:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.x86_64" }, "product_reference": "httpd24-httpd-0:2.4.25-9.el6.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64" }, "product_reference": "httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-devel-0:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64" }, "product_reference": "httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-manual-0:2.4.25-9.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.noarch" }, "product_reference": "httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-tools-0:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64" }, "product_reference": "httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_ldap-0:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64" }, "product_reference": "httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64" }, "product_reference": "httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_session-0:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.x86_64" }, "product_reference": "httpd24-mod_session-0:2.4.25-9.el6.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_ssl-1:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64" }, "product_reference": "httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-0:2.4.25-9.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src" }, "product_reference": "httpd24-httpd-0:2.4.25-9.el6.src", "relates_to_product_reference": "6Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-0:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64" }, "product_reference": "httpd24-httpd-0:2.4.25-9.el6.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64" }, "product_reference": "httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-devel-0:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64" }, "product_reference": "httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-manual-0:2.4.25-9.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch" }, "product_reference": "httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "relates_to_product_reference": "6Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-tools-0:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64" }, "product_reference": "httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_ldap-0:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64" }, "product_reference": "httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64" }, "product_reference": "httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_session-0:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64" }, "product_reference": "httpd24-mod_session-0:2.4.25-9.el6.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_ssl-1:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64" }, "product_reference": "httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-0:2.4.25-9.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src" }, "product_reference": "httpd24-httpd-0:2.4.25-9.el6.src", "relates_to_product_reference": "6Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-0:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64" }, "product_reference": "httpd24-httpd-0:2.4.25-9.el6.x86_64", "relates_to_product_reference": "6Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64" }, "product_reference": "httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "relates_to_product_reference": "6Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-devel-0:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64" }, "product_reference": "httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "relates_to_product_reference": "6Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-manual-0:2.4.25-9.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch" }, "product_reference": "httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "relates_to_product_reference": "6Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-tools-0:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64" }, "product_reference": "httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "relates_to_product_reference": "6Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_ldap-0:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64" }, "product_reference": "httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "relates_to_product_reference": "6Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64" }, "product_reference": "httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "relates_to_product_reference": "6Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_session-0:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64" }, "product_reference": "httpd24-mod_session-0:2.4.25-9.el6.x86_64", "relates_to_product_reference": "6Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_ssl-1:2.4.25-9.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64" }, "product_reference": "httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "relates_to_product_reference": "6Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-0:2.4.25-9.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.src" }, "product_reference": "httpd24-httpd-0:2.4.25-9.el7.src", "relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-0:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.x86_64" }, "product_reference": "httpd24-httpd-0:2.4.25-9.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64" }, "product_reference": "httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-devel-0:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64" }, "product_reference": "httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-manual-0:2.4.25-9.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.noarch" }, "product_reference": "httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-tools-0:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64" }, "product_reference": "httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_ldap-0:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64" }, "product_reference": "httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64" }, "product_reference": "httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_session-0:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.x86_64" }, "product_reference": "httpd24-mod_session-0:2.4.25-9.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_ssl-1:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64" }, "product_reference": "httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-0:2.4.25-9.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src" }, "product_reference": "httpd24-httpd-0:2.4.25-9.el7.src", "relates_to_product_reference": "7Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-0:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64" }, "product_reference": "httpd24-httpd-0:2.4.25-9.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64" }, "product_reference": "httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-devel-0:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64" }, "product_reference": "httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-manual-0:2.4.25-9.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch" }, "product_reference": "httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-tools-0:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64" }, "product_reference": "httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_ldap-0:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64" }, "product_reference": "httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64" }, "product_reference": "httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_session-0:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64" }, "product_reference": "httpd24-mod_session-0:2.4.25-9.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_ssl-1:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64" }, "product_reference": "httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-0:2.4.25-9.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src" }, "product_reference": "httpd24-httpd-0:2.4.25-9.el7.src", "relates_to_product_reference": "7Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-0:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64" }, "product_reference": "httpd24-httpd-0:2.4.25-9.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64" }, "product_reference": "httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-devel-0:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64" }, "product_reference": "httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-manual-0:2.4.25-9.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch" }, "product_reference": "httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "relates_to_product_reference": "7Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-tools-0:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64" }, "product_reference": "httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_ldap-0:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64" }, "product_reference": "httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64" }, "product_reference": "httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_session-0:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64" }, "product_reference": "httpd24-mod_session-0:2.4.25-9.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_ssl-1:2.4.25-9.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64" }, "product_reference": "httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-2.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2016-0736", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2016-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1406744" } ], "notes": [ { "category": "description", "text": "It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user\u0027s browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Padding Oracle in Apache mod_session_crypto", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.src", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.src", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-0736" }, { "category": "external", "summary": "RHBZ#1406744", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406744" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-0736", "url": "https://www.cve.org/CVERecord?id=CVE-2016-0736" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0736", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0736" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25" }, { "category": "external", "summary": "https://www.redteam-pentesting.de/advisories/rt-sa-2016-001.txt", "url": "https://www.redteam-pentesting.de/advisories/rt-sa-2016-001.txt" } ], "release_date": "2016-12-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-04-26T10:19:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.src", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.src", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:1161" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.src", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.src", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: Padding Oracle in Apache mod_session_crypto" }, { "cve": "CVE-2016-1546", "discovery_date": "2016-05-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1336350" } ], "notes": [ { "category": "description", "text": "A denial of service flaw was found in httpd\u0027s mod_http2 module. A remote attacker could use this flaw to block server threads for long times, causing starvation of worker threads, by manipulating the flow control windows on streams.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_http2 denial-of-service by thread starvation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.src", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.src", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-1546" }, { "category": "external", "summary": "RHBZ#1336350", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1336350" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-1546", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1546" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1546", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1546" }, { "category": "external", "summary": "http://httpd.apache.org/security/vulnerabilities_24.html", "url": "http://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2016-04-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-04-26T10:19:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.src", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.src", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:1161" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.src", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.src", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_http2 denial-of-service by thread starvation" }, { "cve": "CVE-2016-2161", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2016-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1406753" } ], "notes": [ { "category": "description", "text": "It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: DoS vulnerability in mod_auth_digest", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.src", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.src", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-2161" }, { "category": "external", "summary": "RHBZ#1406753", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406753" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-2161", "url": "https://www.cve.org/CVERecord?id=CVE-2016-2161" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2161", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2161" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25" } ], "release_date": "2016-12-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-04-26T10:19:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.src", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.src", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:1161" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.src", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.src", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: DoS vulnerability in mod_auth_digest" }, { "cve": "CVE-2016-8740", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2016-12-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1401528" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in httpd\u0027s handling of the LimitRequestFields directive in mod_http2, affecting servers with HTTP/2 enabled. An attacker could send crafted requests with headers larger than the server\u0027s available memory, causing httpd to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Incomplete handling of LimitRequestFields directive in mod_http2", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Product Security has rated this issue as having Low security\nimpact. This issue is not currently planned to be addressed in future\nupdates. For additional information, refer to the Issue Severity\nClassification: https://access.redhat.com/security/updates/classification/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.src", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.src", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-8740" }, { "category": "external", "summary": "RHBZ#1401528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1401528" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-8740", "url": "https://www.cve.org/CVERecord?id=CVE-2016-8740" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8740", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8740" }, { "category": "external", "summary": "http://seclists.org/bugtraq/2016/Dec/3", "url": "http://seclists.org/bugtraq/2016/Dec/3" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2016-12-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-04-26T10:19:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.src", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.src", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:1161" }, { "category": "workaround", "details": "As a temporary workaround - HTTP/2 can be disabled by changing\nthe configuration by removing h2 and h2c from the Protocols\nline(s) in the configuration file. \n\nThe resulting line should read:\n\n\t\tProtocols http/1.1", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.src", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.src", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.src", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.src", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: Incomplete handling of LimitRequestFields directive in mod_http2" }, { "cve": "CVE-2016-8743", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2016-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1406822" } ], "notes": [ { "category": "description", "text": "It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Apache HTTP Request Parsing Whitespace Defects", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.src", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.src", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-8743" }, { "category": "external", "summary": "RHBZ#1406822", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406822" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-8743", "url": "https://www.cve.org/CVERecord?id=CVE-2016-8743" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8743", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8743" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25" } ], "release_date": "2016-12-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-04-26T10:19:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.src", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.src", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:1161" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.src", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.src", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: Apache HTTP Request Parsing Whitespace Defects" }, { "acknowledgments": [ { "names": [ "the Apache project" ] } ], "cve": "CVE-2020-11985", "cwe": { "id": "CWE-345", "name": "Insufficient Verification of Data Authenticity" }, "discovery_date": "2020-08-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1866559" } ], "notes": [ { "category": "description", "text": "A flaw was found in the mod_remoteip module shipped with the httpd package. This flaw allows an attacker to spoof the IP address, resulting in the bypass of a mod_rewrite rule. The highest threat from this vulnerability is to integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: IP address spoofing when proxying using mod_remoteip and mod_rewrite", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue only affects httpd-2.4.x, therefore, httpd packages shipped with Red Hat Enterprise Linux 6 are not affected by this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.src", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.src", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11985" }, { "category": "external", "summary": "RHBZ#1866559", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866559" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11985", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11985" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11985", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11985" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11985", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11985" } ], "release_date": "2020-08-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-04-26T10:19:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.src", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.src", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:1161" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.src", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.src", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.noarch", "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.src", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.src", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.noarch", "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: IP address spoofing when proxying using mod_remoteip and mod_rewrite" } ] }
rhba-2015_2194
Vulnerability from csaf_redhat
Published
2015-11-19 03:05
Modified
2024-11-05 15:50
Summary
Red Hat Bug Fix Advisory: httpd bug fix and enhancement update
Notes
Topic
Updated httpd packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 7.
Details
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
This update fixes the following bugs:
* The httpd daemon did not reset an internal array for storing variables defined using the "Define" directive. Consequently, variables could be undefined after a graceful restart. httpd has been fixed to reset this internal array during a graceful restart, and variables are now correctly defined in this scenario. (BZ#1227219)
* The SSL_CLIENT_VERIFY environment variable was incorrectly handled when the "SSLVerifyClient optional_no_ca" and "SSLSessionCache" options were used. Consequently, when an SSL session was resumed, the SSL_CLIENT_VERIFY value was set to "SUCCESS" instead of the previously set "GENEROUS". SSL_CLIENT_VERIFY is now correctly set to GENEROUS in this scenario. (BZ#1170206)
* The mod_ssl module did not call the ERR_free_strings method during its cleanup. Consequently, during the httpd daemon's reload, mod_ssl leaked memory. Now, ERR_free_strings is called by mod_ssl during the httpd reload, and mod_ssl no longer leaks memory. (BZ#1181690)
* The status line of an HTTP response message from a server did not include the HTTP Reason-Phrase if the original response from the mod_proxy back-end server contained only a Status Code. Consequently, the server displayed only the Status Code to an HTTP client. HTTP clients now receive both the Status Code and Reason-Phrase. (BZ#1162159)
* The mod_authz_dbm module requires the mod_authz_owner module but this dependency was not reflected in the mod_authz_dbm code. Consequently, when the "Require dbm-file-group" directive was used and mod_authz_dbm was loaded before mod_authz_owner, the httpd daemon terminated unexpectedly with a segmentation fault. The mod_authz_dbm code now allows loading before the mod_authz_owner module, and httpd no loner crashes in this scenario. (BZ#1221575)
* The mod_proxy_fcgi module had a hardcoded 30-second timeout for a request. Consequently, it was impossible to change the timeout. mod_proxy_fcgi has been fixed to honor the Timeout or ProxyTimeout directives, and users are now able to configure the timeout of mod_proxy_fcgi. (BZ#1222328)
* The mod_ssl method used for enabling Next Protocol Negotiation (NPN) support returned incorrect exit status when NPN was disabled. Consequently, although NPN was disabled by the configuration, mod_ssl continued to send it. The mod_ssl method now returns the correct value in this scenario, and mod_ssl no longer sends NPN unless configured to do so. (BZ#1226015)
The update adds these enhancements:
* The default configuration of the mod_ssl module in the Apache HTTP Server no longer enables support for SSL cipher suites using the single IDEA or SEED encryption algorithms, which are known to be easily exploitable. (BZ#1118476)
* The mod_proxy_wstunnel module is now enabled by default and it includes support for SSL connections in the "wss://" scheme. Additionally, it is possible to use the "ws://" scheme in the "mod_rewrite" directives. This allows for using WebSockets as a target to "mod_rewrite" and enabling WebSockets in the proxy module. (BZ#1180745)
* Apache HTTP Server now supports Microsoft User Principal Name (UPN) in the SSLUserName directive. Users can now authenticate with their Common Access Card (CAC) or certificate with a UPN in it, and have their UPN used as authenticated user information, consumed by both the access control in Apache and using the REMOTE_USER environment variable or a similar mechanism in applications. As a result, users can now set "SSLUserName SSL_CLIENT_SAN_OTHER_msUPN_0" for authentication using UPN. (BZ#1242503)
Users of httpd are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. After installing the updated packages, the httpd daemon will be restarted automatically.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated httpd packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 7.", "title": "Topic" }, { "category": "general", "text": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nThis update fixes the following bugs:\n\n* The httpd daemon did not reset an internal array for storing variables defined using the \"Define\" directive. Consequently, variables could be undefined after a graceful restart. httpd has been fixed to reset this internal array during a graceful restart, and variables are now correctly defined in this scenario. (BZ#1227219)\n\n* The SSL_CLIENT_VERIFY environment variable was incorrectly handled when the \"SSLVerifyClient optional_no_ca\" and \"SSLSessionCache\" options were used. Consequently, when an SSL session was resumed, the SSL_CLIENT_VERIFY value was set to \"SUCCESS\" instead of the previously set \"GENEROUS\". SSL_CLIENT_VERIFY is now correctly set to GENEROUS in this scenario. (BZ#1170206)\n\n* The mod_ssl module did not call the ERR_free_strings method during its cleanup. Consequently, during the httpd daemon\u0027s reload, mod_ssl leaked memory. Now, ERR_free_strings is called by mod_ssl during the httpd reload, and mod_ssl no longer leaks memory. (BZ#1181690)\n\n* The status line of an HTTP response message from a server did not include the HTTP Reason-Phrase if the original response from the mod_proxy back-end server contained only a Status Code. Consequently, the server displayed only the Status Code to an HTTP client. HTTP clients now receive both the Status Code and Reason-Phrase. (BZ#1162159)\n\n* The mod_authz_dbm module requires the mod_authz_owner module but this dependency was not reflected in the mod_authz_dbm code. Consequently, when the \"Require dbm-file-group\" directive was used and mod_authz_dbm was loaded before mod_authz_owner, the httpd daemon terminated unexpectedly with a segmentation fault. The mod_authz_dbm code now allows loading before the mod_authz_owner module, and httpd no loner crashes in this scenario. (BZ#1221575)\n\n* The mod_proxy_fcgi module had a hardcoded 30-second timeout for a request. Consequently, it was impossible to change the timeout. mod_proxy_fcgi has been fixed to honor the Timeout or ProxyTimeout directives, and users are now able to configure the timeout of mod_proxy_fcgi. (BZ#1222328)\n\n* The mod_ssl method used for enabling Next Protocol Negotiation (NPN) support returned incorrect exit status when NPN was disabled. Consequently, although NPN was disabled by the configuration, mod_ssl continued to send it. The mod_ssl method now returns the correct value in this scenario, and mod_ssl no longer sends NPN unless configured to do so. (BZ#1226015)\n\nThe update adds these enhancements:\n\n* The default configuration of the mod_ssl module in the Apache HTTP Server no longer enables support for SSL cipher suites using the single IDEA or SEED encryption algorithms, which are known to be easily exploitable. (BZ#1118476)\n\n* The mod_proxy_wstunnel module is now enabled by default and it includes support for SSL connections in the \"wss://\" scheme. Additionally, it is possible to use the \"ws://\" scheme in the \"mod_rewrite\" directives. This allows for using WebSockets as a target to \"mod_rewrite\" and enabling WebSockets in the proxy module. (BZ#1180745)\n\n* Apache HTTP Server now supports Microsoft User Principal Name (UPN) in the SSLUserName directive. Users can now authenticate with their Common Access Card (CAC) or certificate with a UPN in it, and have their UPN used as authenticated user information, consumed by both the access control in Apache and using the REMOTE_USER environment variable or a similar mechanism in applications. As a result, users can now set \"SSLUserName SSL_CLIENT_SAN_OTHER_msUPN_0\" for authentication using UPN. (BZ#1242503)\n\nUsers of httpd are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. After installing the updated packages, the httpd daemon will be restarted automatically.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHBA-2015:2194", "url": "https://access.redhat.com/errata/RHBA-2015:2194" }, { "category": "external", "summary": "1125276", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1125276" }, { "category": "external", "summary": "1160625", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1160625" }, { "category": "external", "summary": "1162159", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1162159" }, { "category": "external", "summary": "1169081", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1169081" }, { "category": "external", "summary": "1170206", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1170206" }, { "category": "external", "summary": "1170214", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1170214" }, { "category": "external", "summary": "1170215", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1170215" }, { "category": "external", "summary": "1170220", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1170220" }, { "category": "external", "summary": "1176449", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176449" }, { "category": "external", "summary": "1179306", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1179306" }, { "category": "external", "summary": "1180745", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1180745" }, { "category": "external", "summary": "1184118", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184118" }, { "category": "external", "summary": "1188779", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1188779" }, { "category": "external", "summary": "1210091", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1210091" }, { "category": "external", "summary": "1214398", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1214398" }, { "category": "external", "summary": "1214401", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1214401" }, { "category": "external", "summary": "1214430", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1214430" }, { "category": "external", "summary": "1221575", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221575" }, { "category": "external", "summary": "1222328", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222328" }, { "category": "external", "summary": "1225820", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1225820" }, { "category": "external", "summary": "1226015", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1226015" }, { "category": "external", "summary": "1227219", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1227219" }, { "category": "external", "summary": "1231924", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1231924" }, { "category": "external", "summary": "1235383", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1235383" }, { "category": "external", "summary": "1239164", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1239164" }, { "category": "external", "summary": "1242416", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1242416" }, { "category": "external", "summary": "1242503", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1242503" }, { "category": "external", "summary": "1255480", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255480" }, { "category": "external", "summary": "1263975", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1263975" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhba-2015_2194.json" } ], "title": "Red Hat Bug Fix Advisory: httpd bug fix and enhancement update", "tracking": { "current_release_date": "2024-11-05T15:50:51+00:00", "generator": { "date": "2024-11-05T15:50:51+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHBA-2015:2194", "initial_release_date": "2015-11-19T03:05:27+00:00", "revision_history": [ { "date": "2015-11-19T03:05:27+00:00", "number": "1", "summary": "Initial version" }, { "date": "2015-11-19T03:05:27+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T15:50:51+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Client Optional (v. 7)", "product": { "name": "Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product": { "name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::computenode" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server (v. 7)", "product": { "name": "Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Optional (v. 7)", "product": { "name": "Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": "Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::workstation" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation Optional (v. 7)", "product": { "name": "Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::workstation" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "httpd-0:2.4.6-40.el7.src", "product": { "name": "httpd-0:2.4.6-40.el7.src", "product_id": "httpd-0:2.4.6-40.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.4.6-40.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "httpd-tools-0:2.4.6-40.el7.x86_64", "product": { "name": "httpd-tools-0:2.4.6-40.el7.x86_64", "product_id": "httpd-tools-0:2.4.6-40.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.4.6-40.el7?arch=x86_64" } } }, { "category": "product_version", "name": "mod_ssl-1:2.4.6-40.el7.x86_64", "product": { "name": "mod_ssl-1:2.4.6-40.el7.x86_64", "product_id": "mod_ssl-1:2.4.6-40.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.4.6-40.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-0:2.4.6-40.el7.x86_64", "product": { "name": "httpd-0:2.4.6-40.el7.x86_64", "product_id": "httpd-0:2.4.6-40.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.4.6-40.el7?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-devel-0:2.4.6-40.el7.x86_64", "product": { "name": "httpd-devel-0:2.4.6-40.el7.x86_64", "product_id": "httpd-devel-0:2.4.6-40.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.4.6-40.el7?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.4.6-40.el7.x86_64", "product": { "name": "httpd-debuginfo-0:2.4.6-40.el7.x86_64", "product_id": "httpd-debuginfo-0:2.4.6-40.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.6-40.el7?arch=x86_64" } } }, { "category": "product_version", "name": "mod_ldap-0:2.4.6-40.el7.x86_64", "product": { "name": "mod_ldap-0:2.4.6-40.el7.x86_64", "product_id": "mod_ldap-0:2.4.6-40.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ldap@2.4.6-40.el7?arch=x86_64" } } }, { "category": "product_version", "name": "mod_proxy_html-1:2.4.6-40.el7.x86_64", "product": { "name": "mod_proxy_html-1:2.4.6-40.el7.x86_64", "product_id": "mod_proxy_html-1:2.4.6-40.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_proxy_html@2.4.6-40.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_session-0:2.4.6-40.el7.x86_64", "product": { "name": "mod_session-0:2.4.6-40.el7.x86_64", "product_id": "mod_session-0:2.4.6-40.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_session@2.4.6-40.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "httpd-manual-0:2.4.6-40.el7.noarch", "product": { "name": "httpd-manual-0:2.4.6-40.el7.noarch", "product_id": "httpd-manual-0:2.4.6-40.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.4.6-40.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "mod_ssl-1:2.4.6-40.el7.aarch64", "product": { "name": "mod_ssl-1:2.4.6-40.el7.aarch64", "product_id": "mod_ssl-1:2.4.6-40.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.4.6-40.el7?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-devel-0:2.4.6-40.el7.aarch64", "product": { "name": "httpd-devel-0:2.4.6-40.el7.aarch64", "product_id": "httpd-devel-0:2.4.6-40.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.4.6-40.el7?arch=aarch64" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.4.6-40.el7.aarch64", "product": { "name": "httpd-debuginfo-0:2.4.6-40.el7.aarch64", "product_id": "httpd-debuginfo-0:2.4.6-40.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.6-40.el7?arch=aarch64" } } }, { "category": "product_version", "name": "httpd-tools-0:2.4.6-40.el7.aarch64", "product": { "name": "httpd-tools-0:2.4.6-40.el7.aarch64", "product_id": "httpd-tools-0:2.4.6-40.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.4.6-40.el7?arch=aarch64" } } }, { "category": "product_version", "name": "httpd-0:2.4.6-40.el7.aarch64", "product": { "name": "httpd-0:2.4.6-40.el7.aarch64", "product_id": "httpd-0:2.4.6-40.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.4.6-40.el7?arch=aarch64" } } }, { "category": "product_version", "name": "mod_proxy_html-1:2.4.6-40.el7.aarch64", "product": { "name": "mod_proxy_html-1:2.4.6-40.el7.aarch64", "product_id": "mod_proxy_html-1:2.4.6-40.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_proxy_html@2.4.6-40.el7?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_session-0:2.4.6-40.el7.aarch64", "product": { "name": "mod_session-0:2.4.6-40.el7.aarch64", "product_id": "mod_session-0:2.4.6-40.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_session@2.4.6-40.el7?arch=aarch64" } } }, { "category": "product_version", "name": "mod_ldap-0:2.4.6-40.el7.aarch64", "product": { "name": "mod_ldap-0:2.4.6-40.el7.aarch64", "product_id": "mod_ldap-0:2.4.6-40.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ldap@2.4.6-40.el7?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "httpd-tools-0:2.4.6-40.el7.ppc64", "product": { "name": "httpd-tools-0:2.4.6-40.el7.ppc64", "product_id": "httpd-tools-0:2.4.6-40.el7.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.4.6-40.el7?arch=ppc64" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.4.6-40.el7.ppc64", "product": { "name": "httpd-debuginfo-0:2.4.6-40.el7.ppc64", "product_id": "httpd-debuginfo-0:2.4.6-40.el7.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.6-40.el7?arch=ppc64" } } }, { "category": "product_version", "name": "httpd-devel-0:2.4.6-40.el7.ppc64", "product": { "name": "httpd-devel-0:2.4.6-40.el7.ppc64", "product_id": "httpd-devel-0:2.4.6-40.el7.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.4.6-40.el7?arch=ppc64" } } }, { "category": "product_version", "name": "mod_ssl-1:2.4.6-40.el7.ppc64", "product": { "name": "mod_ssl-1:2.4.6-40.el7.ppc64", "product_id": "mod_ssl-1:2.4.6-40.el7.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.4.6-40.el7?arch=ppc64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-0:2.4.6-40.el7.ppc64", "product": { "name": "httpd-0:2.4.6-40.el7.ppc64", "product_id": "httpd-0:2.4.6-40.el7.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.4.6-40.el7?arch=ppc64" } } }, { "category": "product_version", "name": "mod_proxy_html-1:2.4.6-40.el7.ppc64", "product": { "name": "mod_proxy_html-1:2.4.6-40.el7.ppc64", "product_id": "mod_proxy_html-1:2.4.6-40.el7.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_proxy_html@2.4.6-40.el7?arch=ppc64\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_session-0:2.4.6-40.el7.ppc64", "product": { "name": "mod_session-0:2.4.6-40.el7.ppc64", "product_id": "mod_session-0:2.4.6-40.el7.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_session@2.4.6-40.el7?arch=ppc64" } } }, { "category": "product_version", "name": "mod_ldap-0:2.4.6-40.el7.ppc64", "product": { "name": "mod_ldap-0:2.4.6-40.el7.ppc64", "product_id": "mod_ldap-0:2.4.6-40.el7.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ldap@2.4.6-40.el7?arch=ppc64" } } } ], "category": "architecture", "name": "ppc64" }, { "branches": [ { "category": "product_version", "name": "httpd-tools-0:2.4.6-40.el7.s390x", "product": { "name": "httpd-tools-0:2.4.6-40.el7.s390x", "product_id": "httpd-tools-0:2.4.6-40.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.4.6-40.el7?arch=s390x" } } }, { "category": "product_version", "name": "mod_ssl-1:2.4.6-40.el7.s390x", "product": { "name": "mod_ssl-1:2.4.6-40.el7.s390x", "product_id": "mod_ssl-1:2.4.6-40.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.4.6-40.el7?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-devel-0:2.4.6-40.el7.s390x", "product": { "name": "httpd-devel-0:2.4.6-40.el7.s390x", "product_id": "httpd-devel-0:2.4.6-40.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.4.6-40.el7?arch=s390x" } } }, { "category": "product_version", "name": "httpd-0:2.4.6-40.el7.s390x", "product": { "name": "httpd-0:2.4.6-40.el7.s390x", "product_id": "httpd-0:2.4.6-40.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.4.6-40.el7?arch=s390x" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.4.6-40.el7.s390x", "product": { "name": "httpd-debuginfo-0:2.4.6-40.el7.s390x", "product_id": "httpd-debuginfo-0:2.4.6-40.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.6-40.el7?arch=s390x" } } }, { "category": "product_version", "name": "mod_session-0:2.4.6-40.el7.s390x", "product": { "name": "mod_session-0:2.4.6-40.el7.s390x", "product_id": "mod_session-0:2.4.6-40.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_session@2.4.6-40.el7?arch=s390x" } } }, { "category": "product_version", "name": "mod_proxy_html-1:2.4.6-40.el7.s390x", "product": { "name": "mod_proxy_html-1:2.4.6-40.el7.s390x", "product_id": "mod_proxy_html-1:2.4.6-40.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_proxy_html@2.4.6-40.el7?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_ldap-0:2.4.6-40.el7.s390x", "product": { "name": "mod_ldap-0:2.4.6-40.el7.s390x", "product_id": "mod_ldap-0:2.4.6-40.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ldap@2.4.6-40.el7?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "mod_ssl-1:2.4.6-40.el7.ppc64le", "product": { "name": "mod_ssl-1:2.4.6-40.el7.ppc64le", "product_id": "mod_ssl-1:2.4.6-40.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.4.6-40.el7?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-tools-0:2.4.6-40.el7.ppc64le", "product": { "name": "httpd-tools-0:2.4.6-40.el7.ppc64le", "product_id": "httpd-tools-0:2.4.6-40.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.4.6-40.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.4.6-40.el7.ppc64le", "product": { "name": "httpd-debuginfo-0:2.4.6-40.el7.ppc64le", "product_id": "httpd-debuginfo-0:2.4.6-40.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.6-40.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "httpd-devel-0:2.4.6-40.el7.ppc64le", "product": { "name": "httpd-devel-0:2.4.6-40.el7.ppc64le", "product_id": "httpd-devel-0:2.4.6-40.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.4.6-40.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "httpd-0:2.4.6-40.el7.ppc64le", "product": { "name": "httpd-0:2.4.6-40.el7.ppc64le", "product_id": "httpd-0:2.4.6-40.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.4.6-40.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "mod_proxy_html-1:2.4.6-40.el7.ppc64le", "product": { "name": "mod_proxy_html-1:2.4.6-40.el7.ppc64le", "product_id": "mod_proxy_html-1:2.4.6-40.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_proxy_html@2.4.6-40.el7?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_session-0:2.4.6-40.el7.ppc64le", "product": { "name": "mod_session-0:2.4.6-40.el7.ppc64le", "product_id": "mod_session-0:2.4.6-40.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_session@2.4.6-40.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "mod_ldap-0:2.4.6-40.el7.ppc64le", "product": { "name": "mod_ldap-0:2.4.6-40.el7.ppc64le", "product_id": "mod_ldap-0:2.4.6-40.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ldap@2.4.6-40.el7?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:httpd-0:2.4.6-40.el7.aarch64" }, "product_reference": "httpd-0:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:httpd-0:2.4.6-40.el7.ppc64" }, "product_reference": "httpd-0:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:httpd-0:2.4.6-40.el7.ppc64le" }, "product_reference": "httpd-0:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:httpd-0:2.4.6-40.el7.s390x" }, "product_reference": "httpd-0:2.4.6-40.el7.s390x", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:httpd-0:2.4.6-40.el7.src" }, "product_reference": "httpd-0:2.4.6-40.el7.src", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:httpd-0:2.4.6-40.el7.x86_64" }, "product_reference": "httpd-0:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:httpd-debuginfo-0:2.4.6-40.el7.aarch64" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:httpd-debuginfo-0:2.4.6-40.el7.ppc64" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:httpd-debuginfo-0:2.4.6-40.el7.ppc64le" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:httpd-debuginfo-0:2.4.6-40.el7.s390x" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7.s390x", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:httpd-debuginfo-0:2.4.6-40.el7.x86_64" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:httpd-devel-0:2.4.6-40.el7.aarch64" }, "product_reference": "httpd-devel-0:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:httpd-devel-0:2.4.6-40.el7.ppc64" }, "product_reference": "httpd-devel-0:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:httpd-devel-0:2.4.6-40.el7.ppc64le" }, "product_reference": "httpd-devel-0:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:httpd-devel-0:2.4.6-40.el7.s390x" }, "product_reference": "httpd-devel-0:2.4.6-40.el7.s390x", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:httpd-devel-0:2.4.6-40.el7.x86_64" }, "product_reference": "httpd-devel-0:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.4.6-40.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:httpd-manual-0:2.4.6-40.el7.noarch" }, "product_reference": "httpd-manual-0:2.4.6-40.el7.noarch", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:httpd-tools-0:2.4.6-40.el7.aarch64" }, "product_reference": "httpd-tools-0:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:httpd-tools-0:2.4.6-40.el7.ppc64" }, "product_reference": "httpd-tools-0:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:httpd-tools-0:2.4.6-40.el7.ppc64le" }, "product_reference": "httpd-tools-0:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:httpd-tools-0:2.4.6-40.el7.s390x" }, "product_reference": "httpd-tools-0:2.4.6-40.el7.s390x", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:httpd-tools-0:2.4.6-40.el7.x86_64" }, "product_reference": "httpd-tools-0:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:mod_ldap-0:2.4.6-40.el7.aarch64" }, "product_reference": "mod_ldap-0:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:mod_ldap-0:2.4.6-40.el7.ppc64" }, "product_reference": "mod_ldap-0:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:mod_ldap-0:2.4.6-40.el7.ppc64le" }, "product_reference": "mod_ldap-0:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:mod_ldap-0:2.4.6-40.el7.s390x" }, "product_reference": "mod_ldap-0:2.4.6-40.el7.s390x", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:mod_ldap-0:2.4.6-40.el7.x86_64" }, "product_reference": "mod_ldap-0:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:mod_proxy_html-1:2.4.6-40.el7.aarch64" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:mod_proxy_html-1:2.4.6-40.el7.ppc64" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:mod_proxy_html-1:2.4.6-40.el7.ppc64le" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:mod_proxy_html-1:2.4.6-40.el7.s390x" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7.s390x", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:mod_proxy_html-1:2.4.6-40.el7.x86_64" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:mod_session-0:2.4.6-40.el7.aarch64" }, "product_reference": "mod_session-0:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:mod_session-0:2.4.6-40.el7.ppc64" }, "product_reference": "mod_session-0:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:mod_session-0:2.4.6-40.el7.ppc64le" }, "product_reference": "mod_session-0:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:mod_session-0:2.4.6-40.el7.s390x" }, "product_reference": "mod_session-0:2.4.6-40.el7.s390x", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:mod_session-0:2.4.6-40.el7.x86_64" }, "product_reference": "mod_session-0:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:mod_ssl-1:2.4.6-40.el7.aarch64" }, "product_reference": "mod_ssl-1:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:mod_ssl-1:2.4.6-40.el7.ppc64" }, "product_reference": "mod_ssl-1:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:mod_ssl-1:2.4.6-40.el7.ppc64le" }, "product_reference": "mod_ssl-1:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:mod_ssl-1:2.4.6-40.el7.s390x" }, "product_reference": "mod_ssl-1:2.4.6-40.el7.s390x", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional:mod_ssl-1:2.4.6-40.el7.x86_64" }, "product_reference": "mod_ssl-1:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7Client-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:httpd-0:2.4.6-40.el7.aarch64" }, "product_reference": "httpd-0:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:httpd-0:2.4.6-40.el7.ppc64" }, "product_reference": "httpd-0:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:httpd-0:2.4.6-40.el7.ppc64le" }, "product_reference": "httpd-0:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:httpd-0:2.4.6-40.el7.s390x" }, "product_reference": "httpd-0:2.4.6-40.el7.s390x", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:httpd-0:2.4.6-40.el7.src" }, "product_reference": "httpd-0:2.4.6-40.el7.src", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:httpd-0:2.4.6-40.el7.x86_64" }, "product_reference": "httpd-0:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:httpd-debuginfo-0:2.4.6-40.el7.aarch64" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:httpd-debuginfo-0:2.4.6-40.el7.ppc64" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:httpd-debuginfo-0:2.4.6-40.el7.ppc64le" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:httpd-debuginfo-0:2.4.6-40.el7.s390x" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7.s390x", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:httpd-debuginfo-0:2.4.6-40.el7.x86_64" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:httpd-devel-0:2.4.6-40.el7.aarch64" }, "product_reference": "httpd-devel-0:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:httpd-devel-0:2.4.6-40.el7.ppc64" }, "product_reference": "httpd-devel-0:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:httpd-devel-0:2.4.6-40.el7.ppc64le" }, "product_reference": "httpd-devel-0:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:httpd-devel-0:2.4.6-40.el7.s390x" }, "product_reference": "httpd-devel-0:2.4.6-40.el7.s390x", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:httpd-devel-0:2.4.6-40.el7.x86_64" }, "product_reference": "httpd-devel-0:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.4.6-40.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:httpd-manual-0:2.4.6-40.el7.noarch" }, "product_reference": "httpd-manual-0:2.4.6-40.el7.noarch", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:httpd-tools-0:2.4.6-40.el7.aarch64" }, "product_reference": "httpd-tools-0:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:httpd-tools-0:2.4.6-40.el7.ppc64" }, "product_reference": "httpd-tools-0:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:httpd-tools-0:2.4.6-40.el7.ppc64le" }, "product_reference": "httpd-tools-0:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:httpd-tools-0:2.4.6-40.el7.s390x" }, "product_reference": "httpd-tools-0:2.4.6-40.el7.s390x", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:httpd-tools-0:2.4.6-40.el7.x86_64" }, "product_reference": "httpd-tools-0:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:mod_ldap-0:2.4.6-40.el7.aarch64" }, "product_reference": "mod_ldap-0:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:mod_ldap-0:2.4.6-40.el7.ppc64" }, "product_reference": "mod_ldap-0:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:mod_ldap-0:2.4.6-40.el7.ppc64le" }, "product_reference": "mod_ldap-0:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:mod_ldap-0:2.4.6-40.el7.s390x" }, "product_reference": "mod_ldap-0:2.4.6-40.el7.s390x", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:mod_ldap-0:2.4.6-40.el7.x86_64" }, "product_reference": "mod_ldap-0:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:mod_proxy_html-1:2.4.6-40.el7.aarch64" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:mod_proxy_html-1:2.4.6-40.el7.ppc64" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:mod_proxy_html-1:2.4.6-40.el7.ppc64le" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:mod_proxy_html-1:2.4.6-40.el7.s390x" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7.s390x", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:mod_proxy_html-1:2.4.6-40.el7.x86_64" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:mod_session-0:2.4.6-40.el7.aarch64" }, "product_reference": "mod_session-0:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:mod_session-0:2.4.6-40.el7.ppc64" }, "product_reference": "mod_session-0:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:mod_session-0:2.4.6-40.el7.ppc64le" }, "product_reference": "mod_session-0:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:mod_session-0:2.4.6-40.el7.s390x" }, "product_reference": "mod_session-0:2.4.6-40.el7.s390x", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:mod_session-0:2.4.6-40.el7.x86_64" }, "product_reference": "mod_session-0:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:mod_ssl-1:2.4.6-40.el7.aarch64" }, "product_reference": "mod_ssl-1:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:mod_ssl-1:2.4.6-40.el7.ppc64" }, "product_reference": "mod_ssl-1:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:mod_ssl-1:2.4.6-40.el7.ppc64le" }, "product_reference": "mod_ssl-1:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:mod_ssl-1:2.4.6-40.el7.s390x" }, "product_reference": "mod_ssl-1:2.4.6-40.el7.s390x", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional:mod_ssl-1:2.4.6-40.el7.x86_64" }, "product_reference": "mod_ssl-1:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7ComputeNode-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:httpd-0:2.4.6-40.el7.aarch64" }, "product_reference": "httpd-0:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:httpd-0:2.4.6-40.el7.ppc64" }, "product_reference": "httpd-0:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:httpd-0:2.4.6-40.el7.ppc64le" }, "product_reference": "httpd-0:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:httpd-0:2.4.6-40.el7.s390x" }, "product_reference": "httpd-0:2.4.6-40.el7.s390x", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:httpd-0:2.4.6-40.el7.src" }, "product_reference": "httpd-0:2.4.6-40.el7.src", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:httpd-0:2.4.6-40.el7.x86_64" }, "product_reference": "httpd-0:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:httpd-debuginfo-0:2.4.6-40.el7.aarch64" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:httpd-debuginfo-0:2.4.6-40.el7.ppc64" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:httpd-debuginfo-0:2.4.6-40.el7.ppc64le" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:httpd-debuginfo-0:2.4.6-40.el7.s390x" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7.s390x", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:httpd-debuginfo-0:2.4.6-40.el7.x86_64" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:httpd-devel-0:2.4.6-40.el7.aarch64" }, "product_reference": "httpd-devel-0:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:httpd-devel-0:2.4.6-40.el7.ppc64" }, "product_reference": "httpd-devel-0:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:httpd-devel-0:2.4.6-40.el7.ppc64le" }, "product_reference": "httpd-devel-0:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:httpd-devel-0:2.4.6-40.el7.s390x" }, "product_reference": "httpd-devel-0:2.4.6-40.el7.s390x", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:httpd-devel-0:2.4.6-40.el7.x86_64" }, "product_reference": "httpd-devel-0:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.4.6-40.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:httpd-manual-0:2.4.6-40.el7.noarch" }, "product_reference": "httpd-manual-0:2.4.6-40.el7.noarch", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:httpd-tools-0:2.4.6-40.el7.aarch64" }, "product_reference": "httpd-tools-0:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:httpd-tools-0:2.4.6-40.el7.ppc64" }, "product_reference": "httpd-tools-0:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:httpd-tools-0:2.4.6-40.el7.ppc64le" }, "product_reference": "httpd-tools-0:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:httpd-tools-0:2.4.6-40.el7.s390x" }, "product_reference": "httpd-tools-0:2.4.6-40.el7.s390x", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:httpd-tools-0:2.4.6-40.el7.x86_64" }, "product_reference": "httpd-tools-0:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:mod_ldap-0:2.4.6-40.el7.aarch64" }, "product_reference": "mod_ldap-0:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:mod_ldap-0:2.4.6-40.el7.ppc64" }, "product_reference": "mod_ldap-0:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:mod_ldap-0:2.4.6-40.el7.ppc64le" }, "product_reference": "mod_ldap-0:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:mod_ldap-0:2.4.6-40.el7.s390x" }, "product_reference": "mod_ldap-0:2.4.6-40.el7.s390x", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:mod_ldap-0:2.4.6-40.el7.x86_64" }, "product_reference": "mod_ldap-0:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:mod_proxy_html-1:2.4.6-40.el7.aarch64" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:mod_proxy_html-1:2.4.6-40.el7.ppc64" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:mod_proxy_html-1:2.4.6-40.el7.ppc64le" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:mod_proxy_html-1:2.4.6-40.el7.s390x" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7.s390x", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:mod_proxy_html-1:2.4.6-40.el7.x86_64" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:mod_session-0:2.4.6-40.el7.aarch64" }, "product_reference": "mod_session-0:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:mod_session-0:2.4.6-40.el7.ppc64" }, "product_reference": "mod_session-0:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:mod_session-0:2.4.6-40.el7.ppc64le" }, "product_reference": "mod_session-0:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:mod_session-0:2.4.6-40.el7.s390x" }, "product_reference": "mod_session-0:2.4.6-40.el7.s390x", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:mod_session-0:2.4.6-40.el7.x86_64" }, "product_reference": "mod_session-0:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:mod_ssl-1:2.4.6-40.el7.aarch64" }, "product_reference": "mod_ssl-1:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:mod_ssl-1:2.4.6-40.el7.ppc64" }, "product_reference": "mod_ssl-1:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:mod_ssl-1:2.4.6-40.el7.ppc64le" }, "product_reference": "mod_ssl-1:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:mod_ssl-1:2.4.6-40.el7.s390x" }, "product_reference": "mod_ssl-1:2.4.6-40.el7.s390x", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional:mod_ssl-1:2.4.6-40.el7.x86_64" }, "product_reference": "mod_ssl-1:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7Server-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:httpd-0:2.4.6-40.el7.aarch64" }, "product_reference": "httpd-0:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:httpd-0:2.4.6-40.el7.ppc64" }, "product_reference": "httpd-0:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:httpd-0:2.4.6-40.el7.ppc64le" }, "product_reference": "httpd-0:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:httpd-0:2.4.6-40.el7.s390x" }, "product_reference": "httpd-0:2.4.6-40.el7.s390x", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7.src as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:httpd-0:2.4.6-40.el7.src" }, "product_reference": "httpd-0:2.4.6-40.el7.src", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:httpd-0:2.4.6-40.el7.x86_64" }, "product_reference": "httpd-0:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:httpd-debuginfo-0:2.4.6-40.el7.aarch64" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:httpd-debuginfo-0:2.4.6-40.el7.ppc64" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:httpd-debuginfo-0:2.4.6-40.el7.ppc64le" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:httpd-debuginfo-0:2.4.6-40.el7.s390x" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7.s390x", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:httpd-debuginfo-0:2.4.6-40.el7.x86_64" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:httpd-devel-0:2.4.6-40.el7.aarch64" }, "product_reference": "httpd-devel-0:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:httpd-devel-0:2.4.6-40.el7.ppc64" }, "product_reference": "httpd-devel-0:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:httpd-devel-0:2.4.6-40.el7.ppc64le" }, "product_reference": "httpd-devel-0:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:httpd-devel-0:2.4.6-40.el7.s390x" }, "product_reference": "httpd-devel-0:2.4.6-40.el7.s390x", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:httpd-devel-0:2.4.6-40.el7.x86_64" }, "product_reference": "httpd-devel-0:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.4.6-40.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:httpd-manual-0:2.4.6-40.el7.noarch" }, "product_reference": "httpd-manual-0:2.4.6-40.el7.noarch", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:httpd-tools-0:2.4.6-40.el7.aarch64" }, "product_reference": "httpd-tools-0:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:httpd-tools-0:2.4.6-40.el7.ppc64" }, "product_reference": "httpd-tools-0:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:httpd-tools-0:2.4.6-40.el7.ppc64le" }, "product_reference": "httpd-tools-0:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:httpd-tools-0:2.4.6-40.el7.s390x" }, "product_reference": "httpd-tools-0:2.4.6-40.el7.s390x", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:httpd-tools-0:2.4.6-40.el7.x86_64" }, "product_reference": "httpd-tools-0:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:mod_ldap-0:2.4.6-40.el7.aarch64" }, "product_reference": "mod_ldap-0:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:mod_ldap-0:2.4.6-40.el7.ppc64" }, "product_reference": "mod_ldap-0:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:mod_ldap-0:2.4.6-40.el7.ppc64le" }, "product_reference": "mod_ldap-0:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:mod_ldap-0:2.4.6-40.el7.s390x" }, "product_reference": "mod_ldap-0:2.4.6-40.el7.s390x", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:mod_ldap-0:2.4.6-40.el7.x86_64" }, "product_reference": "mod_ldap-0:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:mod_proxy_html-1:2.4.6-40.el7.aarch64" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:mod_proxy_html-1:2.4.6-40.el7.ppc64" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:mod_proxy_html-1:2.4.6-40.el7.ppc64le" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:mod_proxy_html-1:2.4.6-40.el7.s390x" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7.s390x", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:mod_proxy_html-1:2.4.6-40.el7.x86_64" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:mod_session-0:2.4.6-40.el7.aarch64" }, "product_reference": "mod_session-0:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:mod_session-0:2.4.6-40.el7.ppc64" }, "product_reference": "mod_session-0:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:mod_session-0:2.4.6-40.el7.ppc64le" }, "product_reference": "mod_session-0:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:mod_session-0:2.4.6-40.el7.s390x" }, "product_reference": "mod_session-0:2.4.6-40.el7.s390x", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:mod_session-0:2.4.6-40.el7.x86_64" }, "product_reference": "mod_session-0:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:mod_ssl-1:2.4.6-40.el7.aarch64" }, "product_reference": "mod_ssl-1:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:mod_ssl-1:2.4.6-40.el7.ppc64" }, "product_reference": "mod_ssl-1:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:mod_ssl-1:2.4.6-40.el7.ppc64le" }, "product_reference": "mod_ssl-1:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:mod_ssl-1:2.4.6-40.el7.s390x" }, "product_reference": "mod_ssl-1:2.4.6-40.el7.s390x", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server:mod_ssl-1:2.4.6-40.el7.x86_64" }, "product_reference": "mod_ssl-1:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:httpd-0:2.4.6-40.el7.aarch64" }, "product_reference": "httpd-0:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:httpd-0:2.4.6-40.el7.ppc64" }, "product_reference": "httpd-0:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:httpd-0:2.4.6-40.el7.ppc64le" }, "product_reference": "httpd-0:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:httpd-0:2.4.6-40.el7.s390x" }, "product_reference": "httpd-0:2.4.6-40.el7.s390x", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:httpd-0:2.4.6-40.el7.src" }, "product_reference": "httpd-0:2.4.6-40.el7.src", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:httpd-0:2.4.6-40.el7.x86_64" }, "product_reference": "httpd-0:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:httpd-debuginfo-0:2.4.6-40.el7.aarch64" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:httpd-debuginfo-0:2.4.6-40.el7.ppc64" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:httpd-debuginfo-0:2.4.6-40.el7.ppc64le" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:httpd-debuginfo-0:2.4.6-40.el7.s390x" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7.s390x", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:httpd-debuginfo-0:2.4.6-40.el7.x86_64" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:httpd-devel-0:2.4.6-40.el7.aarch64" }, "product_reference": "httpd-devel-0:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:httpd-devel-0:2.4.6-40.el7.ppc64" }, "product_reference": "httpd-devel-0:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:httpd-devel-0:2.4.6-40.el7.ppc64le" }, "product_reference": "httpd-devel-0:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:httpd-devel-0:2.4.6-40.el7.s390x" }, "product_reference": "httpd-devel-0:2.4.6-40.el7.s390x", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:httpd-devel-0:2.4.6-40.el7.x86_64" }, "product_reference": "httpd-devel-0:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.4.6-40.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:httpd-manual-0:2.4.6-40.el7.noarch" }, "product_reference": "httpd-manual-0:2.4.6-40.el7.noarch", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:httpd-tools-0:2.4.6-40.el7.aarch64" }, "product_reference": "httpd-tools-0:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:httpd-tools-0:2.4.6-40.el7.ppc64" }, "product_reference": "httpd-tools-0:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:httpd-tools-0:2.4.6-40.el7.ppc64le" }, "product_reference": "httpd-tools-0:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:httpd-tools-0:2.4.6-40.el7.s390x" }, "product_reference": "httpd-tools-0:2.4.6-40.el7.s390x", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:httpd-tools-0:2.4.6-40.el7.x86_64" }, "product_reference": "httpd-tools-0:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:mod_ldap-0:2.4.6-40.el7.aarch64" }, "product_reference": "mod_ldap-0:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:mod_ldap-0:2.4.6-40.el7.ppc64" }, "product_reference": "mod_ldap-0:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:mod_ldap-0:2.4.6-40.el7.ppc64le" }, "product_reference": "mod_ldap-0:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:mod_ldap-0:2.4.6-40.el7.s390x" }, "product_reference": "mod_ldap-0:2.4.6-40.el7.s390x", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:mod_ldap-0:2.4.6-40.el7.x86_64" }, "product_reference": "mod_ldap-0:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:mod_proxy_html-1:2.4.6-40.el7.aarch64" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:mod_proxy_html-1:2.4.6-40.el7.ppc64" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:mod_proxy_html-1:2.4.6-40.el7.ppc64le" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:mod_proxy_html-1:2.4.6-40.el7.s390x" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7.s390x", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:mod_proxy_html-1:2.4.6-40.el7.x86_64" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:mod_session-0:2.4.6-40.el7.aarch64" }, "product_reference": "mod_session-0:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:mod_session-0:2.4.6-40.el7.ppc64" }, "product_reference": "mod_session-0:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:mod_session-0:2.4.6-40.el7.ppc64le" }, "product_reference": "mod_session-0:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:mod_session-0:2.4.6-40.el7.s390x" }, "product_reference": "mod_session-0:2.4.6-40.el7.s390x", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:mod_session-0:2.4.6-40.el7.x86_64" }, "product_reference": "mod_session-0:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:mod_ssl-1:2.4.6-40.el7.aarch64" }, "product_reference": "mod_ssl-1:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:mod_ssl-1:2.4.6-40.el7.ppc64" }, "product_reference": "mod_ssl-1:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:mod_ssl-1:2.4.6-40.el7.ppc64le" }, "product_reference": "mod_ssl-1:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:mod_ssl-1:2.4.6-40.el7.s390x" }, "product_reference": "mod_ssl-1:2.4.6-40.el7.s390x", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional:mod_ssl-1:2.4.6-40.el7.x86_64" }, "product_reference": "mod_ssl-1:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7Workstation-optional" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:httpd-0:2.4.6-40.el7.aarch64" }, "product_reference": "httpd-0:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:httpd-0:2.4.6-40.el7.ppc64" }, "product_reference": "httpd-0:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:httpd-0:2.4.6-40.el7.ppc64le" }, "product_reference": "httpd-0:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:httpd-0:2.4.6-40.el7.s390x" }, "product_reference": "httpd-0:2.4.6-40.el7.s390x", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7.src as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:httpd-0:2.4.6-40.el7.src" }, "product_reference": "httpd-0:2.4.6-40.el7.src", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:httpd-0:2.4.6-40.el7.x86_64" }, "product_reference": "httpd-0:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:httpd-debuginfo-0:2.4.6-40.el7.aarch64" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:httpd-debuginfo-0:2.4.6-40.el7.ppc64" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:httpd-debuginfo-0:2.4.6-40.el7.ppc64le" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:httpd-debuginfo-0:2.4.6-40.el7.s390x" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7.s390x", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:httpd-debuginfo-0:2.4.6-40.el7.x86_64" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:httpd-devel-0:2.4.6-40.el7.aarch64" }, "product_reference": "httpd-devel-0:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:httpd-devel-0:2.4.6-40.el7.ppc64" }, "product_reference": "httpd-devel-0:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:httpd-devel-0:2.4.6-40.el7.ppc64le" }, "product_reference": "httpd-devel-0:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:httpd-devel-0:2.4.6-40.el7.s390x" }, "product_reference": "httpd-devel-0:2.4.6-40.el7.s390x", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:httpd-devel-0:2.4.6-40.el7.x86_64" }, "product_reference": "httpd-devel-0:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.4.6-40.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:httpd-manual-0:2.4.6-40.el7.noarch" }, "product_reference": "httpd-manual-0:2.4.6-40.el7.noarch", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:httpd-tools-0:2.4.6-40.el7.aarch64" }, "product_reference": "httpd-tools-0:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:httpd-tools-0:2.4.6-40.el7.ppc64" }, "product_reference": "httpd-tools-0:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:httpd-tools-0:2.4.6-40.el7.ppc64le" }, "product_reference": "httpd-tools-0:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:httpd-tools-0:2.4.6-40.el7.s390x" }, "product_reference": "httpd-tools-0:2.4.6-40.el7.s390x", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:httpd-tools-0:2.4.6-40.el7.x86_64" }, "product_reference": "httpd-tools-0:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:mod_ldap-0:2.4.6-40.el7.aarch64" }, "product_reference": "mod_ldap-0:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:mod_ldap-0:2.4.6-40.el7.ppc64" }, "product_reference": "mod_ldap-0:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:mod_ldap-0:2.4.6-40.el7.ppc64le" }, "product_reference": "mod_ldap-0:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:mod_ldap-0:2.4.6-40.el7.s390x" }, "product_reference": "mod_ldap-0:2.4.6-40.el7.s390x", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:mod_ldap-0:2.4.6-40.el7.x86_64" }, "product_reference": "mod_ldap-0:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:mod_proxy_html-1:2.4.6-40.el7.aarch64" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:mod_proxy_html-1:2.4.6-40.el7.ppc64" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:mod_proxy_html-1:2.4.6-40.el7.ppc64le" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:mod_proxy_html-1:2.4.6-40.el7.s390x" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7.s390x", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:mod_proxy_html-1:2.4.6-40.el7.x86_64" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:mod_session-0:2.4.6-40.el7.aarch64" }, "product_reference": "mod_session-0:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:mod_session-0:2.4.6-40.el7.ppc64" }, "product_reference": "mod_session-0:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:mod_session-0:2.4.6-40.el7.ppc64le" }, "product_reference": "mod_session-0:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:mod_session-0:2.4.6-40.el7.s390x" }, "product_reference": "mod_session-0:2.4.6-40.el7.s390x", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:mod_session-0:2.4.6-40.el7.x86_64" }, "product_reference": "mod_session-0:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:mod_ssl-1:2.4.6-40.el7.aarch64" }, "product_reference": "mod_ssl-1:2.4.6-40.el7.aarch64", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:mod_ssl-1:2.4.6-40.el7.ppc64" }, "product_reference": "mod_ssl-1:2.4.6-40.el7.ppc64", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:mod_ssl-1:2.4.6-40.el7.ppc64le" }, "product_reference": "mod_ssl-1:2.4.6-40.el7.ppc64le", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:mod_ssl-1:2.4.6-40.el7.s390x" }, "product_reference": "mod_ssl-1:2.4.6-40.el7.s390x", "relates_to_product_reference": "7Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation:mod_ssl-1:2.4.6-40.el7.x86_64" }, "product_reference": "mod_ssl-1:2.4.6-40.el7.x86_64", "relates_to_product_reference": "7Workstation" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "the Apache project" ] } ], "cve": "CVE-2020-11985", "cwe": { "id": "CWE-345", "name": "Insufficient Verification of Data Authenticity" }, "discovery_date": "2020-08-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1866559" } ], "notes": [ { "category": "description", "text": "A flaw was found in the mod_remoteip module shipped with the httpd package. This flaw allows an attacker to spoof the IP address, resulting in the bypass of a mod_rewrite rule. The highest threat from this vulnerability is to integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: IP address spoofing when proxying using mod_remoteip and mod_rewrite", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue only affects httpd-2.4.x, therefore, httpd packages shipped with Red Hat Enterprise Linux 6 are not affected by this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Client-optional:httpd-0:2.4.6-40.el7.aarch64", "7Client-optional:httpd-0:2.4.6-40.el7.ppc64", "7Client-optional:httpd-0:2.4.6-40.el7.ppc64le", "7Client-optional:httpd-0:2.4.6-40.el7.s390x", "7Client-optional:httpd-0:2.4.6-40.el7.src", "7Client-optional:httpd-0:2.4.6-40.el7.x86_64", "7Client-optional:httpd-debuginfo-0:2.4.6-40.el7.aarch64", "7Client-optional:httpd-debuginfo-0:2.4.6-40.el7.ppc64", "7Client-optional:httpd-debuginfo-0:2.4.6-40.el7.ppc64le", "7Client-optional:httpd-debuginfo-0:2.4.6-40.el7.s390x", "7Client-optional:httpd-debuginfo-0:2.4.6-40.el7.x86_64", "7Client-optional:httpd-devel-0:2.4.6-40.el7.aarch64", "7Client-optional:httpd-devel-0:2.4.6-40.el7.ppc64", "7Client-optional:httpd-devel-0:2.4.6-40.el7.ppc64le", "7Client-optional:httpd-devel-0:2.4.6-40.el7.s390x", "7Client-optional:httpd-devel-0:2.4.6-40.el7.x86_64", "7Client-optional:httpd-manual-0:2.4.6-40.el7.noarch", "7Client-optional:httpd-tools-0:2.4.6-40.el7.aarch64", "7Client-optional:httpd-tools-0:2.4.6-40.el7.ppc64", "7Client-optional:httpd-tools-0:2.4.6-40.el7.ppc64le", "7Client-optional:httpd-tools-0:2.4.6-40.el7.s390x", "7Client-optional:httpd-tools-0:2.4.6-40.el7.x86_64", "7Client-optional:mod_ldap-0:2.4.6-40.el7.aarch64", "7Client-optional:mod_ldap-0:2.4.6-40.el7.ppc64", "7Client-optional:mod_ldap-0:2.4.6-40.el7.ppc64le", "7Client-optional:mod_ldap-0:2.4.6-40.el7.s390x", "7Client-optional:mod_ldap-0:2.4.6-40.el7.x86_64", "7Client-optional:mod_proxy_html-1:2.4.6-40.el7.aarch64", "7Client-optional:mod_proxy_html-1:2.4.6-40.el7.ppc64", "7Client-optional:mod_proxy_html-1:2.4.6-40.el7.ppc64le", "7Client-optional:mod_proxy_html-1:2.4.6-40.el7.s390x", "7Client-optional:mod_proxy_html-1:2.4.6-40.el7.x86_64", "7Client-optional:mod_session-0:2.4.6-40.el7.aarch64", "7Client-optional:mod_session-0:2.4.6-40.el7.ppc64", "7Client-optional:mod_session-0:2.4.6-40.el7.ppc64le", "7Client-optional:mod_session-0:2.4.6-40.el7.s390x", "7Client-optional:mod_session-0:2.4.6-40.el7.x86_64", "7Client-optional:mod_ssl-1:2.4.6-40.el7.aarch64", "7Client-optional:mod_ssl-1:2.4.6-40.el7.ppc64", "7Client-optional:mod_ssl-1:2.4.6-40.el7.ppc64le", "7Client-optional:mod_ssl-1:2.4.6-40.el7.s390x", "7Client-optional:mod_ssl-1:2.4.6-40.el7.x86_64", "7ComputeNode-optional:httpd-0:2.4.6-40.el7.aarch64", "7ComputeNode-optional:httpd-0:2.4.6-40.el7.ppc64", "7ComputeNode-optional:httpd-0:2.4.6-40.el7.ppc64le", "7ComputeNode-optional:httpd-0:2.4.6-40.el7.s390x", "7ComputeNode-optional:httpd-0:2.4.6-40.el7.src", "7ComputeNode-optional:httpd-0:2.4.6-40.el7.x86_64", "7ComputeNode-optional:httpd-debuginfo-0:2.4.6-40.el7.aarch64", "7ComputeNode-optional:httpd-debuginfo-0:2.4.6-40.el7.ppc64", "7ComputeNode-optional:httpd-debuginfo-0:2.4.6-40.el7.ppc64le", "7ComputeNode-optional:httpd-debuginfo-0:2.4.6-40.el7.s390x", "7ComputeNode-optional:httpd-debuginfo-0:2.4.6-40.el7.x86_64", "7ComputeNode-optional:httpd-devel-0:2.4.6-40.el7.aarch64", "7ComputeNode-optional:httpd-devel-0:2.4.6-40.el7.ppc64", "7ComputeNode-optional:httpd-devel-0:2.4.6-40.el7.ppc64le", "7ComputeNode-optional:httpd-devel-0:2.4.6-40.el7.s390x", "7ComputeNode-optional:httpd-devel-0:2.4.6-40.el7.x86_64", "7ComputeNode-optional:httpd-manual-0:2.4.6-40.el7.noarch", "7ComputeNode-optional:httpd-tools-0:2.4.6-40.el7.aarch64", "7ComputeNode-optional:httpd-tools-0:2.4.6-40.el7.ppc64", "7ComputeNode-optional:httpd-tools-0:2.4.6-40.el7.ppc64le", "7ComputeNode-optional:httpd-tools-0:2.4.6-40.el7.s390x", "7ComputeNode-optional:httpd-tools-0:2.4.6-40.el7.x86_64", "7ComputeNode-optional:mod_ldap-0:2.4.6-40.el7.aarch64", "7ComputeNode-optional:mod_ldap-0:2.4.6-40.el7.ppc64", "7ComputeNode-optional:mod_ldap-0:2.4.6-40.el7.ppc64le", "7ComputeNode-optional:mod_ldap-0:2.4.6-40.el7.s390x", "7ComputeNode-optional:mod_ldap-0:2.4.6-40.el7.x86_64", "7ComputeNode-optional:mod_proxy_html-1:2.4.6-40.el7.aarch64", "7ComputeNode-optional:mod_proxy_html-1:2.4.6-40.el7.ppc64", "7ComputeNode-optional:mod_proxy_html-1:2.4.6-40.el7.ppc64le", "7ComputeNode-optional:mod_proxy_html-1:2.4.6-40.el7.s390x", "7ComputeNode-optional:mod_proxy_html-1:2.4.6-40.el7.x86_64", "7ComputeNode-optional:mod_session-0:2.4.6-40.el7.aarch64", "7ComputeNode-optional:mod_session-0:2.4.6-40.el7.ppc64", "7ComputeNode-optional:mod_session-0:2.4.6-40.el7.ppc64le", "7ComputeNode-optional:mod_session-0:2.4.6-40.el7.s390x", "7ComputeNode-optional:mod_session-0:2.4.6-40.el7.x86_64", "7ComputeNode-optional:mod_ssl-1:2.4.6-40.el7.aarch64", "7ComputeNode-optional:mod_ssl-1:2.4.6-40.el7.ppc64", "7ComputeNode-optional:mod_ssl-1:2.4.6-40.el7.ppc64le", "7ComputeNode-optional:mod_ssl-1:2.4.6-40.el7.s390x", "7ComputeNode-optional:mod_ssl-1:2.4.6-40.el7.x86_64", "7Server-optional:httpd-0:2.4.6-40.el7.aarch64", "7Server-optional:httpd-0:2.4.6-40.el7.ppc64", "7Server-optional:httpd-0:2.4.6-40.el7.ppc64le", "7Server-optional:httpd-0:2.4.6-40.el7.s390x", "7Server-optional:httpd-0:2.4.6-40.el7.src", "7Server-optional:httpd-0:2.4.6-40.el7.x86_64", "7Server-optional:httpd-debuginfo-0:2.4.6-40.el7.aarch64", "7Server-optional:httpd-debuginfo-0:2.4.6-40.el7.ppc64", "7Server-optional:httpd-debuginfo-0:2.4.6-40.el7.ppc64le", "7Server-optional:httpd-debuginfo-0:2.4.6-40.el7.s390x", "7Server-optional:httpd-debuginfo-0:2.4.6-40.el7.x86_64", "7Server-optional:httpd-devel-0:2.4.6-40.el7.aarch64", "7Server-optional:httpd-devel-0:2.4.6-40.el7.ppc64", "7Server-optional:httpd-devel-0:2.4.6-40.el7.ppc64le", "7Server-optional:httpd-devel-0:2.4.6-40.el7.s390x", "7Server-optional:httpd-devel-0:2.4.6-40.el7.x86_64", "7Server-optional:httpd-manual-0:2.4.6-40.el7.noarch", "7Server-optional:httpd-tools-0:2.4.6-40.el7.aarch64", "7Server-optional:httpd-tools-0:2.4.6-40.el7.ppc64", "7Server-optional:httpd-tools-0:2.4.6-40.el7.ppc64le", "7Server-optional:httpd-tools-0:2.4.6-40.el7.s390x", "7Server-optional:httpd-tools-0:2.4.6-40.el7.x86_64", "7Server-optional:mod_ldap-0:2.4.6-40.el7.aarch64", "7Server-optional:mod_ldap-0:2.4.6-40.el7.ppc64", "7Server-optional:mod_ldap-0:2.4.6-40.el7.ppc64le", "7Server-optional:mod_ldap-0:2.4.6-40.el7.s390x", "7Server-optional:mod_ldap-0:2.4.6-40.el7.x86_64", "7Server-optional:mod_proxy_html-1:2.4.6-40.el7.aarch64", "7Server-optional:mod_proxy_html-1:2.4.6-40.el7.ppc64", "7Server-optional:mod_proxy_html-1:2.4.6-40.el7.ppc64le", "7Server-optional:mod_proxy_html-1:2.4.6-40.el7.s390x", "7Server-optional:mod_proxy_html-1:2.4.6-40.el7.x86_64", "7Server-optional:mod_session-0:2.4.6-40.el7.aarch64", "7Server-optional:mod_session-0:2.4.6-40.el7.ppc64", "7Server-optional:mod_session-0:2.4.6-40.el7.ppc64le", "7Server-optional:mod_session-0:2.4.6-40.el7.s390x", "7Server-optional:mod_session-0:2.4.6-40.el7.x86_64", "7Server-optional:mod_ssl-1:2.4.6-40.el7.aarch64", "7Server-optional:mod_ssl-1:2.4.6-40.el7.ppc64", "7Server-optional:mod_ssl-1:2.4.6-40.el7.ppc64le", "7Server-optional:mod_ssl-1:2.4.6-40.el7.s390x", "7Server-optional:mod_ssl-1:2.4.6-40.el7.x86_64", "7Server:httpd-0:2.4.6-40.el7.aarch64", "7Server:httpd-0:2.4.6-40.el7.ppc64", "7Server:httpd-0:2.4.6-40.el7.ppc64le", "7Server:httpd-0:2.4.6-40.el7.s390x", "7Server:httpd-0:2.4.6-40.el7.src", "7Server:httpd-0:2.4.6-40.el7.x86_64", "7Server:httpd-debuginfo-0:2.4.6-40.el7.aarch64", "7Server:httpd-debuginfo-0:2.4.6-40.el7.ppc64", "7Server:httpd-debuginfo-0:2.4.6-40.el7.ppc64le", "7Server:httpd-debuginfo-0:2.4.6-40.el7.s390x", "7Server:httpd-debuginfo-0:2.4.6-40.el7.x86_64", "7Server:httpd-devel-0:2.4.6-40.el7.aarch64", "7Server:httpd-devel-0:2.4.6-40.el7.ppc64", "7Server:httpd-devel-0:2.4.6-40.el7.ppc64le", "7Server:httpd-devel-0:2.4.6-40.el7.s390x", "7Server:httpd-devel-0:2.4.6-40.el7.x86_64", "7Server:httpd-manual-0:2.4.6-40.el7.noarch", "7Server:httpd-tools-0:2.4.6-40.el7.aarch64", "7Server:httpd-tools-0:2.4.6-40.el7.ppc64", "7Server:httpd-tools-0:2.4.6-40.el7.ppc64le", "7Server:httpd-tools-0:2.4.6-40.el7.s390x", "7Server:httpd-tools-0:2.4.6-40.el7.x86_64", "7Server:mod_ldap-0:2.4.6-40.el7.aarch64", "7Server:mod_ldap-0:2.4.6-40.el7.ppc64", "7Server:mod_ldap-0:2.4.6-40.el7.ppc64le", "7Server:mod_ldap-0:2.4.6-40.el7.s390x", "7Server:mod_ldap-0:2.4.6-40.el7.x86_64", "7Server:mod_proxy_html-1:2.4.6-40.el7.aarch64", "7Server:mod_proxy_html-1:2.4.6-40.el7.ppc64", "7Server:mod_proxy_html-1:2.4.6-40.el7.ppc64le", "7Server:mod_proxy_html-1:2.4.6-40.el7.s390x", "7Server:mod_proxy_html-1:2.4.6-40.el7.x86_64", "7Server:mod_session-0:2.4.6-40.el7.aarch64", "7Server:mod_session-0:2.4.6-40.el7.ppc64", "7Server:mod_session-0:2.4.6-40.el7.ppc64le", "7Server:mod_session-0:2.4.6-40.el7.s390x", "7Server:mod_session-0:2.4.6-40.el7.x86_64", "7Server:mod_ssl-1:2.4.6-40.el7.aarch64", "7Server:mod_ssl-1:2.4.6-40.el7.ppc64", "7Server:mod_ssl-1:2.4.6-40.el7.ppc64le", "7Server:mod_ssl-1:2.4.6-40.el7.s390x", "7Server:mod_ssl-1:2.4.6-40.el7.x86_64", "7Workstation-optional:httpd-0:2.4.6-40.el7.aarch64", "7Workstation-optional:httpd-0:2.4.6-40.el7.ppc64", "7Workstation-optional:httpd-0:2.4.6-40.el7.ppc64le", "7Workstation-optional:httpd-0:2.4.6-40.el7.s390x", "7Workstation-optional:httpd-0:2.4.6-40.el7.src", "7Workstation-optional:httpd-0:2.4.6-40.el7.x86_64", "7Workstation-optional:httpd-debuginfo-0:2.4.6-40.el7.aarch64", "7Workstation-optional:httpd-debuginfo-0:2.4.6-40.el7.ppc64", "7Workstation-optional:httpd-debuginfo-0:2.4.6-40.el7.ppc64le", "7Workstation-optional:httpd-debuginfo-0:2.4.6-40.el7.s390x", "7Workstation-optional:httpd-debuginfo-0:2.4.6-40.el7.x86_64", "7Workstation-optional:httpd-devel-0:2.4.6-40.el7.aarch64", "7Workstation-optional:httpd-devel-0:2.4.6-40.el7.ppc64", "7Workstation-optional:httpd-devel-0:2.4.6-40.el7.ppc64le", "7Workstation-optional:httpd-devel-0:2.4.6-40.el7.s390x", "7Workstation-optional:httpd-devel-0:2.4.6-40.el7.x86_64", "7Workstation-optional:httpd-manual-0:2.4.6-40.el7.noarch", "7Workstation-optional:httpd-tools-0:2.4.6-40.el7.aarch64", "7Workstation-optional:httpd-tools-0:2.4.6-40.el7.ppc64", "7Workstation-optional:httpd-tools-0:2.4.6-40.el7.ppc64le", "7Workstation-optional:httpd-tools-0:2.4.6-40.el7.s390x", "7Workstation-optional:httpd-tools-0:2.4.6-40.el7.x86_64", "7Workstation-optional:mod_ldap-0:2.4.6-40.el7.aarch64", "7Workstation-optional:mod_ldap-0:2.4.6-40.el7.ppc64", "7Workstation-optional:mod_ldap-0:2.4.6-40.el7.ppc64le", "7Workstation-optional:mod_ldap-0:2.4.6-40.el7.s390x", "7Workstation-optional:mod_ldap-0:2.4.6-40.el7.x86_64", "7Workstation-optional:mod_proxy_html-1:2.4.6-40.el7.aarch64", "7Workstation-optional:mod_proxy_html-1:2.4.6-40.el7.ppc64", "7Workstation-optional:mod_proxy_html-1:2.4.6-40.el7.ppc64le", "7Workstation-optional:mod_proxy_html-1:2.4.6-40.el7.s390x", "7Workstation-optional:mod_proxy_html-1:2.4.6-40.el7.x86_64", "7Workstation-optional:mod_session-0:2.4.6-40.el7.aarch64", "7Workstation-optional:mod_session-0:2.4.6-40.el7.ppc64", "7Workstation-optional:mod_session-0:2.4.6-40.el7.ppc64le", "7Workstation-optional:mod_session-0:2.4.6-40.el7.s390x", "7Workstation-optional:mod_session-0:2.4.6-40.el7.x86_64", "7Workstation-optional:mod_ssl-1:2.4.6-40.el7.aarch64", "7Workstation-optional:mod_ssl-1:2.4.6-40.el7.ppc64", "7Workstation-optional:mod_ssl-1:2.4.6-40.el7.ppc64le", "7Workstation-optional:mod_ssl-1:2.4.6-40.el7.s390x", "7Workstation-optional:mod_ssl-1:2.4.6-40.el7.x86_64", "7Workstation:httpd-0:2.4.6-40.el7.aarch64", "7Workstation:httpd-0:2.4.6-40.el7.ppc64", "7Workstation:httpd-0:2.4.6-40.el7.ppc64le", "7Workstation:httpd-0:2.4.6-40.el7.s390x", "7Workstation:httpd-0:2.4.6-40.el7.src", "7Workstation:httpd-0:2.4.6-40.el7.x86_64", "7Workstation:httpd-debuginfo-0:2.4.6-40.el7.aarch64", "7Workstation:httpd-debuginfo-0:2.4.6-40.el7.ppc64", "7Workstation:httpd-debuginfo-0:2.4.6-40.el7.ppc64le", "7Workstation:httpd-debuginfo-0:2.4.6-40.el7.s390x", "7Workstation:httpd-debuginfo-0:2.4.6-40.el7.x86_64", "7Workstation:httpd-devel-0:2.4.6-40.el7.aarch64", "7Workstation:httpd-devel-0:2.4.6-40.el7.ppc64", "7Workstation:httpd-devel-0:2.4.6-40.el7.ppc64le", "7Workstation:httpd-devel-0:2.4.6-40.el7.s390x", "7Workstation:httpd-devel-0:2.4.6-40.el7.x86_64", "7Workstation:httpd-manual-0:2.4.6-40.el7.noarch", "7Workstation:httpd-tools-0:2.4.6-40.el7.aarch64", "7Workstation:httpd-tools-0:2.4.6-40.el7.ppc64", "7Workstation:httpd-tools-0:2.4.6-40.el7.ppc64le", "7Workstation:httpd-tools-0:2.4.6-40.el7.s390x", "7Workstation:httpd-tools-0:2.4.6-40.el7.x86_64", "7Workstation:mod_ldap-0:2.4.6-40.el7.aarch64", "7Workstation:mod_ldap-0:2.4.6-40.el7.ppc64", "7Workstation:mod_ldap-0:2.4.6-40.el7.ppc64le", "7Workstation:mod_ldap-0:2.4.6-40.el7.s390x", "7Workstation:mod_ldap-0:2.4.6-40.el7.x86_64", "7Workstation:mod_proxy_html-1:2.4.6-40.el7.aarch64", "7Workstation:mod_proxy_html-1:2.4.6-40.el7.ppc64", "7Workstation:mod_proxy_html-1:2.4.6-40.el7.ppc64le", "7Workstation:mod_proxy_html-1:2.4.6-40.el7.s390x", "7Workstation:mod_proxy_html-1:2.4.6-40.el7.x86_64", "7Workstation:mod_session-0:2.4.6-40.el7.aarch64", "7Workstation:mod_session-0:2.4.6-40.el7.ppc64", "7Workstation:mod_session-0:2.4.6-40.el7.ppc64le", "7Workstation:mod_session-0:2.4.6-40.el7.s390x", "7Workstation:mod_session-0:2.4.6-40.el7.x86_64", "7Workstation:mod_ssl-1:2.4.6-40.el7.aarch64", "7Workstation:mod_ssl-1:2.4.6-40.el7.ppc64", "7Workstation:mod_ssl-1:2.4.6-40.el7.ppc64le", "7Workstation:mod_ssl-1:2.4.6-40.el7.s390x", "7Workstation:mod_ssl-1:2.4.6-40.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11985" }, { "category": "external", "summary": "RHBZ#1866559", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866559" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11985", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11985" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11985", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11985" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11985", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11985" } ], "release_date": "2020-08-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-11-19T03:05:27+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Client-optional:httpd-0:2.4.6-40.el7.aarch64", "7Client-optional:httpd-0:2.4.6-40.el7.ppc64", "7Client-optional:httpd-0:2.4.6-40.el7.ppc64le", "7Client-optional:httpd-0:2.4.6-40.el7.s390x", "7Client-optional:httpd-0:2.4.6-40.el7.src", "7Client-optional:httpd-0:2.4.6-40.el7.x86_64", "7Client-optional:httpd-debuginfo-0:2.4.6-40.el7.aarch64", "7Client-optional:httpd-debuginfo-0:2.4.6-40.el7.ppc64", "7Client-optional:httpd-debuginfo-0:2.4.6-40.el7.ppc64le", "7Client-optional:httpd-debuginfo-0:2.4.6-40.el7.s390x", "7Client-optional:httpd-debuginfo-0:2.4.6-40.el7.x86_64", "7Client-optional:httpd-devel-0:2.4.6-40.el7.aarch64", "7Client-optional:httpd-devel-0:2.4.6-40.el7.ppc64", "7Client-optional:httpd-devel-0:2.4.6-40.el7.ppc64le", "7Client-optional:httpd-devel-0:2.4.6-40.el7.s390x", "7Client-optional:httpd-devel-0:2.4.6-40.el7.x86_64", "7Client-optional:httpd-manual-0:2.4.6-40.el7.noarch", "7Client-optional:httpd-tools-0:2.4.6-40.el7.aarch64", "7Client-optional:httpd-tools-0:2.4.6-40.el7.ppc64", "7Client-optional:httpd-tools-0:2.4.6-40.el7.ppc64le", "7Client-optional:httpd-tools-0:2.4.6-40.el7.s390x", "7Client-optional:httpd-tools-0:2.4.6-40.el7.x86_64", "7Client-optional:mod_ldap-0:2.4.6-40.el7.aarch64", "7Client-optional:mod_ldap-0:2.4.6-40.el7.ppc64", "7Client-optional:mod_ldap-0:2.4.6-40.el7.ppc64le", "7Client-optional:mod_ldap-0:2.4.6-40.el7.s390x", "7Client-optional:mod_ldap-0:2.4.6-40.el7.x86_64", "7Client-optional:mod_proxy_html-1:2.4.6-40.el7.aarch64", "7Client-optional:mod_proxy_html-1:2.4.6-40.el7.ppc64", "7Client-optional:mod_proxy_html-1:2.4.6-40.el7.ppc64le", "7Client-optional:mod_proxy_html-1:2.4.6-40.el7.s390x", "7Client-optional:mod_proxy_html-1:2.4.6-40.el7.x86_64", "7Client-optional:mod_session-0:2.4.6-40.el7.aarch64", "7Client-optional:mod_session-0:2.4.6-40.el7.ppc64", "7Client-optional:mod_session-0:2.4.6-40.el7.ppc64le", "7Client-optional:mod_session-0:2.4.6-40.el7.s390x", "7Client-optional:mod_session-0:2.4.6-40.el7.x86_64", "7Client-optional:mod_ssl-1:2.4.6-40.el7.aarch64", "7Client-optional:mod_ssl-1:2.4.6-40.el7.ppc64", "7Client-optional:mod_ssl-1:2.4.6-40.el7.ppc64le", "7Client-optional:mod_ssl-1:2.4.6-40.el7.s390x", "7Client-optional:mod_ssl-1:2.4.6-40.el7.x86_64", "7ComputeNode-optional:httpd-0:2.4.6-40.el7.aarch64", "7ComputeNode-optional:httpd-0:2.4.6-40.el7.ppc64", "7ComputeNode-optional:httpd-0:2.4.6-40.el7.ppc64le", "7ComputeNode-optional:httpd-0:2.4.6-40.el7.s390x", "7ComputeNode-optional:httpd-0:2.4.6-40.el7.src", "7ComputeNode-optional:httpd-0:2.4.6-40.el7.x86_64", "7ComputeNode-optional:httpd-debuginfo-0:2.4.6-40.el7.aarch64", "7ComputeNode-optional:httpd-debuginfo-0:2.4.6-40.el7.ppc64", "7ComputeNode-optional:httpd-debuginfo-0:2.4.6-40.el7.ppc64le", "7ComputeNode-optional:httpd-debuginfo-0:2.4.6-40.el7.s390x", "7ComputeNode-optional:httpd-debuginfo-0:2.4.6-40.el7.x86_64", "7ComputeNode-optional:httpd-devel-0:2.4.6-40.el7.aarch64", "7ComputeNode-optional:httpd-devel-0:2.4.6-40.el7.ppc64", "7ComputeNode-optional:httpd-devel-0:2.4.6-40.el7.ppc64le", "7ComputeNode-optional:httpd-devel-0:2.4.6-40.el7.s390x", "7ComputeNode-optional:httpd-devel-0:2.4.6-40.el7.x86_64", "7ComputeNode-optional:httpd-manual-0:2.4.6-40.el7.noarch", "7ComputeNode-optional:httpd-tools-0:2.4.6-40.el7.aarch64", "7ComputeNode-optional:httpd-tools-0:2.4.6-40.el7.ppc64", "7ComputeNode-optional:httpd-tools-0:2.4.6-40.el7.ppc64le", "7ComputeNode-optional:httpd-tools-0:2.4.6-40.el7.s390x", "7ComputeNode-optional:httpd-tools-0:2.4.6-40.el7.x86_64", "7ComputeNode-optional:mod_ldap-0:2.4.6-40.el7.aarch64", "7ComputeNode-optional:mod_ldap-0:2.4.6-40.el7.ppc64", "7ComputeNode-optional:mod_ldap-0:2.4.6-40.el7.ppc64le", "7ComputeNode-optional:mod_ldap-0:2.4.6-40.el7.s390x", "7ComputeNode-optional:mod_ldap-0:2.4.6-40.el7.x86_64", "7ComputeNode-optional:mod_proxy_html-1:2.4.6-40.el7.aarch64", "7ComputeNode-optional:mod_proxy_html-1:2.4.6-40.el7.ppc64", "7ComputeNode-optional:mod_proxy_html-1:2.4.6-40.el7.ppc64le", "7ComputeNode-optional:mod_proxy_html-1:2.4.6-40.el7.s390x", "7ComputeNode-optional:mod_proxy_html-1:2.4.6-40.el7.x86_64", "7ComputeNode-optional:mod_session-0:2.4.6-40.el7.aarch64", "7ComputeNode-optional:mod_session-0:2.4.6-40.el7.ppc64", "7ComputeNode-optional:mod_session-0:2.4.6-40.el7.ppc64le", "7ComputeNode-optional:mod_session-0:2.4.6-40.el7.s390x", "7ComputeNode-optional:mod_session-0:2.4.6-40.el7.x86_64", "7ComputeNode-optional:mod_ssl-1:2.4.6-40.el7.aarch64", "7ComputeNode-optional:mod_ssl-1:2.4.6-40.el7.ppc64", "7ComputeNode-optional:mod_ssl-1:2.4.6-40.el7.ppc64le", "7ComputeNode-optional:mod_ssl-1:2.4.6-40.el7.s390x", "7ComputeNode-optional:mod_ssl-1:2.4.6-40.el7.x86_64", "7Server-optional:httpd-0:2.4.6-40.el7.aarch64", "7Server-optional:httpd-0:2.4.6-40.el7.ppc64", "7Server-optional:httpd-0:2.4.6-40.el7.ppc64le", "7Server-optional:httpd-0:2.4.6-40.el7.s390x", "7Server-optional:httpd-0:2.4.6-40.el7.src", "7Server-optional:httpd-0:2.4.6-40.el7.x86_64", "7Server-optional:httpd-debuginfo-0:2.4.6-40.el7.aarch64", "7Server-optional:httpd-debuginfo-0:2.4.6-40.el7.ppc64", "7Server-optional:httpd-debuginfo-0:2.4.6-40.el7.ppc64le", "7Server-optional:httpd-debuginfo-0:2.4.6-40.el7.s390x", "7Server-optional:httpd-debuginfo-0:2.4.6-40.el7.x86_64", "7Server-optional:httpd-devel-0:2.4.6-40.el7.aarch64", "7Server-optional:httpd-devel-0:2.4.6-40.el7.ppc64", "7Server-optional:httpd-devel-0:2.4.6-40.el7.ppc64le", "7Server-optional:httpd-devel-0:2.4.6-40.el7.s390x", "7Server-optional:httpd-devel-0:2.4.6-40.el7.x86_64", "7Server-optional:httpd-manual-0:2.4.6-40.el7.noarch", "7Server-optional:httpd-tools-0:2.4.6-40.el7.aarch64", "7Server-optional:httpd-tools-0:2.4.6-40.el7.ppc64", "7Server-optional:httpd-tools-0:2.4.6-40.el7.ppc64le", "7Server-optional:httpd-tools-0:2.4.6-40.el7.s390x", "7Server-optional:httpd-tools-0:2.4.6-40.el7.x86_64", "7Server-optional:mod_ldap-0:2.4.6-40.el7.aarch64", "7Server-optional:mod_ldap-0:2.4.6-40.el7.ppc64", "7Server-optional:mod_ldap-0:2.4.6-40.el7.ppc64le", "7Server-optional:mod_ldap-0:2.4.6-40.el7.s390x", "7Server-optional:mod_ldap-0:2.4.6-40.el7.x86_64", "7Server-optional:mod_proxy_html-1:2.4.6-40.el7.aarch64", "7Server-optional:mod_proxy_html-1:2.4.6-40.el7.ppc64", "7Server-optional:mod_proxy_html-1:2.4.6-40.el7.ppc64le", "7Server-optional:mod_proxy_html-1:2.4.6-40.el7.s390x", "7Server-optional:mod_proxy_html-1:2.4.6-40.el7.x86_64", "7Server-optional:mod_session-0:2.4.6-40.el7.aarch64", "7Server-optional:mod_session-0:2.4.6-40.el7.ppc64", "7Server-optional:mod_session-0:2.4.6-40.el7.ppc64le", "7Server-optional:mod_session-0:2.4.6-40.el7.s390x", "7Server-optional:mod_session-0:2.4.6-40.el7.x86_64", "7Server-optional:mod_ssl-1:2.4.6-40.el7.aarch64", "7Server-optional:mod_ssl-1:2.4.6-40.el7.ppc64", "7Server-optional:mod_ssl-1:2.4.6-40.el7.ppc64le", "7Server-optional:mod_ssl-1:2.4.6-40.el7.s390x", "7Server-optional:mod_ssl-1:2.4.6-40.el7.x86_64", "7Server:httpd-0:2.4.6-40.el7.aarch64", "7Server:httpd-0:2.4.6-40.el7.ppc64", "7Server:httpd-0:2.4.6-40.el7.ppc64le", "7Server:httpd-0:2.4.6-40.el7.s390x", "7Server:httpd-0:2.4.6-40.el7.src", "7Server:httpd-0:2.4.6-40.el7.x86_64", "7Server:httpd-debuginfo-0:2.4.6-40.el7.aarch64", "7Server:httpd-debuginfo-0:2.4.6-40.el7.ppc64", "7Server:httpd-debuginfo-0:2.4.6-40.el7.ppc64le", "7Server:httpd-debuginfo-0:2.4.6-40.el7.s390x", "7Server:httpd-debuginfo-0:2.4.6-40.el7.x86_64", "7Server:httpd-devel-0:2.4.6-40.el7.aarch64", "7Server:httpd-devel-0:2.4.6-40.el7.ppc64", "7Server:httpd-devel-0:2.4.6-40.el7.ppc64le", "7Server:httpd-devel-0:2.4.6-40.el7.s390x", "7Server:httpd-devel-0:2.4.6-40.el7.x86_64", "7Server:httpd-manual-0:2.4.6-40.el7.noarch", "7Server:httpd-tools-0:2.4.6-40.el7.aarch64", "7Server:httpd-tools-0:2.4.6-40.el7.ppc64", "7Server:httpd-tools-0:2.4.6-40.el7.ppc64le", "7Server:httpd-tools-0:2.4.6-40.el7.s390x", "7Server:httpd-tools-0:2.4.6-40.el7.x86_64", "7Server:mod_ldap-0:2.4.6-40.el7.aarch64", "7Server:mod_ldap-0:2.4.6-40.el7.ppc64", "7Server:mod_ldap-0:2.4.6-40.el7.ppc64le", "7Server:mod_ldap-0:2.4.6-40.el7.s390x", "7Server:mod_ldap-0:2.4.6-40.el7.x86_64", "7Server:mod_proxy_html-1:2.4.6-40.el7.aarch64", "7Server:mod_proxy_html-1:2.4.6-40.el7.ppc64", "7Server:mod_proxy_html-1:2.4.6-40.el7.ppc64le", "7Server:mod_proxy_html-1:2.4.6-40.el7.s390x", "7Server:mod_proxy_html-1:2.4.6-40.el7.x86_64", "7Server:mod_session-0:2.4.6-40.el7.aarch64", "7Server:mod_session-0:2.4.6-40.el7.ppc64", "7Server:mod_session-0:2.4.6-40.el7.ppc64le", "7Server:mod_session-0:2.4.6-40.el7.s390x", "7Server:mod_session-0:2.4.6-40.el7.x86_64", "7Server:mod_ssl-1:2.4.6-40.el7.aarch64", "7Server:mod_ssl-1:2.4.6-40.el7.ppc64", "7Server:mod_ssl-1:2.4.6-40.el7.ppc64le", "7Server:mod_ssl-1:2.4.6-40.el7.s390x", "7Server:mod_ssl-1:2.4.6-40.el7.x86_64", "7Workstation-optional:httpd-0:2.4.6-40.el7.aarch64", "7Workstation-optional:httpd-0:2.4.6-40.el7.ppc64", "7Workstation-optional:httpd-0:2.4.6-40.el7.ppc64le", "7Workstation-optional:httpd-0:2.4.6-40.el7.s390x", "7Workstation-optional:httpd-0:2.4.6-40.el7.src", "7Workstation-optional:httpd-0:2.4.6-40.el7.x86_64", "7Workstation-optional:httpd-debuginfo-0:2.4.6-40.el7.aarch64", "7Workstation-optional:httpd-debuginfo-0:2.4.6-40.el7.ppc64", "7Workstation-optional:httpd-debuginfo-0:2.4.6-40.el7.ppc64le", "7Workstation-optional:httpd-debuginfo-0:2.4.6-40.el7.s390x", "7Workstation-optional:httpd-debuginfo-0:2.4.6-40.el7.x86_64", "7Workstation-optional:httpd-devel-0:2.4.6-40.el7.aarch64", "7Workstation-optional:httpd-devel-0:2.4.6-40.el7.ppc64", "7Workstation-optional:httpd-devel-0:2.4.6-40.el7.ppc64le", "7Workstation-optional:httpd-devel-0:2.4.6-40.el7.s390x", "7Workstation-optional:httpd-devel-0:2.4.6-40.el7.x86_64", "7Workstation-optional:httpd-manual-0:2.4.6-40.el7.noarch", "7Workstation-optional:httpd-tools-0:2.4.6-40.el7.aarch64", "7Workstation-optional:httpd-tools-0:2.4.6-40.el7.ppc64", "7Workstation-optional:httpd-tools-0:2.4.6-40.el7.ppc64le", "7Workstation-optional:httpd-tools-0:2.4.6-40.el7.s390x", "7Workstation-optional:httpd-tools-0:2.4.6-40.el7.x86_64", "7Workstation-optional:mod_ldap-0:2.4.6-40.el7.aarch64", "7Workstation-optional:mod_ldap-0:2.4.6-40.el7.ppc64", "7Workstation-optional:mod_ldap-0:2.4.6-40.el7.ppc64le", "7Workstation-optional:mod_ldap-0:2.4.6-40.el7.s390x", "7Workstation-optional:mod_ldap-0:2.4.6-40.el7.x86_64", "7Workstation-optional:mod_proxy_html-1:2.4.6-40.el7.aarch64", "7Workstation-optional:mod_proxy_html-1:2.4.6-40.el7.ppc64", "7Workstation-optional:mod_proxy_html-1:2.4.6-40.el7.ppc64le", "7Workstation-optional:mod_proxy_html-1:2.4.6-40.el7.s390x", "7Workstation-optional:mod_proxy_html-1:2.4.6-40.el7.x86_64", "7Workstation-optional:mod_session-0:2.4.6-40.el7.aarch64", "7Workstation-optional:mod_session-0:2.4.6-40.el7.ppc64", "7Workstation-optional:mod_session-0:2.4.6-40.el7.ppc64le", "7Workstation-optional:mod_session-0:2.4.6-40.el7.s390x", "7Workstation-optional:mod_session-0:2.4.6-40.el7.x86_64", "7Workstation-optional:mod_ssl-1:2.4.6-40.el7.aarch64", "7Workstation-optional:mod_ssl-1:2.4.6-40.el7.ppc64", "7Workstation-optional:mod_ssl-1:2.4.6-40.el7.ppc64le", "7Workstation-optional:mod_ssl-1:2.4.6-40.el7.s390x", "7Workstation-optional:mod_ssl-1:2.4.6-40.el7.x86_64", "7Workstation:httpd-0:2.4.6-40.el7.aarch64", "7Workstation:httpd-0:2.4.6-40.el7.ppc64", "7Workstation:httpd-0:2.4.6-40.el7.ppc64le", "7Workstation:httpd-0:2.4.6-40.el7.s390x", "7Workstation:httpd-0:2.4.6-40.el7.src", "7Workstation:httpd-0:2.4.6-40.el7.x86_64", "7Workstation:httpd-debuginfo-0:2.4.6-40.el7.aarch64", "7Workstation:httpd-debuginfo-0:2.4.6-40.el7.ppc64", "7Workstation:httpd-debuginfo-0:2.4.6-40.el7.ppc64le", "7Workstation:httpd-debuginfo-0:2.4.6-40.el7.s390x", "7Workstation:httpd-debuginfo-0:2.4.6-40.el7.x86_64", "7Workstation:httpd-devel-0:2.4.6-40.el7.aarch64", "7Workstation:httpd-devel-0:2.4.6-40.el7.ppc64", "7Workstation:httpd-devel-0:2.4.6-40.el7.ppc64le", "7Workstation:httpd-devel-0:2.4.6-40.el7.s390x", "7Workstation:httpd-devel-0:2.4.6-40.el7.x86_64", "7Workstation:httpd-manual-0:2.4.6-40.el7.noarch", "7Workstation:httpd-tools-0:2.4.6-40.el7.aarch64", "7Workstation:httpd-tools-0:2.4.6-40.el7.ppc64", "7Workstation:httpd-tools-0:2.4.6-40.el7.ppc64le", "7Workstation:httpd-tools-0:2.4.6-40.el7.s390x", "7Workstation:httpd-tools-0:2.4.6-40.el7.x86_64", "7Workstation:mod_ldap-0:2.4.6-40.el7.aarch64", "7Workstation:mod_ldap-0:2.4.6-40.el7.ppc64", "7Workstation:mod_ldap-0:2.4.6-40.el7.ppc64le", "7Workstation:mod_ldap-0:2.4.6-40.el7.s390x", "7Workstation:mod_ldap-0:2.4.6-40.el7.x86_64", "7Workstation:mod_proxy_html-1:2.4.6-40.el7.aarch64", "7Workstation:mod_proxy_html-1:2.4.6-40.el7.ppc64", "7Workstation:mod_proxy_html-1:2.4.6-40.el7.ppc64le", "7Workstation:mod_proxy_html-1:2.4.6-40.el7.s390x", "7Workstation:mod_proxy_html-1:2.4.6-40.el7.x86_64", "7Workstation:mod_session-0:2.4.6-40.el7.aarch64", "7Workstation:mod_session-0:2.4.6-40.el7.ppc64", "7Workstation:mod_session-0:2.4.6-40.el7.ppc64le", "7Workstation:mod_session-0:2.4.6-40.el7.s390x", "7Workstation:mod_session-0:2.4.6-40.el7.x86_64", "7Workstation:mod_ssl-1:2.4.6-40.el7.aarch64", "7Workstation:mod_ssl-1:2.4.6-40.el7.ppc64", "7Workstation:mod_ssl-1:2.4.6-40.el7.ppc64le", "7Workstation:mod_ssl-1:2.4.6-40.el7.s390x", "7Workstation:mod_ssl-1:2.4.6-40.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2015:2194" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "7Client-optional:httpd-0:2.4.6-40.el7.aarch64", "7Client-optional:httpd-0:2.4.6-40.el7.ppc64", "7Client-optional:httpd-0:2.4.6-40.el7.ppc64le", "7Client-optional:httpd-0:2.4.6-40.el7.s390x", "7Client-optional:httpd-0:2.4.6-40.el7.src", "7Client-optional:httpd-0:2.4.6-40.el7.x86_64", "7Client-optional:httpd-debuginfo-0:2.4.6-40.el7.aarch64", "7Client-optional:httpd-debuginfo-0:2.4.6-40.el7.ppc64", "7Client-optional:httpd-debuginfo-0:2.4.6-40.el7.ppc64le", "7Client-optional:httpd-debuginfo-0:2.4.6-40.el7.s390x", "7Client-optional:httpd-debuginfo-0:2.4.6-40.el7.x86_64", "7Client-optional:httpd-devel-0:2.4.6-40.el7.aarch64", "7Client-optional:httpd-devel-0:2.4.6-40.el7.ppc64", "7Client-optional:httpd-devel-0:2.4.6-40.el7.ppc64le", "7Client-optional:httpd-devel-0:2.4.6-40.el7.s390x", "7Client-optional:httpd-devel-0:2.4.6-40.el7.x86_64", "7Client-optional:httpd-manual-0:2.4.6-40.el7.noarch", "7Client-optional:httpd-tools-0:2.4.6-40.el7.aarch64", "7Client-optional:httpd-tools-0:2.4.6-40.el7.ppc64", "7Client-optional:httpd-tools-0:2.4.6-40.el7.ppc64le", "7Client-optional:httpd-tools-0:2.4.6-40.el7.s390x", "7Client-optional:httpd-tools-0:2.4.6-40.el7.x86_64", "7Client-optional:mod_ldap-0:2.4.6-40.el7.aarch64", "7Client-optional:mod_ldap-0:2.4.6-40.el7.ppc64", "7Client-optional:mod_ldap-0:2.4.6-40.el7.ppc64le", "7Client-optional:mod_ldap-0:2.4.6-40.el7.s390x", "7Client-optional:mod_ldap-0:2.4.6-40.el7.x86_64", "7Client-optional:mod_proxy_html-1:2.4.6-40.el7.aarch64", "7Client-optional:mod_proxy_html-1:2.4.6-40.el7.ppc64", "7Client-optional:mod_proxy_html-1:2.4.6-40.el7.ppc64le", "7Client-optional:mod_proxy_html-1:2.4.6-40.el7.s390x", "7Client-optional:mod_proxy_html-1:2.4.6-40.el7.x86_64", "7Client-optional:mod_session-0:2.4.6-40.el7.aarch64", "7Client-optional:mod_session-0:2.4.6-40.el7.ppc64", "7Client-optional:mod_session-0:2.4.6-40.el7.ppc64le", "7Client-optional:mod_session-0:2.4.6-40.el7.s390x", "7Client-optional:mod_session-0:2.4.6-40.el7.x86_64", "7Client-optional:mod_ssl-1:2.4.6-40.el7.aarch64", "7Client-optional:mod_ssl-1:2.4.6-40.el7.ppc64", "7Client-optional:mod_ssl-1:2.4.6-40.el7.ppc64le", "7Client-optional:mod_ssl-1:2.4.6-40.el7.s390x", "7Client-optional:mod_ssl-1:2.4.6-40.el7.x86_64", "7ComputeNode-optional:httpd-0:2.4.6-40.el7.aarch64", "7ComputeNode-optional:httpd-0:2.4.6-40.el7.ppc64", "7ComputeNode-optional:httpd-0:2.4.6-40.el7.ppc64le", "7ComputeNode-optional:httpd-0:2.4.6-40.el7.s390x", "7ComputeNode-optional:httpd-0:2.4.6-40.el7.src", "7ComputeNode-optional:httpd-0:2.4.6-40.el7.x86_64", "7ComputeNode-optional:httpd-debuginfo-0:2.4.6-40.el7.aarch64", "7ComputeNode-optional:httpd-debuginfo-0:2.4.6-40.el7.ppc64", "7ComputeNode-optional:httpd-debuginfo-0:2.4.6-40.el7.ppc64le", "7ComputeNode-optional:httpd-debuginfo-0:2.4.6-40.el7.s390x", "7ComputeNode-optional:httpd-debuginfo-0:2.4.6-40.el7.x86_64", "7ComputeNode-optional:httpd-devel-0:2.4.6-40.el7.aarch64", "7ComputeNode-optional:httpd-devel-0:2.4.6-40.el7.ppc64", "7ComputeNode-optional:httpd-devel-0:2.4.6-40.el7.ppc64le", "7ComputeNode-optional:httpd-devel-0:2.4.6-40.el7.s390x", "7ComputeNode-optional:httpd-devel-0:2.4.6-40.el7.x86_64", "7ComputeNode-optional:httpd-manual-0:2.4.6-40.el7.noarch", "7ComputeNode-optional:httpd-tools-0:2.4.6-40.el7.aarch64", "7ComputeNode-optional:httpd-tools-0:2.4.6-40.el7.ppc64", "7ComputeNode-optional:httpd-tools-0:2.4.6-40.el7.ppc64le", "7ComputeNode-optional:httpd-tools-0:2.4.6-40.el7.s390x", "7ComputeNode-optional:httpd-tools-0:2.4.6-40.el7.x86_64", "7ComputeNode-optional:mod_ldap-0:2.4.6-40.el7.aarch64", "7ComputeNode-optional:mod_ldap-0:2.4.6-40.el7.ppc64", "7ComputeNode-optional:mod_ldap-0:2.4.6-40.el7.ppc64le", "7ComputeNode-optional:mod_ldap-0:2.4.6-40.el7.s390x", "7ComputeNode-optional:mod_ldap-0:2.4.6-40.el7.x86_64", "7ComputeNode-optional:mod_proxy_html-1:2.4.6-40.el7.aarch64", "7ComputeNode-optional:mod_proxy_html-1:2.4.6-40.el7.ppc64", "7ComputeNode-optional:mod_proxy_html-1:2.4.6-40.el7.ppc64le", "7ComputeNode-optional:mod_proxy_html-1:2.4.6-40.el7.s390x", "7ComputeNode-optional:mod_proxy_html-1:2.4.6-40.el7.x86_64", "7ComputeNode-optional:mod_session-0:2.4.6-40.el7.aarch64", "7ComputeNode-optional:mod_session-0:2.4.6-40.el7.ppc64", "7ComputeNode-optional:mod_session-0:2.4.6-40.el7.ppc64le", "7ComputeNode-optional:mod_session-0:2.4.6-40.el7.s390x", "7ComputeNode-optional:mod_session-0:2.4.6-40.el7.x86_64", "7ComputeNode-optional:mod_ssl-1:2.4.6-40.el7.aarch64", "7ComputeNode-optional:mod_ssl-1:2.4.6-40.el7.ppc64", "7ComputeNode-optional:mod_ssl-1:2.4.6-40.el7.ppc64le", "7ComputeNode-optional:mod_ssl-1:2.4.6-40.el7.s390x", "7ComputeNode-optional:mod_ssl-1:2.4.6-40.el7.x86_64", "7Server-optional:httpd-0:2.4.6-40.el7.aarch64", "7Server-optional:httpd-0:2.4.6-40.el7.ppc64", "7Server-optional:httpd-0:2.4.6-40.el7.ppc64le", "7Server-optional:httpd-0:2.4.6-40.el7.s390x", "7Server-optional:httpd-0:2.4.6-40.el7.src", "7Server-optional:httpd-0:2.4.6-40.el7.x86_64", "7Server-optional:httpd-debuginfo-0:2.4.6-40.el7.aarch64", "7Server-optional:httpd-debuginfo-0:2.4.6-40.el7.ppc64", "7Server-optional:httpd-debuginfo-0:2.4.6-40.el7.ppc64le", "7Server-optional:httpd-debuginfo-0:2.4.6-40.el7.s390x", "7Server-optional:httpd-debuginfo-0:2.4.6-40.el7.x86_64", "7Server-optional:httpd-devel-0:2.4.6-40.el7.aarch64", "7Server-optional:httpd-devel-0:2.4.6-40.el7.ppc64", "7Server-optional:httpd-devel-0:2.4.6-40.el7.ppc64le", "7Server-optional:httpd-devel-0:2.4.6-40.el7.s390x", "7Server-optional:httpd-devel-0:2.4.6-40.el7.x86_64", "7Server-optional:httpd-manual-0:2.4.6-40.el7.noarch", "7Server-optional:httpd-tools-0:2.4.6-40.el7.aarch64", "7Server-optional:httpd-tools-0:2.4.6-40.el7.ppc64", "7Server-optional:httpd-tools-0:2.4.6-40.el7.ppc64le", "7Server-optional:httpd-tools-0:2.4.6-40.el7.s390x", "7Server-optional:httpd-tools-0:2.4.6-40.el7.x86_64", "7Server-optional:mod_ldap-0:2.4.6-40.el7.aarch64", "7Server-optional:mod_ldap-0:2.4.6-40.el7.ppc64", "7Server-optional:mod_ldap-0:2.4.6-40.el7.ppc64le", "7Server-optional:mod_ldap-0:2.4.6-40.el7.s390x", "7Server-optional:mod_ldap-0:2.4.6-40.el7.x86_64", "7Server-optional:mod_proxy_html-1:2.4.6-40.el7.aarch64", "7Server-optional:mod_proxy_html-1:2.4.6-40.el7.ppc64", "7Server-optional:mod_proxy_html-1:2.4.6-40.el7.ppc64le", "7Server-optional:mod_proxy_html-1:2.4.6-40.el7.s390x", "7Server-optional:mod_proxy_html-1:2.4.6-40.el7.x86_64", "7Server-optional:mod_session-0:2.4.6-40.el7.aarch64", "7Server-optional:mod_session-0:2.4.6-40.el7.ppc64", "7Server-optional:mod_session-0:2.4.6-40.el7.ppc64le", "7Server-optional:mod_session-0:2.4.6-40.el7.s390x", "7Server-optional:mod_session-0:2.4.6-40.el7.x86_64", "7Server-optional:mod_ssl-1:2.4.6-40.el7.aarch64", "7Server-optional:mod_ssl-1:2.4.6-40.el7.ppc64", "7Server-optional:mod_ssl-1:2.4.6-40.el7.ppc64le", "7Server-optional:mod_ssl-1:2.4.6-40.el7.s390x", "7Server-optional:mod_ssl-1:2.4.6-40.el7.x86_64", "7Server:httpd-0:2.4.6-40.el7.aarch64", "7Server:httpd-0:2.4.6-40.el7.ppc64", "7Server:httpd-0:2.4.6-40.el7.ppc64le", "7Server:httpd-0:2.4.6-40.el7.s390x", "7Server:httpd-0:2.4.6-40.el7.src", "7Server:httpd-0:2.4.6-40.el7.x86_64", "7Server:httpd-debuginfo-0:2.4.6-40.el7.aarch64", "7Server:httpd-debuginfo-0:2.4.6-40.el7.ppc64", "7Server:httpd-debuginfo-0:2.4.6-40.el7.ppc64le", "7Server:httpd-debuginfo-0:2.4.6-40.el7.s390x", "7Server:httpd-debuginfo-0:2.4.6-40.el7.x86_64", "7Server:httpd-devel-0:2.4.6-40.el7.aarch64", "7Server:httpd-devel-0:2.4.6-40.el7.ppc64", "7Server:httpd-devel-0:2.4.6-40.el7.ppc64le", "7Server:httpd-devel-0:2.4.6-40.el7.s390x", "7Server:httpd-devel-0:2.4.6-40.el7.x86_64", "7Server:httpd-manual-0:2.4.6-40.el7.noarch", "7Server:httpd-tools-0:2.4.6-40.el7.aarch64", "7Server:httpd-tools-0:2.4.6-40.el7.ppc64", "7Server:httpd-tools-0:2.4.6-40.el7.ppc64le", "7Server:httpd-tools-0:2.4.6-40.el7.s390x", "7Server:httpd-tools-0:2.4.6-40.el7.x86_64", "7Server:mod_ldap-0:2.4.6-40.el7.aarch64", "7Server:mod_ldap-0:2.4.6-40.el7.ppc64", "7Server:mod_ldap-0:2.4.6-40.el7.ppc64le", "7Server:mod_ldap-0:2.4.6-40.el7.s390x", "7Server:mod_ldap-0:2.4.6-40.el7.x86_64", "7Server:mod_proxy_html-1:2.4.6-40.el7.aarch64", "7Server:mod_proxy_html-1:2.4.6-40.el7.ppc64", "7Server:mod_proxy_html-1:2.4.6-40.el7.ppc64le", "7Server:mod_proxy_html-1:2.4.6-40.el7.s390x", "7Server:mod_proxy_html-1:2.4.6-40.el7.x86_64", "7Server:mod_session-0:2.4.6-40.el7.aarch64", "7Server:mod_session-0:2.4.6-40.el7.ppc64", "7Server:mod_session-0:2.4.6-40.el7.ppc64le", "7Server:mod_session-0:2.4.6-40.el7.s390x", "7Server:mod_session-0:2.4.6-40.el7.x86_64", "7Server:mod_ssl-1:2.4.6-40.el7.aarch64", "7Server:mod_ssl-1:2.4.6-40.el7.ppc64", "7Server:mod_ssl-1:2.4.6-40.el7.ppc64le", "7Server:mod_ssl-1:2.4.6-40.el7.s390x", "7Server:mod_ssl-1:2.4.6-40.el7.x86_64", "7Workstation-optional:httpd-0:2.4.6-40.el7.aarch64", "7Workstation-optional:httpd-0:2.4.6-40.el7.ppc64", "7Workstation-optional:httpd-0:2.4.6-40.el7.ppc64le", "7Workstation-optional:httpd-0:2.4.6-40.el7.s390x", "7Workstation-optional:httpd-0:2.4.6-40.el7.src", "7Workstation-optional:httpd-0:2.4.6-40.el7.x86_64", "7Workstation-optional:httpd-debuginfo-0:2.4.6-40.el7.aarch64", "7Workstation-optional:httpd-debuginfo-0:2.4.6-40.el7.ppc64", "7Workstation-optional:httpd-debuginfo-0:2.4.6-40.el7.ppc64le", "7Workstation-optional:httpd-debuginfo-0:2.4.6-40.el7.s390x", "7Workstation-optional:httpd-debuginfo-0:2.4.6-40.el7.x86_64", "7Workstation-optional:httpd-devel-0:2.4.6-40.el7.aarch64", "7Workstation-optional:httpd-devel-0:2.4.6-40.el7.ppc64", "7Workstation-optional:httpd-devel-0:2.4.6-40.el7.ppc64le", "7Workstation-optional:httpd-devel-0:2.4.6-40.el7.s390x", "7Workstation-optional:httpd-devel-0:2.4.6-40.el7.x86_64", "7Workstation-optional:httpd-manual-0:2.4.6-40.el7.noarch", "7Workstation-optional:httpd-tools-0:2.4.6-40.el7.aarch64", "7Workstation-optional:httpd-tools-0:2.4.6-40.el7.ppc64", "7Workstation-optional:httpd-tools-0:2.4.6-40.el7.ppc64le", "7Workstation-optional:httpd-tools-0:2.4.6-40.el7.s390x", "7Workstation-optional:httpd-tools-0:2.4.6-40.el7.x86_64", "7Workstation-optional:mod_ldap-0:2.4.6-40.el7.aarch64", "7Workstation-optional:mod_ldap-0:2.4.6-40.el7.ppc64", "7Workstation-optional:mod_ldap-0:2.4.6-40.el7.ppc64le", "7Workstation-optional:mod_ldap-0:2.4.6-40.el7.s390x", "7Workstation-optional:mod_ldap-0:2.4.6-40.el7.x86_64", "7Workstation-optional:mod_proxy_html-1:2.4.6-40.el7.aarch64", "7Workstation-optional:mod_proxy_html-1:2.4.6-40.el7.ppc64", "7Workstation-optional:mod_proxy_html-1:2.4.6-40.el7.ppc64le", "7Workstation-optional:mod_proxy_html-1:2.4.6-40.el7.s390x", "7Workstation-optional:mod_proxy_html-1:2.4.6-40.el7.x86_64", "7Workstation-optional:mod_session-0:2.4.6-40.el7.aarch64", "7Workstation-optional:mod_session-0:2.4.6-40.el7.ppc64", "7Workstation-optional:mod_session-0:2.4.6-40.el7.ppc64le", "7Workstation-optional:mod_session-0:2.4.6-40.el7.s390x", "7Workstation-optional:mod_session-0:2.4.6-40.el7.x86_64", "7Workstation-optional:mod_ssl-1:2.4.6-40.el7.aarch64", "7Workstation-optional:mod_ssl-1:2.4.6-40.el7.ppc64", "7Workstation-optional:mod_ssl-1:2.4.6-40.el7.ppc64le", "7Workstation-optional:mod_ssl-1:2.4.6-40.el7.s390x", "7Workstation-optional:mod_ssl-1:2.4.6-40.el7.x86_64", "7Workstation:httpd-0:2.4.6-40.el7.aarch64", "7Workstation:httpd-0:2.4.6-40.el7.ppc64", "7Workstation:httpd-0:2.4.6-40.el7.ppc64le", "7Workstation:httpd-0:2.4.6-40.el7.s390x", "7Workstation:httpd-0:2.4.6-40.el7.src", "7Workstation:httpd-0:2.4.6-40.el7.x86_64", "7Workstation:httpd-debuginfo-0:2.4.6-40.el7.aarch64", "7Workstation:httpd-debuginfo-0:2.4.6-40.el7.ppc64", "7Workstation:httpd-debuginfo-0:2.4.6-40.el7.ppc64le", "7Workstation:httpd-debuginfo-0:2.4.6-40.el7.s390x", "7Workstation:httpd-debuginfo-0:2.4.6-40.el7.x86_64", "7Workstation:httpd-devel-0:2.4.6-40.el7.aarch64", "7Workstation:httpd-devel-0:2.4.6-40.el7.ppc64", "7Workstation:httpd-devel-0:2.4.6-40.el7.ppc64le", "7Workstation:httpd-devel-0:2.4.6-40.el7.s390x", "7Workstation:httpd-devel-0:2.4.6-40.el7.x86_64", "7Workstation:httpd-manual-0:2.4.6-40.el7.noarch", "7Workstation:httpd-tools-0:2.4.6-40.el7.aarch64", "7Workstation:httpd-tools-0:2.4.6-40.el7.ppc64", "7Workstation:httpd-tools-0:2.4.6-40.el7.ppc64le", "7Workstation:httpd-tools-0:2.4.6-40.el7.s390x", "7Workstation:httpd-tools-0:2.4.6-40.el7.x86_64", "7Workstation:mod_ldap-0:2.4.6-40.el7.aarch64", "7Workstation:mod_ldap-0:2.4.6-40.el7.ppc64", "7Workstation:mod_ldap-0:2.4.6-40.el7.ppc64le", "7Workstation:mod_ldap-0:2.4.6-40.el7.s390x", "7Workstation:mod_ldap-0:2.4.6-40.el7.x86_64", "7Workstation:mod_proxy_html-1:2.4.6-40.el7.aarch64", "7Workstation:mod_proxy_html-1:2.4.6-40.el7.ppc64", "7Workstation:mod_proxy_html-1:2.4.6-40.el7.ppc64le", "7Workstation:mod_proxy_html-1:2.4.6-40.el7.s390x", "7Workstation:mod_proxy_html-1:2.4.6-40.el7.x86_64", "7Workstation:mod_session-0:2.4.6-40.el7.aarch64", "7Workstation:mod_session-0:2.4.6-40.el7.ppc64", "7Workstation:mod_session-0:2.4.6-40.el7.ppc64le", "7Workstation:mod_session-0:2.4.6-40.el7.s390x", "7Workstation:mod_session-0:2.4.6-40.el7.x86_64", "7Workstation:mod_ssl-1:2.4.6-40.el7.aarch64", "7Workstation:mod_ssl-1:2.4.6-40.el7.ppc64", "7Workstation:mod_ssl-1:2.4.6-40.el7.ppc64le", "7Workstation:mod_ssl-1:2.4.6-40.el7.s390x", "7Workstation:mod_ssl-1:2.4.6-40.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: IP address spoofing when proxying using mod_remoteip and mod_rewrite" } ] }
gsd-2020-11985
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2020-11985", "description": "IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020.", "id": "GSD-2020-11985", "references": [ "https://www.suse.com/security/cve/CVE-2020-11985.html", "https://access.redhat.com/errata/RHSA-2017:1161", "https://access.redhat.com/errata/RHBA-2015:2194" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2020-11985" ], "details": "IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020.", "id": "GSD-2020-11985", "modified": "2023-12-13T01:22:05.262039Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2020-11985", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache HTTP Server", "version": { "version_data": [ { "version_value": "2.4.1 to 2.4.23" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-345: Insufficient verification of data authenticity" } ] } ] }, "references": { "reference_data": [ { "name": "https://httpd.apache.org/security/vulnerabilities_24.html", "refsource": "MISC", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "name": "GLSA-202008-04", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202008-04" }, { "name": "FEDORA-2020-189a1e6c3e", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/" }, { "name": "FEDORA-2020-0d3d3f5072", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/" }, { "name": "https://www.oracle.com/security-alerts/cpujan2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "name": "https://security.netapp.com/advisory/ntap-20200827-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200827-0002/" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [13/13] - /httpd/site/trunk/content/security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [13/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.4.23", "versionStartIncluding": "2.4.1", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2020-11985" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-345" } ] } ] }, "references": { "reference_data": [ { "name": "https://httpd.apache.org/security/vulnerabilities_24.html", "refsource": "MISC", "tags": [ "Vendor Advisory" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "name": "GLSA-202008-04", "refsource": "GENTOO", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202008-04" }, { "name": "https://security.netapp.com/advisory/ntap-20200827-0002/", "refsource": "CONFIRM", "tags": [], "url": "https://security.netapp.com/advisory/ntap-20200827-0002/" }, { "name": "FEDORA-2020-189a1e6c3e", "refsource": "FEDORA", "tags": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/" }, { "name": "FEDORA-2020-0d3d3f5072", "refsource": "FEDORA", "tags": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/" }, { "name": "https://www.oracle.com/security-alerts/cpujan2021.html", "refsource": "MISC", "tags": [], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [13/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [13/13] - /httpd/site/trunk/content/security/json/", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 1.4 } }, "lastModifiedDate": "2021-06-06T11:15Z", "publishedDate": "2020-08-07T16:15Z" } } }
ghsa-39vm-h38v-j867
Vulnerability from github
Published
2022-05-24 17:25
Modified
2022-05-24 17:25
Details
IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020.
{ "affected": [], "aliases": [ "CVE-2020-11985" ], "database_specific": { "cwe_ids": [ "CWE-345" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2020-08-07T16:15:00Z", "severity": "MODERATE" }, "details": "IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020.", "id": "GHSA-39vm-h38v-j867", "modified": "2022-05-24T17:25:02Z", "published": "2022-05-24T17:25:02Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11985" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "type": "WEB", "url": "https://security.netapp.com/advisory/ntap-20200827-0002" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/202008-04" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "schema_version": "1.4.0", "severity": [] }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.